Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report mp3rocket.exe

Overview

General Information

Sample Name:mp3rocket.exe
Analysis ID:339196
MD5:a9fbd79c820e2878c052161afe97d274
SHA1:6b329f9a85e1dc4cb169e7321a46b39337e68007
SHA256:a507d6b4f120b63e1dc0bdd6d76a9d89877c7a21e320b5873224d7ca0a951a8a

Most interesting Screenshot:

Detection

Score:28
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Allocates memory with a write watch (potentially for evading sandboxes)
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook
Sample searches for specific file, try point organization specific fake files to the analysis machine
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Startup

  • System is w10x64
  • mp3rocket.exe (PID: 6568 cmdline: 'C:\Users\user\Desktop\mp3rocket.exe' MD5: A9FBD79C820E2878C052161AFE97D274)
    • AskInstaller.exe (PID: 6772 cmdline: AskInstaller.exe -b -pid MP3R7 -di 120 MD5: 93B06056604F3227AB2E1392F250DF32)
      • AskInstaller.exe (PID: 6904 cmdline: 'C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe' -b -pid MP3R7 -di 120 -se MD5: 93B06056604F3227AB2E1392F250DF32)
      • iexplore.exe (PID: 6452 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' http://about.ask.com/en/docs/about/ask_eula.shtml MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
        • iexplore.exe (PID: 6040 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 5960 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17412 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 7084 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17414 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 6252 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17416 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 4740 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17420 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 5416 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17424 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 6056 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17428 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 4112 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17432 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 1388 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17436 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 4496 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17440 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 5848 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17446 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 5944 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17452 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
        • iexplore.exe (PID: 5464 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17458 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeReversingLabs: Detection: 15%
Multi AV Scanner detection for submitted fileShow sources
Source: mp3rocket.exeReversingLabs: Detection: 17%
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_0135B9B7 __EH_prolog3,lstrlenW,CryptQueryObject,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,CryptMsgGetParam,CertFindCertificateInStore,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,LocalFree,5_2_0135B9B7
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_0135BBA8 __EH_prolog3,lstrcmpA,CryptDecodeObject,LocalAlloc,CryptDecodeObject,LocalFree,5_2_0135BBA8
Source: mp3rocket.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: unknownHTTPS traffic detected: 35.244.253.184:443 -> 192.168.2.7:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49810 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49809 version: TLS 1.2
Source: Binary string: C:\hudson\jobs\PIP2.0_Installer\workspace\release\AskInstaller_1_.pdb source: mp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmp, AskInstaller.exe, 00000003.00000000.256711522.000000000139C000.00000002.00020000.sdmp, AskInstaller.exe, 00000005.00000000.259267416.000000000139C000.00000002.00020000.sdmp, AskInstaller.exe.0.dr
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_0135C298 PathFileExistsW,_memset,wsprintfW,FindFirstFileW,StrCmpW,StrCmpW,StrCmpW,_wcslen,_wcslen,RemoveDirectoryW,wsprintfW,DeleteFileW,FindNextFileW,FindClose,3_2_0135C298
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_0135C298 PathFileExistsW,_memset,wsprintfW,FindFirstFileW,StrCmpW,StrCmpW,StrCmpW,_wcslen,_wcslen,RemoveDirectoryW,wsprintfW,DeleteFileW,FindNextFileW,FindClose,5_2_0135C298
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_01324760 GetLogicalDriveStringsW,GetDriveTypeW,GetDriveTypeW,GetDiskFreeSpaceExW,GetDriveTypeW,_wcslen,3_2_01324760
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile opened: C:\Users\user\AppData\Local\Temp\apn_pip_localJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile opened: C:\Users\user\AppData\Local\Temp\apn_pip_local\rules.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: Joe Sandbox ViewIP Address: 35.244.183.133 35.244.183.133
Source: Joe Sandbox ViewIP Address: 35.244.183.133 35.244.183.133
Source: Joe Sandbox ViewIP Address: 151.101.2.114 151.101.2.114
Source: Joe Sandbox ViewIP Address: 151.101.2.114 151.101.2.114
Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_01353D9C recvfrom,WSAGetLastError,3_2_01353D9C
Source: global trafficHTTP traffic detected: GET /PIP/Server.jhtml?partner_id=MP3R7&language=en&version=2.6.9.1 HTTP/1.1User-Agent: APNPIPHost: pipoffers.apnpartners.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: APNPIPHost: errdocs.zwinky.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /en/docs/about/ask_eula.shtml HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: about.ask.comConnection: Keep-Alive
Source: AskInstaller.exe, 00000005.00000003.264057037.0000000003A28000.00000004.00000001.sdmpString found in binary or memory: <div class=" fb_reset" id="fb-root"><div style="position: absolute; top: -10000px; height: 0pt; width: 0pt;"></div></div><fb:like class=" fb_edge_widget_with_comment fb_iframe_widget" href="https://www.facebook.com/MindsparkGames" send="true" layout="button_count" width="120" show_faces="true" font=""></fb:like> equals www.facebook.com (Facebook)
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
Source: unknownDNS traffic detected: queries for: pipoffers.apnpartners.com
Source: mp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmp, AskInstaller.exe, 00000003.00000000.256711522.000000000139C000.00000002.00020000.sdmp, AskInstaller.exe, 00000005.00000000.259267416.000000000139C000.00000002.00020000.sdmp, AskInstaller.exe.0.drString found in binary or memory: http://MessageAndExit()...Message
Source: AskInstaller.exe, 00000003.00000002.1671526702.0000000000CD2000.00000004.00000020.sdmpString found in binary or memory: http://about.ask.cm/en/docs/about/ask_eula.shtml
Source: AskInstaller.exe, 00000003.00000002.1677722087.00000000034B0000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.co
Source: AskInstaller.exe.0.drString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtml
Source: AskInstaller.exe, 00000003.00000002.1685781944.0000000008330000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtml.
Source: AskInstaller.exe, 00000003.00000002.1685781944.0000000008330000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtml/
Source: AskInstaller.exe, 00000003.00000002.1685781944.0000000008330000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtml:
Source: AskInstaller.exe, 00000003.00000002.1685781944.0000000008330000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlB
Source: AskInstaller.exe, 00000003.00000002.1670531267.0000000000AD5000.00000004.00000020.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlC:
Source: AskInstaller.exe, 00000003.00000002.1685781944.0000000008330000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlE
Source: AskInstaller.exe, 00000003.00000002.1685781944.0000000008330000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlI
Source: AskInstaller.exe, 00000003.00000002.1671526702.0000000000CD2000.00000004.00000020.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlP
Source: {02EC3568-5606-11EB-90E6-ECF4BB82F7E0}.dat.12.drString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlRoot
Source: AskInstaller.exe, 00000003.00000002.1685781944.0000000008330000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlc
Source: AskInstaller.exe, 00000003.00000002.1671472332.0000000000CC4000.00000004.00000020.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmld:
Source: AskInstaller.exe, 00000003.00000002.1677722087.00000000034B0000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmle
Source: AskInstaller.exe, 00000003.00000002.1685876848.0000000008352000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlg
Source: AskInstaller.exe, 00000003.00000002.1685781944.0000000008330000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmll
Source: AskInstaller.exe, 00000003.00000002.1677722087.00000000034B0000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlntsb=MP3R
Source: AskInstaller.exe, 00000003.00000002.1677722087.00000000034B0000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlor
Source: AskInstaller.exe, 00000003.00000002.1685781944.0000000008330000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlr
Source: AskInstaller.exe, 00000003.00000002.1685781944.0000000008330000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmls
Source: AskInstaller.exe, 00000003.00000002.1671526702.0000000000CD2000.00000004.00000020.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlt
Source: AskInstaller.exe, 00000003.00000002.1685781944.0000000008330000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmltm
Source: AskInstaller.exe, 00000003.00000002.1685781944.0000000008330000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmltmU
Source: AskInstaller.exe, 00000003.00000002.1685781944.0000000008330000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmltmr
Source: AskInstaller.exe, 00000003.00000002.1671526702.0000000000CD2000.00000004.00000020.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlu
Source: AskInstaller.exe, 00000003.00000002.1685781944.0000000008330000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlv
Source: AskInstaller.exe.0.drString found in binary or memory: http://about.ask.com/en/docs/about/privacy.shtml
Source: AskInstaller.exe, 00000003.00000002.1677722087.00000000034B0000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/privacy.shtml)
Source: AskInstaller.exe, 00000003.00000002.1671472332.0000000000CC4000.00000004.00000020.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/privacy.shtmlP9
Source: AskInstaller.exe, 00000003.00000002.1677722087.00000000034B0000.00000004.00000001.sdmpString found in binary or memory: http://about.ask.com/en/docs/about/privacy.shtmlyperlink
Source: mp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmp, AskInstaller.exe, 00000003.00000000.256711522.000000000139C000.00000002.00020000.sdmp, AskInstaller.exe, 00000005.00000000.259267416.000000000139C000.00000002.00020000.sdmp, AskInstaller.exe.0.drString found in binary or memory: http://ak.pipoffers.apnpartners.com/static/partners/
Source: AskInstaller.exe, 00000005.00000002.268876299.0000000002CE6000.00000004.00000040.sdmpString found in binary or memory: http://ak.pipoffers.apnpartners.com/static/partners/MP3R7/APNAnalytics.xmls.xml
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://amazon.fr/
Source: AskInstaller.exe.0.drString found in binary or memory: http://apnmedia.ask.com/media/toolbar/everest/6.2.0/APNSetup.exe
Source: AskInstaller.exe, 00000003.00000002.1677722087.00000000034B0000.00000004.00000001.sdmpString found in binary or memory: http://apnmedia.ask.com/media/toolbar/everest/6.2.0/APNSetup.exeng
Source: AskInstaller.exe, 00000003.00000002.1677722087.00000000034B0000.00000004.00000001.sdmpString found in binary or memory: http://apnmedia.ask.com/media/toolbar/everest/6.2.0/APNSetup.exestring
Source: AskInstaller.exe, 00000003.00000002.1677722087.00000000034B0000.00000004.00000001.sdmpString found in binary or memory: http://apnmedia.ask.com/media/toolbar/everest/6.2.0/APNSetup.exew
Source: AskInstaller.exe.0.drString found in binary or memory: http://apnmedia.ask.com/media/toolbar/supertoolbar/apnpartners/MP3R7/stub2.0/5.2.1.0/ApnStub.exe
Source: AskInstaller.exe, 00000003.00000002.1677722087.00000000034B0000.00000004.00000001.sdmpString found in binary or memory: http://apnmedia.ask.com/media/toolbar/supertoolbar/apnpartners/MP3R7/stub2.0/5.2.1.0/ApnStub.exeing
Source: AskInstaller.exe, 00000003.00000002.1673927272.0000000002B06000.00000004.00000040.sdmpString found in binary or memory: http://apnmedia.ask.com/media/toolbar/supertoolbar/apnpartners/MP3R7/stub2.0/5.2.1.0/ApnStub.exetb=M
Source: AskInstaller.exe, 00000003.00000002.1673927272.0000000002B06000.00000004.00000040.sdmpString found in binary or memory: http://apnmedia.ask.com/media/toolbar/supertoolbar/apnpartners/MP3R7/stub2.0/5.2.1.0/ApnStub.exey
Source: mp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmp, AskInstaller.exe, 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp, AskInstaller.exe, 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp, AskInstaller.exe.0.drString found in binary or memory: http://apnpip.ask.com/PIP/partners/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://busca.orange.es/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://cnet.search.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
Source: mp3rocket.exe, 00000000.00000002.1669156311.000000000019A000.00000004.00000001.sdmp, nsx2FD0.tmp.0.drString found in binary or memory: http://creativecommons.org/licenses/by-nc-sa/2.0/
Source: mp3rocket.exeString found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
Source: mp3rocket.exeString found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://es.ask.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
Source: AskInstaller.exe, 00000005.00000003.267610557.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267652245.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://eula.mindspark.com/eula/#Privacy
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267624177.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://eula.mindspark.com/privacypolicy/
Source: AskInstaller.exe, 00000005.00000003.267601632.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://eula.mindspark.com/tos/
Source: mp3rocket.exe, 00000000.00000002.1669156311.000000000019A000.00000004.00000001.sdmp, nsx2FD0.tmp.0.drString found in binary or memory: http://ffmpeg.org.
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://find.joins.com/
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
Source: mp3rocket.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: mp3rocket.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
Source: mp3rocket.exeString found in binary or memory: http://ocsp.thawte.com0
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
Source: AskInstaller.exe.0.dr, APNAnalytics[1].xml.5.drString found in binary or memory: http://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://rover.ebay.com
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.about.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.in/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.auone.jp/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.de/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.es/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.in/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.it/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.interpark.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.nate.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.nifty.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.sify.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search.yam.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
Source: mp3rocket.exe, 00000000.00000002.1675378887.00000000029A7000.00000004.00000001.sdmp, AskInstaller.exe.0.drString found in binary or memory: http://sp.ask.com/en/docs/about/terms_of_service.shtml0
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://suche.aol.de/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://support.mindspark.com/
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://support.mindspark.com/MSArticle?recid=kA31a000000LwiP
Source: AskInstaller.exe, 00000005.00000003.267610557.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://support.mindspark.com/ics/support/ticketnewwizard.asp?style=classic
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://web.ask.com/
Source: mp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmp, AskInstaller.exe, 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp, AskInstaller.exe, 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp, AskInstaller.exe.0.drString found in binary or memory: http://www.163.com
Source: mp3rocket.exe, 00000000.00000002.1669156311.000000000019A000.00000004.00000001.sdmp, nsx2FD0.tmp.0.drString found in binary or memory: http://www.MP3Rocket.me/license.htm
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
Source: mp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmp, nsx2FD0.tmp.0.drString found in binary or memory: http://www.allcoolmusic.com/jre/jre-6u1-windows-i586-p-s.exe
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.de/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.ask.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.docUrl.com/bar.htm
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: AskInstaller.exe, 00000005.00000003.264057037.0000000003A28000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267512805.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com
Source: AskInstaller.exe, 00000005.00000003.264057037.0000000003A28000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/
Source: AskInstaller.exe, 00000005.00000003.267283193.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games
Source: AskInstaller.exe, 00000005.00000003.267356751.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/action/flappy-bird-multiplayer
Source: AskInstaller.exe, 00000005.00000003.267342893.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/action/flappy-sheep-multiplayer
Source: AskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/2048-threes
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/algerian-solitaire
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/best-classic-mahjong-connect
Source: AskInstaller.exe, 00000005.00000003.267425232.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/best-classic-solitaire
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/best-classic-spider-solitaire
Source: AskInstaller.exe, 00000005.00000003.266970111.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/brain-games-chess
Source: AskInstaller.exe, 00000005.00000003.267336554.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/chess-challenges
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/daily-mahjong
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/daily-solitaire
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/daily-sudoku
Source: AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/fairway-solitaire
Source: AskInstaller.exe, 00000005.00000003.267336554.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/forest-frog-mahjong
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/magic-card-saga
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/mahjong-3d
Source: AskInstaller.exe, 00000005.00000003.267173567.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/mahjongg-investigation-_-under-suspicion
Source: AskInstaller.exe, 00000005.00000003.266802803.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/monkey-money
Source: AskInstaller.exe, 00000005.00000003.267173567.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/mosaics-galore
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/neon-checkers
Source: AskInstaller.exe, 00000005.00000003.266802803.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/seven-seas-solitaire
Source: AskInstaller.exe, 00000005.00000003.266642299.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/slingo-quest
Source: AskInstaller.exe, 00000005.00000003.266802803.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/slingo-supreme
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/solitaire
Source: AskInstaller.exe, 00000005.00000003.267296505.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267533895.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/solitaire-daily-challenge
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/solitaire-quest
Source: AskInstaller.exe, 00000005.00000003.267288685.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/solitaire-tripeaks
Source: AskInstaller.exe, 00000005.00000003.267201633.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267489968.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/space-mahjong
Source: AskInstaller.exe, 00000005.00000003.267221165.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/spooky-mahjong
Source: AskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/sudoku-blitz
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/sweet-candy-kingdom
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/sweety-mahjong
Source: AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/the-80s-game-with-martha-quinn
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/tic-tac-toe-html5
Source: AskInstaller.exe, 00000005.00000003.264205791.0000000003A2F000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/two-player-checkers
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/card-and-board/ultimate-sudoku
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/dress-up/a-day-at-the-park
Source: AskInstaller.exe, 00000005.00000003.267342893.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/dress-up/make_up-artist
Source: AskInstaller.exe, 00000005.00000003.264402612.0000000003A67000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/dress-up/minions-lab
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/dress-up/room-makeover-_-maries-girl-games
Source: AskInstaller.exe, 00000005.00000003.267342893.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/dress-up/shoe-designer-_-maries-girl-games
Source: AskInstaller.exe, 00000005.00000003.267342893.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/dress-up/spa-salon
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/dress-up/take-me-out
Source: AskInstaller.exe, 00000005.00000003.266978236.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/free-casino/battle-slots
Source: AskInstaller.exe, 00000005.00000003.266480045.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/free-casino/big-fish-games-texas-holdem
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/free-casino/blackjack
Source: AskInstaller.exe, 00000005.00000003.266978236.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/free-casino/dolphin-dice-slots
Source: AskInstaller.exe, 00000005.00000003.266995069.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/free-casino/igt-slots-kitty-glitter
Source: AskInstaller.exe, 00000005.00000003.266970111.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/free-casino/poker-for-dummies
Source: AskInstaller.exe, 00000005.00000003.266642299.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/free-casino/vegas-penny-slots
Source: AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/free-casino/vegas-penny-slots-3
Source: AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/multiplayer/empire-world-war-3
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/multiplayer/flappy-sheep-multiplayer
Source: AskInstaller.exe, 00000005.00000003.267489968.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/pu
Source: AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/pugames/pu
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/2248
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/add-the-numbers
Source: AskInstaller.exe, 00000005.00000003.267323034.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/aqua-blitz-2
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/bubble-monsters
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/bubble-shooter-candy
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/candy-mahjong
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/color-element
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/howdy-christmas
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/icy-purple-head-2
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/jewels-blitz-3
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/jungle-jewels
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/pet-pop-connect
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/puzzle-world
Source: AskInstaller.exe, 00000005.00000003.267323034.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/the-green-mission-inside-a-cave
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/tiny-garden
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzle/toy-factory
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/10x10
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/10x10-arabian-nights
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/10x10-classic
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/10x10-hawaii
Source: AskInstaller.exe, 00000005.00000003.267296505.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267533895.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/10x10-shades-of-grey
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/11x11-bloxx
Source: AskInstaller.exe, 00000005.00000003.267283193.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/2020-plus
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/2020-reloaded
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/2020-tetra
Source: AskInstaller.exe, 00000005.00000003.267296505.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267533895.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/360-connect
Source: AskInstaller.exe, 00000005.00000003.266995069.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/7-wonders-tr
Source: AskInstaller.exe, 00000005.00000003.267004023.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/7-wonders-tr9
Source: AskInstaller.exe, 00000005.00000003.266995069.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/7-wonders-treasures-of-seven
Source: AskInstaller.exe, 00000005.00000003.266995069.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/7-wonders-trnders-tr
Source: AskInstaller.exe, 00000005.00000003.266995069.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/7-wonders-trw
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/airport
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/alchemist-lab
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/animal-connection
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/apple-blast
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/aquablitz
Source: AskInstaller.exe, 00000005.00000003.266480045.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.266372890.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.266642299.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/aveyond
Source: AskInstaller.exe, 00000005.00000003.267105652.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/azada
Source: AskInstaller.exe, 00000005.00000003.267105652.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/azada-ancient-magic
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/badland
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/battle-monster
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/belles-beauty-boutique
Source: AskInstaller.exe, 00000005.00000003.266372890.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/big-farm
Source: AskInstaller.exe, 00000005.00000003.267013104.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/birds-town
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/brain-doctor
Source: AskInstaller.exe, 00000005.00000003.267092290.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/brain-training-for-dummies
Source: AskInstaller.exe, 00000005.00000003.267105652.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/brainiversity
Source: AskInstaller.exe, 00000005.00000003.267092290.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/brainiversity-2
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/bread-delicious
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/bubble-academy
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/bubble-charms
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/bubble-charms-2
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/bubble-hero-3d
Source: AskInstaller.exe, 00000005.00000003.267283193.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/bubble-shooter-free
Source: AskInstaller.exe, 00000005.00000003.267296505.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267533895.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/bubble-shooter-pro
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/bubble-shooter-saga
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267444722.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/bubbles-shooter
Source: AskInstaller.exe, 00000005.00000003.265606957.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/burger-story
Source: AskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/candy-rain
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/candy-rain-3
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/candy-slide
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/catch-the-apple
Source: AskInstaller.exe, 00000005.00000003.267013104.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/celtic-lore-sidhe-hills
Source: AskInstaller.exe, 00000005.00000003.267120960.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/classic-adventures-the-great-gatsby
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/click-snowball-fight
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267444722.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/collapse-blast
Source: AskInstaller.exe, 00000005.00000003.267425232.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/color-blocks
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/cookie-connect-extra
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/cookie-crush-2
Source: AskInstaller.exe, 00000005.00000003.267041717.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267028117.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/cooking-academy
Source: AskInstaller.exe, 00000005.00000003.267041717.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/cooking-academy-2-world-cuisine
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/cowboy-vs-martians
Source: AskInstaller.exe, 00000005.00000003.267041717.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/cradle-of-rome
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/crazy-birds-2
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/crazy-switch-color
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/cut-the-rope-experiments
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/cut-the-rope-magic
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/cut-the-rope-time-travel
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/delicious-_-emilys-cook-and-go
Source: AskInstaller.exe, 00000005.00000003.265574643.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/delicious-_-emilys-home-sweet-home
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/delicious-_-emilys-hopes-and-fears
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/delicious-_-emilys-new-beginning
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/delicious-_-emilys-new-beginning-christmas
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/discolors
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267444722.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/doctor-teeth
Source: AskInstaller.exe, 00000005.00000003.267425232.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/dont-touch-the-red
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/fabulous-_-angelas-fashion-fever
Source: AskInstaller.exe, 00000005.00000003.265679077.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/farm-craft-2
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/farm-fever
Source: AskInstaller.exe, 00000005.00000003.265679077.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/farm-mania-2
Source: AskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/farm-puzzle-story-2
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/fish-resort
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267444722.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/flappy-wow
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/forest-match
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/fox-adventurer
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/fruita-swipe
Source: AskInstaller.exe, 00000005.00000003.267356751.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/galaga-special-edition
Source: AskInstaller.exe, 00000005.00000003.267323034.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267533895.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/garden-tales
Source: AskInstaller.exe, 00000005.00000003.267251451.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/go-chicken-go
Source: AskInstaller.exe, 00000005.00000003.265509692.0000000003AC2000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267512805.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267533895.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/god-of-light
Source: AskInstaller.exe, 00000005.00000003.265509692.0000000003AC2000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267533895.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/goodgame-empire
Source: AskInstaller.exe, 00000005.00000003.265606957.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/hearts-medicine-_-time-to-heal
Source: AskInstaller.exe, 00000005.00000003.267251451.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/helix-blitz
Source: AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/heroes-from-the-past-joan-of-arc
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/hexa-fever
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/hexa-fever-2
Source: AskInstaller.exe, 00000005.00000003.267041717.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/hidden-expedition-everest
Source: AskInstaller.exe, 00000005.00000003.267127731.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/hidden-expedition-titanic
Source: AskInstaller.exe, 00000005.00000003.267127731.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/hidden-secrets-the-nightmare
Source: AskInstaller.exe, 00000005.00000003.267127731.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/hidden-wonders-of-the-depths
Source: AskInstaller.exe, 00000005.00000003.267141701.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/hide-and-secret
Source: AskInstaller.exe, 00000005.00000003.265679077.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/home-sweet-home
Source: AskInstaller.exe, 00000005.00000003.265731460.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/hotel-mogul
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/howdy-farm
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/iceberg
Source: AskInstaller.exe, 00000005.00000003.265731460.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/janes-hotel-family-hero
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267444722.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/jelly-bomb
Source: AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/jessicas-cupcake-cafe
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/jewel-academy
Source: AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/jewel-match-2
Source: AskInstaller.exe, 00000005.00000003.267141701.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/jewel-quest-mysteries-the-seventh-gate
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/jewels-of-arabia
Source: AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/jojos-fashion-show-world-tour
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/jungle-legend
Source: AskInstaller.exe, 00000005.00000003.266480045.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/lego-fever
Source: AskInstaller.exe, 00000005.00000003.265606957.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/little-farm-clicker
Source: AskInstaller.exe, 00000005.00000003.267263790.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/ludo-legend
Source: AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/luxor
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/mahjong-story
Source: AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/midnight-mysteries-the-edgar-allan-poe-cons
Source: AskInstaller.exe, 00000005.00000003.267342893.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/minions-lab
Source: AskInstaller.exe, 00000005.00000003.267173567.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/murder-she-wrote
Source: AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/murder-she-wrote-2-return-to-cabot-cove
Source: AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/my-kingdom-for-the-princess
Source: AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/my-kingdom-for-the-princess-ii
Source: AskInstaller.exe, 00000005.00000003.267195188.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/mystery-case-files-13th-skull
Source: AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/mystery-case-files-dire-grove
Source: AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/mystery-case-files-madame-fate
Source: AskInstaller.exe, 00000005.00000003.267195188.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/mystery-masterpiece-the-moonstone
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/nail-salon-_-maries-girl-games
Source: AskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/neon-trio
Source: AskInstaller.exe, 00000005.00000003.266581227.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/pac_man
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/pac_man-pizza-parlor
Source: AskInstaller.exe, 00000005.00000003.266372890.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/paper-craft-wars
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/pick-crafter
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/point-adventure
Source: AskInstaller.exe, 00000005.00000003.267263790.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267270552.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/pool-party
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/pudding-monsters
Source: AskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/puzzle-bobo
Source: AskInstaller.exe, 00000005.00000003.267195188.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/puzzle-quest
Source: AskInstaller.exe, 00000005.00000003.266995069.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/puzzler-brain-games
Source: AskInstaller.exe, 00000005.00000003.267195188.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/ranch-rush
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/ready-set-candy
Source: AskInstaller.exe, 00000005.00000003.266581227.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.266642299.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/realmyst
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/rgb-trucker
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/road-crossing
Source: AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/roads-of-rome
Source: AskInstaller.exe, 00000005.00000003.267201633.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/roads-of-rome-iii
Source: AskInstaller.exe, 00000005.00000003.267201633.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/romance-of-rome
Source: AskInstaller.exe, 00000005.00000003.267201633.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/royal-gems
Source: AskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/sagemath
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/sea-mahjong
Source: AskInstaller.exe, 00000005.00000003.266978236.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/star-defender-4
Source: AskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/submarine-dash
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/sudoku
Source: AskInstaller.exe, 00000005.00000003.265509692.0000000003AC2000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267512805.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267533895.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267251451.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/tac-tac-way
Source: AskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/tap-the-mouse
Source: AskInstaller.exe, 00000005.00000003.267302361.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267336554.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/tentrix
Source: AskInstaller.exe, 00000005.00000003.267221165.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/the-great-gatsby-secret-treasure
Source: AskInstaller.exe, 00000005.00000003.264205791.0000000003A2F000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.263981384.0000000003A01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/the-green-mission-inside-a-cave
Source: AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/the-island-castaway
Source: AskInstaller.exe, 00000005.00000003.267221165.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/the-mystery-of-the-crystal-portal
Source: AskInstaller.exe, 00000005.00000003.267221165.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/the-princess-bride
Source: AskInstaller.exe, 00000005.00000003.267232939.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/the-scruffs
Source: AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/the-treasures-of-montezuma
Source: AskInstaller.exe, 00000005.00000003.267232939.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/top-chef
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/touch-and-catch
Source: AskInstaller.exe, 00000005.00000003.267232939.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/treasure-seekers-visions-of-gold
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267444722.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/two-cars
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/universal-crossword
Source: AskInstaller.exe, 00000005.00000003.267246462.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/urban-legends-the-maze
Source: AskInstaller.exe, 00000005.00000003.267246462.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/viking-saga
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/way-to-the-stars
Source: AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/wedding-salon
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/wonderland-chapter-11
Source: AskInstaller.exe, 00000005.00000003.266334408.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267512805.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/youda-survivor-2
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/yummy-tales
Source: AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/puzzles-and-arcade/zombie-jewel
Source: AskInstaller.exe, 00000005.00000003.266642299.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/retro/arcadia-remix
Source: AskInstaller.exe, 00000005.00000003.267356751.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/retro/arkanoid
Source: AskInstaller.exe, 00000005.00000003.266978236.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/retro/dig-dug
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/retro/dungeon-adventure
Source: AskInstaller.exe, 00000005.00000003.266581227.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/retro/etch_a_sketch-knobbys-quest
Source: AskInstaller.exe, 00000005.00000003.267356751.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/retro/galactians-2
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/retro/galaga-special-edition
Source: AskInstaller.exe, 00000005.00000003.267356751.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/retro/pixeroids
Source: AskInstaller.exe, 00000005.00000003.267296505.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267533895.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/retro/snake
Source: AskInstaller.exe, 00000005.00000003.266334408.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/1941-frozen-front
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/2-ways
Source: AskInstaller.exe, 00000005.00000003.267356751.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/ace-online
Source: AskInstaller.exe, 00000005.00000003.267013104.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/airport-mania-2-wild-trips
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267444722.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/baseball-for-clowns
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267444722.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/basket-champs
Source: AskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/basketball-hoops
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/brave-squad
Source: AskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/do-not-crash
Source: AskInstaller.exe, 00000005.00000003.267336554.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/drag-race-3d
Source: AskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/drift-race
Source: AskInstaller.exe, 00000005.00000003.267120960.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/fishing-craze
Source: AskInstaller.exe, 00000005.00000003.267263790.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/flappy-bird-3d
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/fly-with-rope
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/football-tricks
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/galactians
Source: AskInstaller.exe, 00000005.00000003.267425232.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/guns-n-glory-heroes
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/hyper-gunner
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/kuli
Source: AskInstaller.exe, 00000005.00000003.266802803.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/lucent-heart
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/master-tournament
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/minigolf-kingdom
Source: AskInstaller.exe, 00000005.00000003.266970111.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/mission-against-terror
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/nimble-fish
Source: AskInstaller.exe, 00000005.00000003.267336554.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/octane-racing
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/overvolt-crazy-slot-cars
Source: AskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/pirate-bay
Source: AskInstaller.exe, 00000005.00000003.266970111.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/protector
Source: AskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/rally-racer
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/retry-again
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/river-raider
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/runaway-toad
Source: AskInstaller.exe, 00000005.00000003.267251451.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267263790.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/russian-car-drift-3d
Source: AskInstaller.exe, 00000005.00000003.267258618.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/russian-car-drift-3d9
Source: AskInstaller.exe, 00000005.00000003.267251451.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/russian-car-drift-3ddrift-3d
Source: AskInstaller.exe, 00000005.00000003.267251451.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/russian-car-drift-3dw
Source: AskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/scary-pinball
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/short-drift
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/speed-pool-king
Source: AskInstaller.exe, 00000005.00000003.267251451.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/stock-car-hero
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/temple-defence
Source: AskInstaller.exe, 00000005.00000003.267512805.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/the-duck-hunter
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/top-down-soccer
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/top-shootout-3d
Source: AskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/up-hill-racing-2
Source: AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/vanilla-pinball
Source: AskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/watch-out-2
Source: AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports-and-action/zombie-invasion
Source: AskInstaller.exe, 00000005.00000003.267342893.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/sports/bouncy-dunk
Source: AskInstaller.exe, 00000005.00000003.265606957.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/time
Source: AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/time-management/cake-shop
Source: AskInstaller.exe, 00000005.00000003.265606957.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/time9
Source: AskInstaller.exe, 00000005.00000003.265606957.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games/timemes/time
Source: AskInstaller.exe, 00000005.00000003.267276443.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/games:N2
Source: AskInstaller.exe, 00000005.00000003.267276443.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/gamesMA3
Source: AskInstaller.exe, 00000005.00000003.267276443.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/gamesom/games
Source: AskInstaller.exe, 00000005.00000003.267283193.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/gamest
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: http://www.gamingwonderland.com/rest/favorites
Source: AskInstaller.exe, 00000005.00000003.267050275.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.gaminww.gamin
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.in/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.br/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.cz/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.de/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.es/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.fr/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.it/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.pl/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.ru/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.si/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
Source: mp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmp, nsx2FD0.tmp.0.drString found in binary or memory: http://www.imusicsearch.com/jre/jre-6u1-windows-i586-p-s.exe
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
Source: mp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmp, nsx2FD0.tmp.0.drString found in binary or memory: http://www.mimp3musica.com/jre/jre-6u1-windows-i586-p-s.exe
Source: mp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmp, nsx2FD0.tmp.0.drString found in binary or memory: http://www.mp3support.ca/jre/jre-6u1-windows-i586-p-s.exe
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
Source: mp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmp, nsx2FD0.tmp.0.drString found in binary or memory: http://www.my-free-kazaa.com/jre/jre-6u1-windows-i586-p-s.exe
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
Source: AskInstaller.exe, 00000005.00000003.267356751.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: http://www.mywot.com/en/scorecard/www.gamingwonderland.com
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.orange.fr/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
Source: mp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmp, nsx2FD0.tmp.0.drString found in binary or memory: http://www.safefiles.net/jre/jre-6u1-windows-i586-p-s.exe
Source: mp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmp, nsx2FD0.tmp.0.drString found in binary or memory: http://www.safefiles.net/jre/jre-6u1-windows-i586-p-s.exehttp://www.my-free-kazaa.com/jre/jre-6u1-wi
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
Source: AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
Source: ~DFA67615B55785378D.TMP.12.drString found in binary or memory: https://about.ask.com/en/docs/about/ask_eula.shtml
Source: {02EC3568-5606-11EB-90E6-ECF4BB82F7E0}.dat.12.drString found in binary or memory: https://about.ask.com/en/docs/about/ask_eula.shtmlRoot
Source: AskInstaller.exe, 00000005.00000002.272179858.0000000003B00000.00000004.00000001.sdmpString found in binary or memory: https://ak.www.g
Source: AskInstaller.exe, 00000005.00000003.264057037.0000000003A28000.00000004.00000001.sdmpString found in binary or memory: https://ak.www.gamingwonderland.com/static/css/gw-bundle-compressed-9fc0f11a50f58fda9bc8f476f39ff27a
Source: AskInstaller.exe, 00000005.00000003.264057037.0000000003A28000.00000004.00000001.sdmpString found in binary or memory: https://ak.www.gamingwonderland.com/static/css/gw.ie.css
Source: AskInstaller.exe, 00000005.00000003.264057037.0000000003A28000.00000004.00000001.sdmpString found in binary or memory: https://ak.www.gamingwonderland.com/static/js/PluginDetect_Java_Flash_Shockwave.js
Source: AskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: https://ak.www.gamingwonderland.com/static/js/gw-bundle-compressed-d9232c826eb8b7612a9e023afc8dc1e7.
Source: AskInstaller.exe, 00000005.00000002.268876299.0000000002CE6000.00000004.00000040.sdmpString found in binary or memory: https://ak.www.gamingwonderland.com/static/js/survey.js
Source: AskInstaller.exe, 00000005.00000003.267652245.0000000003ACD000.00000004.00000001.sdmpString found in binary or memory: https://akz.imgfarm.com/images/adXPreloader/swf/ima3_preloader_1.5.swf
Source: AskInstaller.exe, 00000005.00000003.267550920.0000000003AC9000.00000004.00000001.sdmpString found in binary or memory: https://apis.google.com/js/plusone.js
Source: AskInstaller.exe, 00000005.00000003.264057037.0000000003A28000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/GaminWonderland
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownHTTPS traffic detected: 35.244.253.184:443 -> 192.168.2.7:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49810 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.114:443 -> 192.168.2.7:49809 version: TLS 1.2
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405042
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040323C
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_004048530_2_00404853
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_004061310_2_00406131
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_013189DE3_2_013189DE
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_013318DF3_2_013318DF
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_01344B433_2_01344B43
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_013307203_2_01330720
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_013873B23_2_013873B2
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_013803AF3_2_013803AF
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_013755113_2_01375511
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_0138CC373_2_0138CC37
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_01376CB03_2_01376CB0
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_0138D6D93_2_0138D6D9
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_013189DE5_2_013189DE
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_013318DF5_2_013318DF
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_013307205_2_01330720
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_01344B435_2_01344B43
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_013873B25_2_013873B2
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_013803AF5_2_013803AF
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_013755115_2_01375511
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_0138CC375_2_0138CC37
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_01376CB05_2_01376CB0
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_013386A25_2_013386A2
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_01335E985_2_01335E98
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_0138D6D95_2_0138D6D9
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: String function: 0137EF80 appears 50 times
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: String function: 013631D4 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: String function: 01376D83 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: String function: 0137C1D9 appears 174 times
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: String function: 01375190 appears 50 times
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: String function: 0131D888 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: String function: 0137C20C appears 74 times
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: String function: 0137C242 appears 123 times
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: String function: 0134BA76 appears 62 times
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: String function: 01326209 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: String function: 01319B30 appears 103 times
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: String function: 01319638 appears 79 times
Source: mp3rocket.exeStatic PE information: invalid certificate
Source: mp3rocket.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: mp3rocket.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: mp3rocket.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AskInstaller.exe.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: AskInstaller.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AskInstaller.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AskInstaller.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: mp3rocket.exeBinary or memory string: OriginalFilename vs mp3rocket.exe
Source: mp3rocket.exe, 00000000.00000002.1672036174.00000000022F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs mp3rocket.exe
Source: mp3rocket.exe, 00000000.00000002.1672141743.0000000002330000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameWINMM.DLL.MUIj% vs mp3rocket.exe
Source: mp3rocket.exe, 00000000.00000002.1676748440.0000000003D30000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewdmaud.drv.muij% vs mp3rocket.exe
Source: mp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAskInstaller.exe` vs mp3rocket.exe
Source: mp3rocket.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engineClassification label: sus28.evad.winEXE@36/432@79/5
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404356
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_0134054E __EH_prolog3_GS,CreateToolhelp32Snapshot,Process32FirstW,OpenProcess,TerminateProcess,_wcslen,Process32NextW,3_2_0134054E
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar,0_2_00402020
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_0131D656 FindResourceW,FindResourceW,FindResourceW,LoadResource,LockResource,LoadResource,LockResource,LoadResource,LockResource,DialogBoxIndirectParamW,GetLastError,GlobalHandle,GlobalFree,GetLastError,SetLastError,3_2_0131D656
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMDJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeMutant created: \Sessions\1\BaseNamedObjects\MP3 Rocket 6.2.4
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeMutant created: \Sessions\1\BaseNamedObjects\Global\PIP_Mutex
Source: C:\Users\user\Desktop\mp3rocket.exeFile created: C:\Users\user~1\AppData\Local\Temp\nsm2F90.tmpJump to behavior
Source: mp3rocket.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\mp3rocket.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: mp3rocket.exeReversingLabs: Detection: 17%
Source: C:\Users\user\Desktop\mp3rocket.exeFile read: C:\Users\user\Desktop\mp3rocket.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\mp3rocket.exe 'C:\Users\user\Desktop\mp3rocket.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe AskInstaller.exe -b -pid MP3R7 -di 120
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe 'C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe' -b -pid MP3R7 -di 120 -se
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' http://about.ask.com/en/docs/about/ask_eula.shtml
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17410 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17412 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17414 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17416 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17420 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17424 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17428 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17432 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17436 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17440 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17446 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17452 /prefetch:2
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17458 /prefetch:2
Source: C:\Users\user\Desktop\mp3rocket.exeProcess created: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe AskInstaller.exe -b -pid MP3R7 -di 120Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe 'C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe' -b -pid MP3R7 -di 120 -seJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' http://about.ask.com/en/docs/about/ask_eula.shtmlJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17410 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17412 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17414 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17416 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17420 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17424 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17428 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17432 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17436 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17440 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17446 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17452 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17458 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile written: C:\Users\user\AppData\Local\Temp\tmpofferstate.iniJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeAutomated click: Next >
Source: C:\Users\user\Desktop\mp3rocket.exeAutomated click: I Agree
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAutomated click: Next
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeWindow detected: Number of UI elements: 13
Source: mp3rocket.exeStatic file information: File size 9763792 > 1048576
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: Binary string: C:\hudson\jobs\PIP2.0_Installer\workspace\release\AskInstaller_1_.pdb source: mp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmp, AskInstaller.exe, 00000003.00000000.256711522.000000000139C000.00000002.00020000.sdmp, AskInstaller.exe, 00000005.00000000.259267416.000000000139C000.00000002.00020000.sdmp, AskInstaller.exe.0.dr
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_10002A10 push eax; ret 0_2_10002A3E
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_0137C2B1 push ecx; ret 3_2_0137C2C4
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_0137EFC5 push ecx; ret 3_2_0137EFD8
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_0137C2B1 push ecx; ret 5_2_0137C2C4
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_0137EFC5 push ecx; ret 5_2_0137EFD8
Source: C:\Users\user\Desktop\mp3rocket.exeFile created: C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\mp3rocket.exeFile created: C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\mp3rocket.exeFile created: C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\AdvSplash.dllJump to dropped file
Source: C:\Users\user\Desktop\mp3rocket.exeFile created: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_01323AB5 __EH_prolog3_GS,SHGetSpecialFolderPathW,GetLastError,GetPrivateProfileStringW,_wcslen,3_2_01323AB5
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_01323603 __EH_prolog3_GS,SHGetSpecialFolderPathW,GetLastError,GetPrivateProfileStringW,_wcslen,3_2_01323603
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_01323AB5 __EH_prolog3_GS,SHGetSpecialFolderPathW,GetLastError,GetPrivateProfileStringW,_wcslen,5_2_01323AB5
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_01323603 __EH_prolog3_GS,SHGetSpecialFolderPathW,GetLastError,GetPrivateProfileStringW,_wcslen,5_2_01323603
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeMemory allocated: 42A0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeMemory allocated: 8620000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeMemory allocated: 87A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeMemory allocated: 8820000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeWindow / User API: threadDelayed 5747Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeWindow / User API: foregroundWindowGot 1345Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeWindow / User API: foregroundWindowGot 458Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_5-24045
Source: C:\Users\user\Desktop\mp3rocket.exe TID: 6572Thread sleep time: -574700s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\mp3rocket.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_0135C298 PathFileExistsW,_memset,wsprintfW,FindFirstFileW,StrCmpW,StrCmpW,StrCmpW,_wcslen,_wcslen,RemoveDirectoryW,wsprintfW,DeleteFileW,FindNextFileW,FindClose,3_2_0135C298
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_0135C298 PathFileExistsW,_memset,wsprintfW,FindFirstFileW,StrCmpW,StrCmpW,StrCmpW,_wcslen,_wcslen,RemoveDirectoryW,wsprintfW,DeleteFileW,FindNextFileW,FindClose,5_2_0135C298
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_01324760 GetLogicalDriveStringsW,GetDriveTypeW,GetDriveTypeW,GetDiskFreeSpaceExW,GetDriveTypeW,_wcslen,3_2_01324760
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile opened: C:\Users\user\AppData\Local\Temp\apn_pip_localJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile opened: C:\Users\user\AppData\Local\Temp\apn_pip_local\rules.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: AskInstaller.exe, 00000003.00000002.1687670455.0000000008860000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: AskInstaller.exe, 00000003.00000002.1687670455.0000000008860000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: AskInstaller.exe, 00000003.00000002.1687670455.0000000008860000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: AskInstaller.exe, 00000003.00000002.1671234657.0000000000C83000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NWar&Prod_VMware_SATA_CD0280b647&0&000000#{53f5636bf-11d0-94f2-00a0c91efb\\?\Volume{dfd8-98f2-11e9-90ce-806e6963}\
Source: AskInstaller.exe, 00000003.00000002.1687670455.0000000008860000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
Source: C:\Users\user\Desktop\mp3rocket.exeAPI call chain: ExitProcess graph end nodegraph_0-5153
Source: C:\Users\user\Desktop\mp3rocket.exeAPI call chain: ExitProcess graph end nodegraph_0-5154
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAPI call chain: ExitProcess graph end nodegraph_3-23090
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeAPI call chain: ExitProcess graph end nodegraph_5-24047
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_013800A6 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_013800A6
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_030C1759 Create,GetDlgItem,GetWindowRect,MapWindowPoints,CreateDialogParamA,SetWindowPos,SetWindowLongA,GetProcessHeap,HeapAlloc,0_2_030C1759
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_013800A6 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_013800A6
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_013748C1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_013748C1
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_013800A6 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_013800A6
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 5_2_013748C1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_013748C1
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe 'C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe' -b -pid MP3R7 -di 120 -seJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' http://about.ask.com/en/docs/about/ask_eula.shtmlJump to behavior
Source: mp3rocket.exe, 00000000.00000002.1670868457.0000000000DB0000.00000002.00000001.sdmp, AskInstaller.exe, 00000003.00000002.1672753236.0000000001580000.00000002.00000001.sdmpBinary or memory string: uProgram Manager
Source: mp3rocket.exe, 00000000.00000002.1670868457.0000000000DB0000.00000002.00000001.sdmp, AskInstaller.exe, 00000003.00000002.1672753236.0000000001580000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: mp3rocket.exe, 00000000.00000002.1670868457.0000000000DB0000.00000002.00000001.sdmp, AskInstaller.exe, 00000003.00000002.1672753236.0000000001580000.00000002.00000001.sdmpBinary or memory string: Progman
Source: mp3rocket.exe, 00000000.00000002.1670868457.0000000000DB0000.00000002.00000001.sdmp, AskInstaller.exe, 00000003.00000002.1672753236.0000000001580000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_013893AB
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,3_2_01389284
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,3_2_01389058
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,3_2_0138D8BD
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,3_2_013890B3
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_01389344
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,3_2_013893E7
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: GetLocaleInfoA,3_2_0137C41D
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: __EH_prolog3_GS,GetSystemDefaultLCID,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,_wcslen,3_2_01333F08
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,3_2_01388FB1
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_01388EBC
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,5_2_013893AB
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,5_2_01389284
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,5_2_01389058
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,5_2_0138D8BD
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,5_2_013890B3
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,5_2_01389344
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,5_2_013893E7
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: GetLocaleInfoA,5_2_0137C41D
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: __EH_prolog3_GS,GetSystemDefaultLCID,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,_wcslen,5_2_01333F08
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,5_2_01388FB1
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_01388EBC
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\apn_pip_local\tb.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exeCode function: 3_2_0135E083 GetSystemTimeAsFileTime,__aulldiv,3_2_0135E083
Source: C:\Users\user\Desktop\mp3rocket.exeCode function: 0_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,StrCmpNIW,lstrlenA,0_2_00405B88

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsNative API2Path InterceptionProcess Injection12Masquerading1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel22Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion3LSASS MemoryQuery Registry1Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothIngress Tool Transfer2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection12Security Account ManagerSecurity Software Discovery131SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSVirtualization/Sandbox Evasion3Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information2LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemFile and Directory Discovery5Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Information Discovery24Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 339196 Sample: mp3rocket.exe Startdate: 13/01/2021 Architecture: WINDOWS Score: 28 48 prda.aadg.msidentity.com 2->48 50 askmedia.map.fastly.net 2->50 52 about.ask.com 2->52 72 Multi AV Scanner detection for submitted file 2->72 9 mp3rocket.exe 4 30 2->9         started        signatures3 process4 file5 30 C:\Users\user\AppData\...\AskInstaller.exe, PE32 9->30 dropped 32 C:\Users\user\AppData\Local\...\nsDialogs.dll, PE32 9->32 dropped 34 C:\Users\user\AppData\Local\...\System.dll, PE32 9->34 dropped 36 C:\Users\user\AppData\Local\...\AdvSplash.dll, PE32 9->36 dropped 12 AskInstaller.exe 5 28 9->12         started        process6 dnsIp7 68 pipoffers.apnpartners.com 12->68 70 133.183.244.35.in-addr.arpa 12->70 74 Multi AV Scanner detection for dropped file 12->74 16 iexplore.exe 2 164 12->16         started        19 AskInstaller.exe 1 16 12->19         started        signatures8 process9 dnsIp10 38 askmedia.map.fastly.net 16->38 40 about.ask.com 16->40 21 iexplore.exe 56 16->21         started        24 iexplore.exe 16->24         started        26 iexplore.exe 16->26         started        28 10 other processes 16->28 42 www140.zwinky.com 34.102.244.163, 49728, 80 GOOGLEUS United States 19->42 44 pipoffers.apnpartners.com 35.244.183.133, 49727, 80 GOOGLEUS United States 19->44 46 5 other IPs or domains 19->46 process11 dnsIp12 54 askmedia.map.fastly.net 151.101.2.114, 443, 49731, 49732 FASTLYUS United States 21->54 56 about.ask.com 21->56 58 about.ask.com 24->58 60 about.ask.com 26->60 62 192.168.2.1 unknown unknown 28->62 64 about.ask.com 28->64 66 9 other IPs or domains 28->66

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
mp3rocket.exe18%ReversingLabsWin32.PUA.BundledAsk

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe3%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe16%ReversingLabsWin32.PUA.BundledAsk
C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\AdvSplash.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\AdvSplash.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\System.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\nsDialogs.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\nsDialogs.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.mercadolivre.com.br/0%URL Reputationsafe
http://www.mercadolivre.com.br/0%URL Reputationsafe
http://www.mercadolivre.com.br/0%URL Reputationsafe
http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
http://www.dailymail.co.uk/0%URL Reputationsafe
http://www.dailymail.co.uk/0%URL Reputationsafe
http://www.dailymail.co.uk/0%URL Reputationsafe
http://www.gaminww.gamin0%Avira URL Cloudsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.mimp3musica.com/jre/jre-6u1-windows-i586-p-s.exe0%Avira URL Cloudsafe
http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
http://it.search.dada.net/favicon.ico0%URL Reputationsafe
http://it.search.dada.net/favicon.ico0%URL Reputationsafe
http://it.search.dada.net/favicon.ico0%URL Reputationsafe
http://errdocs.zwinky.com/0%Avira URL Cloudsafe
http://search.hanafos.com/favicon.ico0%URL Reputationsafe
http://search.hanafos.com/favicon.ico0%URL Reputationsafe
http://search.hanafos.com/favicon.ico0%URL Reputationsafe
http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
http://buscar.ozu.es/0%Avira URL Cloudsafe
http://search.auction.co.kr/0%URL Reputationsafe
http://search.auction.co.kr/0%URL Reputationsafe
http://search.auction.co.kr/0%URL Reputationsafe
http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
http://google.pchome.com.tw/0%URL Reputationsafe
http://google.pchome.com.tw/0%URL Reputationsafe
http://google.pchome.com.tw/0%URL Reputationsafe
http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
http://www.gmarket.co.kr/0%URL Reputationsafe
http://www.gmarket.co.kr/0%URL Reputationsafe
http://www.gmarket.co.kr/0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
gamingwonderland.com
35.244.253.184
truefalse
    		high
    www140.zwinky.com
    		34.102.244.163
    		truefalse
      		unknown
      pipoffers.apnpartners.com
      		35.244.183.133
      		truefalse
        		unknown
        askmedia.map.fastly.net
        		151.101.2.114
        		truefalse
          		unknown
          133.183.244.35.in-addr.arpa
          		unknown
          		unknownfalse
            		unknown
            errdocs.zwinky.com
            		unknown
            		unknownfalse
              		unknown
              about.ask.com
              		unknown
              		unknownfalse
                		high
                ak.pipoffers.apnpartners.com
                		unknown
                		unknownfalse
                  		unknown
                  www.gamingwonderland.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://about.ask.com/en/docs/about/ask_eula.shtmlfalse
                      		high
                      http://errdocs.zwinky.com/false
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://search.chol.com/favicon.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                        		high
                        http://www.gamingwonderland.com/games/puzzles-and-arcade/crazy-switch-colorAskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpfalse
                          		high
                          http://www.mercadolivre.com.br/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.merlin.com.pl/favicon.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.dailymail.co.uk/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.gamingwonderland.com/games/puzzles-and-arcade/brain-doctorAskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpfalse
                            		high
                            http://www.gamingwonderland.com/games/sports-and-action/stock-car-heroAskInstaller.exe, 00000005.00000003.267251451.0000000003AC9000.00000004.00000001.sdmpfalse
                              		high
                              http://www.gamingwonderland.com/games/retro/dungeon-adventureAskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmpfalse
                                		high
                                http://www.gamingwonderland.com/games:N2AskInstaller.exe, 00000005.00000003.267276443.0000000003AC9000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designersAskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.gamingwonderland.com/games/puzzles-and-arcade/universal-crosswordAskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.gaminww.gaminAskInstaller.exe, 00000005.00000003.267050275.0000000003AC9000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.gamingwonderland.com/games/dress-up/spa-salonAskInstaller.exe, 00000005.00000003.267342893.0000000003AC9000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.gamingwonderland.com/games/puzzles-and-arcade/azadaAskInstaller.exe, 00000005.00000003.267105652.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.gamingwonderland.com/games/timemes/timeAskInstaller.exe, 00000005.00000003.265606957.0000000003AC9000.00000004.00000001.sdmpfalse
                                            		high
                                            http://fr.search.yahoo.com/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                              		high
                                              http://www.gamingwonderland.com/games/sports-and-action/russian-car-drift-3dwAskInstaller.exe, 00000005.00000003.267251451.0000000003AC9000.00000004.00000001.sdmpfalse
                                                		high
                                                http://sp.ask.com/en/docs/about/terms_of_service.shtml0mp3rocket.exe, 00000000.00000002.1675378887.00000000029A7000.00000004.00000001.sdmp, AskInstaller.exe.0.drfalse
                                                  		high
                                                  http://in.search.yahoo.com/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://img.shopzilla.com/shopzilla/shopzilla.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.gamingwonderland.com/games/card-and-board/brain-games-chessAskInstaller.exe, 00000005.00000003.266970111.0000000003ACD000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://www.gamingwonderland.com/games/puzzle/howdy-christmasAskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://www.gamingwonderland.com/games/puzzles-and-arcade/hidden-wonders-of-the-depthsAskInstaller.exe, 00000005.00000003.267127731.0000000003AC9000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://www.gamingwonderland.com/games/card-and-board/best-classic-mahjong-connectAskInstaller.exe, 00000005.00000003.267409569.0000000003AC9000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://www.galapagosdesign.com/DPleaseAskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.gamingwonderland.com/games/sports-and-action/football-tricksAskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://msk.afisha.ru/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.mimp3musica.com/jre/jre-6u1-windows-i586-p-s.exemp3rocket.exe, 00000000.00000002.1674595229.00000000028B9000.00000004.00000001.sdmp, nsx2FD0.tmp.0.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.gamingwonderland.com/games/puzzles-and-arcade/touch-and-catchAskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.gamingwonderland.com/games/puzzles-and-arcade/mystery-case-files-13th-skullAskInstaller.exe, 00000005.00000003.267195188.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.gamingwonderland.com/games/puzzles-and-arcade/cut-the-rope-magicAskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://busca.igbusca.com.br//app/static/images/favicon.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.gamingwonderland.com/games/card-and-board/solitaire-tripeaksAskInstaller.exe, 00000005.00000003.267288685.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.gamingwonderland.com/games/puzzles-and-arcade/candy-slideAskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://www.ya.com/favicon.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                              		high
                                                                              http://www.gamingwonderland.com/games/sports-and-action/drag-race-3dAskInstaller.exe, 00000005.00000003.267336554.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://www.etmall.com.tw/favicon.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://www.gamingwonderland.com/games/puzzles-and-arcade/crazy-birds-2AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://www.gamingwonderland.com/games/sports-and-action/russian-car-drift-3d9AskInstaller.exe, 00000005.00000003.267258618.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://it.search.dada.net/favicon.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://search.hanafos.com/favicon.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://www.gamingwonderland.com/games/puzzle/puzzle-worldAskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.gamingwonderland.com/games/puzzles-and-arcade/pudding-monstersAskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://www.gamingwonderland.com/games/puzzles-and-arcade/urban-legends-the-mazeAskInstaller.exe, 00000005.00000003.267246462.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://cgi.search.biglobe.ne.jp/favicon.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.gamingwonderland.com/games/puzzles-and-arcade/puzzle-questAskInstaller.exe, 00000005.00000003.267195188.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://www.gamingwonderland.com/games/puzzles-and-arcade/2020-reloadedAskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://search.msn.co.jp/results.aspx?q=AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              • URL Reputation: safe
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://www.gamingwonderland.com/games/puzzles-and-arcade/click-snowball-fightAskInstaller.exe, 00000005.00000003.267389981.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267398595.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://buscar.ozu.es/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://www.gamingwonderland.com/games/sports-and-action/brave-squadAskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8ActivityAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.ask.com/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.gamingwonderland.com/games/card-and-board/tic-tac-toe-html5AskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.gamingwonderland.com/games/puzzle/bubble-monstersAskInstaller.exe, 00000005.00000003.267384010.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.gamingwonderland.com/games/card-and-board/space-mahjongAskInstaller.exe, 00000005.00000003.267201633.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267489968.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.gamingwonderland.com/games/puzzles-and-arcade/luxorAskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.gamingwonderland.com/games/free-casino/vegas-penny-slots-3AskInstaller.exe, 00000005.00000002.272185753.0000000003EFD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.gamingwonderland.com/games/puzzles-and-arcade/hidden-secrets-the-nightmareAskInstaller.exe, 00000005.00000003.267127731.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.google.it/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.gamingwonderland.com/games/puzzles-and-arcade/bubble-shooter-freeAskInstaller.exe, 00000005.00000003.267283193.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.gamingwonderland.com/games/puzzles-and-arcade/discolorsAskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://search.auction.co.kr/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://www.amazon.de/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://about.ask.com/en/docs/about/privacy.shtmlP9AskInstaller.exe, 00000003.00000002.1671472332.0000000000CC4000.00000004.00000020.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://nsis.sf.net/NSIS_Errormp3rocket.exefalse
                                                                                                                              		high
                                                                                                                              http://www.gamingwonderland.com/games/free-casino/battle-slotsAskInstaller.exe, 00000005.00000003.266978236.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://sads.myspace.com/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.gamingwonderland.com/games/card-and-board/daily-mahjongAskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.gamingwonderland.com/games/sports-and-action/1941-frozen-frontAskInstaller.exe, 00000005.00000003.266334408.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.pchome.com.tw/favicon.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://browse.guardian.co.uk/favicon.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://google.pchome.com.tw/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.gamingwonderland.com/games/puzzles-and-arcade/neon-trioAskInstaller.exe, 00000005.00000003.267473221.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.rambler.ru/favicon.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.gamingwonderland.com/games/puzzles-and-arcade/pool-partyAskInstaller.exe, 00000005.00000003.267263790.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267376196.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267270552.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://uk.search.yahoo.com/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.gamingwonderland.com/games/card-and-board/solitaire-questAskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.gamingwonderland.com/games/puzzles-and-arcade/road-crossingAskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.gamingwonderland.com/games/puzzles-and-arcade/sudokuAskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.ozu.es/favicon.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://search.sify.com/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://openimage.interpark.com/interpark.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://search.yahoo.co.jp/favicon.icoAskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.gamingwonderland.com/games/sports-and-action/russian-car-drift-3ddrift-3dAskInstaller.exe, 00000005.00000003.267251451.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.gmarket.co.kr/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.founder.com.cn/cn/bTheAskInstaller.exe, 00000003.00000002.1680953456.0000000006896000.00000002.00000001.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.gamingwonderland.com/games/sports-and-action/top-shootout-3dAskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://search.nifty.com/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.gamingwonderland.com/games/puzzles-and-arcade/jelly-bombAskInstaller.exe, 00000005.00000003.267434723.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267444722.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.gamingwonderland.com/games/puzzles-and-arcade/cooking-academyAskInstaller.exe, 00000005.00000003.267041717.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267504786.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.265765379.0000000003B01000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267496873.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267028117.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://www.google.si/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.soso.com/AskInstaller.exe, 00000003.00000002.1678991896.0000000003FF3000.00000002.00000001.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.gamingwonderland.com/games/puzzles-and-arcade/minions-labAskInstaller.exe, 00000005.00000003.267342893.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267465942.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://www.gamingwonderland.com/games/puzzles-and-arcade/the-princess-brideAskInstaller.exe, 00000005.00000003.267221165.0000000003ACD000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267480453.0000000003AC9000.00000004.00000001.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://www.gamingwonderland.com/games/card-and-board/neon-checkersAskInstaller.exe, 00000005.00000003.267451035.0000000003AC9000.00000004.00000001.sdmp, AskInstaller.exe, 00000005.00000003.267460466.0000000003ACD000.00000004.00000001.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://www.gamingwonderland.com/games/dress-up/minions-labAskInstaller.exe, 00000005.00000003.264402612.0000000003A67000.00000004.00000001.sdmpfalse
                                                                                                                                                                                		high

                                                                                                                                                                                Contacted IPs

                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                Public

                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                35.244.183.133
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                34.102.244.163
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                151.101.2.114
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		54113FASTLYUSfalse
                                                                                                                                                                                35.244.253.184
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		15169GOOGLEUSfalse

                                                                                                                                                                                Private

                                                                                                                                                                                IP
                                                                                                                                                                                192.168.2.1

                                                                                                                                                                                General Information

                                                                                                                                                                                Joe Sandbox Version:31.0.0 Red Diamond
                                                                                                                                                                                Analysis ID:339196
                                                                                                                                                                                Start date:13.01.2021
                                                                                                                                                                                Start time:17:11:41
                                                                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                                                                Overall analysis duration:0h 21m 47s
                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                Report type:full
                                                                                                                                                                                Sample file name:mp3rocket.exe
                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                Number of analysed new started processes analysed:40
                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                Technologies:
                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                • HDC enabled
                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                Detection:SUS
                                                                                                                                                                                Classification:sus28.evad.winEXE@36/432@79/5
                                                                                                                                                                                EGA Information:
                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                HDC Information:
                                                                                                                                                                                • Successful, ratio: 43.1% (good quality ratio 41.9%)
                                                                                                                                                                                • Quality average: 84.1%
                                                                                                                                                                                • Quality standard deviation: 24.4%
                                                                                                                                                                                HCA Information:Failed
                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                • Adjust boot time
                                                                                                                                                                                • Enable AMSI
                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                Warnings:
                                                                                                                                                                                Show All
                                                                                                                                                                                • Max analysis timeout: 720s exceeded, the analysis took too long
                                                                                                                                                                                • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 52.147.198.201, 104.42.151.234, 92.123.151.247, 23.210.248.85, 88.221.62.148, 51.11.168.160, 8.253.95.121, 67.26.83.254, 67.26.73.254, 67.27.158.126, 67.26.139.254, 51.103.5.159, 2.20.142.210, 2.20.142.209, 92.122.213.194, 92.122.213.247, 152.199.19.161, 52.155.217.156, 20.54.26.129, 20.190.129.17, 20.190.129.160, 20.190.129.133, 20.190.129.128, 40.126.1.166, 20.190.129.2, 40.126.1.128, 20.190.129.130, 51.104.136.2
                                                                                                                                                                                • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wns.notify.windows.com.akadns.net, a1449.dscg2.akamai.net, e13805.g.akamaiedge.net, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, par02p.wns.notify.windows.com.akadns.net, go.microsoft.com, emea1.notify.windows.com.akadns.net, login.live.com, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, slot-13805-es.edgekey.net, fs.microsoft.com, ie9comview.vo.msecnd.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, a767.dscg3.akamai.net, login.msa.msidentity.com, settingsfd-geo.trafficmanager.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, dub2.current.a.prd.aadg.trafficmanager.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.net
                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                                                                • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                • VT rate limit hit for: /opt/package/joesandbox/database/analysis/339196/sample/mp3rocket.exe

                                                                                                                                                                                Simulations

                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                No simulations

                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                IPs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                35.244.183.133http://free.atozmanuals.comGet hashmaliciousBrowse
                                                                                                                                                                                • eula.mindspark.com/privacypolicy/
                                                                                                                                                                                http://fromdoctopdf.comGet hashmaliciousBrowse
                                                                                                                                                                                • eula.mindspark.com/privacypolicy/
                                                                                                                                                                                http://download.mapfinderz.com/Get hashmaliciousBrowse
                                                                                                                                                                                • eula.mindspark.com/privacypolicy/
                                                                                                                                                                                http://download.mapfinderz.com/Get hashmaliciousBrowse
                                                                                                                                                                                • eula.mindspark.com/privacypolicy/
                                                                                                                                                                                http://free.internetspeedutility.netGet hashmaliciousBrowse
                                                                                                                                                                                • eula.mindspark.com/privacypolicy/
                                                                                                                                                                                http://download.fromdoctopdf.comGet hashmaliciousBrowse
                                                                                                                                                                                • eula.mindspark.com/privacypolicy/
                                                                                                                                                                                CuteWriter.exeGet hashmaliciousBrowse
                                                                                                                                                                                • pipoffers.apnpartners.com/static/partners/generic/images/install.ico
                                                                                                                                                                                $RDPW3EM.exeGet hashmaliciousBrowse
                                                                                                                                                                                • pipoffers.apnpartners.com/static/partners/generic/images/install.ico
                                                                                                                                                                                $RAZAVA8.exeGet hashmaliciousBrowse
                                                                                                                                                                                • pipoffers.apnpartners.com/static/partners/generic/images/install.ico
                                                                                                                                                                                http://sirshanksalot.com/238-cleveland-ta7-and-ta7-tour-iron-review/Get hashmaliciousBrowse
                                                                                                                                                                                • eula.mindspark.com/privacypolicy/
                                                                                                                                                                                https://www.avgeekery.com/Get hashmaliciousBrowse
                                                                                                                                                                                • eula.mindspark.com/privacypolicy/
                                                                                                                                                                                http://free.onlineformfinder.comGet hashmaliciousBrowse
                                                                                                                                                                                • eula.mindspark.com/privacypolicy/
                                                                                                                                                                                CuteWriter.exeGet hashmaliciousBrowse
                                                                                                                                                                                • pipoffers.apnpartners.com/PIP2.5/OfferAccept.jhtml
                                                                                                                                                                                Avery label template #5351.exeGet hashmaliciousBrowse
                                                                                                                                                                                • pipoffers.apnpartners.com/PIP2.5/OfferAccept.jhtml
                                                                                                                                                                                http://free.onlineformfinder.comGet hashmaliciousBrowse
                                                                                                                                                                                • eula.mindspark.com/privacypolicy/
                                                                                                                                                                                http://free.onlineformfinder.comGet hashmaliciousBrowse
                                                                                                                                                                                • eula.mindspark.com/privacypolicy/
                                                                                                                                                                                YNipbvzVf6.exeGet hashmaliciousBrowse
                                                                                                                                                                                • pipoffers.apnpartners.com/static/partners/generic/images/install.ico
                                                                                                                                                                                http://www.onlineroutefinder.comGet hashmaliciousBrowse
                                                                                                                                                                                • eula.mindspark.com/privacypolicy/
                                                                                                                                                                                151.101.2.114https://notification1.bubbleapps.io/version-test?debug_mode=trueGet hashmaliciousBrowse
                                                                                                                                                                                • ssl.p.jwpcdn.com/player/v/8.18.3/translations/ar.json
                                                                                                                                                                                https://designsbytony.co/signin/Get hashmaliciousBrowse
                                                                                                                                                                                • ssl.p.jwpcdn.com/player/v/8.18.2/jwpsrv.js
                                                                                                                                                                                https://designsbytony.co/signin/Get hashmaliciousBrowse
                                                                                                                                                                                • ssl.p.jwpcdn.com/player/v/8.18.2/translations/fr.json
                                                                                                                                                                                https://vocechefdigital.com.br/captured/Get hashmaliciousBrowse
                                                                                                                                                                                • ssl.p.jwpcdn.com/player/v/8.18.0/jwpsrv.js
                                                                                                                                                                                https://bit.ly/leumi-co_ilGet hashmaliciousBrowse
                                                                                                                                                                                • ssl.p.jwpcdn.com/player/v/8.17.7/jwpsrv.js
                                                                                                                                                                                http://bit.do/fKxjzGet hashmaliciousBrowse
                                                                                                                                                                                • ssl.p.jwpcdn.com/player/v/8.17.7/translations/ar.json
                                                                                                                                                                                https://725cn.com/?referrer=YWRlbGUucGFya2VyQHRlbGVudC5jb20=Get hashmaliciousBrowse
                                                                                                                                                                                • ssl.p.jwpcdn.com/player/v/7.12.13/jwpsrv.js
                                                                                                                                                                                https://bit.ly/L-PYGet hashmaliciousBrowse
                                                                                                                                                                                • ssl.p.jwpcdn.com/player/v/7.12.13/jwpsrv.js
                                                                                                                                                                                http://dilevry-packages.com/package/#2938456Get hashmaliciousBrowse
                                                                                                                                                                                • ssl.p.jwpcdn.com/player/v/7.12.13/jwpsrv.js
                                                                                                                                                                                https://jinsx.net/?referrer=dGhvbWFzLnNoZWxkb25Ad2luZHN0cmVhbS5jb20=Get hashmaliciousBrowse
                                                                                                                                                                                • ssl.p.jwpcdn.com/player/v/7.12.13/jwpsrv.js
                                                                                                                                                                                https://vnwst.com/gT1MgQjYCMLPspDZiMKmqjfuF7ojuV7yD3Mb/live/login.phpGet hashmaliciousBrowse
                                                                                                                                                                                • ssl.p.jwpcdn.com/player/v/7.12.13/jwpsrv.js
                                                                                                                                                                                https://ctamedia.net/update/account/Get hashmaliciousBrowse
                                                                                                                                                                                • prd.jwpltx.com/v1/jwplayer6/ping.gif?h=1408018835&e=s&n=3501928778679600&abc=1&aid=7j9pRkenEeaW2BKCk4Wcgw&amp=0&ask=dxStpLee&at=1&c=0&ccp=0&cp=0&d=1&eb=0&ed=3&emi=18slij52o65y&i=1&lid=lrl9pw4w0jj1&lsa=read&mt=0&pbd=1&pbr=1&pgi=1icmhv51ivu0&ph=1&pid=1BraCQng&pii=0&pl=277&plc=1&pli=5u07wlpabuio&pp=html5&ppm=VOD&prc=1&ps=2&pss=1&pt=%D8%B1%D9%8A%D8%A7%D8%B6%D8%A9%20-%202M&pu=http%3A%2F%2F2m.ma%2Far%2Fsports%2F&pv=7.12.13&pyc=1&s=1&sdk=0&stc=1&stpe=0&tv=3.28.2&vb=1&vi=1&vl=90&wd=340&cae=0&cct=0&cdid=jwplayer-video&drm=0&ff=270&fsm=0&l=2&mk=mp4&mu=%2F%2Fd3hjh6d7n71rqm.cloudfront.net%2Fmediasfiles%2F2020%2F6%2F9%2F1591726947%2F1591726947%2F2020-06-09-192227.871552hatdd.mp4&pd=1&pdr=&pr=2&q=8&sp=0&tb=3.8&tt=0&vd=81&vs=3&sa=1591775555446
                                                                                                                                                                                https://ctamedia.net/update/account/Get hashmaliciousBrowse
                                                                                                                                                                                • ssl.p.jwpcdn.com/player/v/7.12.13/jwpsrv.js
                                                                                                                                                                                https://antykigabi.pl/modules/blocksupplier/translations/html/Get hashmaliciousBrowse
                                                                                                                                                                                • ssl.p.jwpcdn.com/player/v/7.12.13/provider.cast.js
                                                                                                                                                                                http://ducvinhqb.com/service.htmlGet hashmaliciousBrowse
                                                                                                                                                                                • www.bloglines.com/images/sub_modern11.gif
                                                                                                                                                                                http://veprogroup.com/go2amazon.phpGet hashmaliciousBrowse
                                                                                                                                                                                • www.bloglines.com/images/sub_modern11.gif

                                                                                                                                                                                Domains

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                www140.zwinky.comCuteWriter.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 74.113.237.64
                                                                                                                                                                                Avery label template #5351.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 74.113.237.64
                                                                                                                                                                                pipoffers.apnpartners.comOffercast2801_ARS_.ExeGet hashmaliciousBrowse
                                                                                                                                                                                • 23.54.113.153
                                                                                                                                                                                CuteWriter.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.183.133
                                                                                                                                                                                Avery label template #5351.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.183.133
                                                                                                                                                                                askmedia.map.fastly.netCuteWriter.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                CuteWriter.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                http://www.onlyonesearch.com/Search/?q=click2pay&displayUrl=https://icicibank.com/online-services/clicktopay/index_primer.page&resultType=organicGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                http://ducvinhqb.com/service.htmlGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                46ccf3a8.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                http://veprogroup.com/go2amazon.phpGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114

                                                                                                                                                                                ASN

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                GOOGLEUS13-01-21.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                NEW 01 13 2021.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                PO85937758859777.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                BankSwiftCopyUSD95000.pptGet hashmaliciousBrowse
                                                                                                                                                                                • 108.177.127.132
                                                                                                                                                                                Order_385647584.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                rB26M8hfIh.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 8.8.8.8
                                                                                                                                                                                brewin-Invoice024768-xlsx.HtmlGet hashmaliciousBrowse
                                                                                                                                                                                • 216.239.34.21
                                                                                                                                                                                WFLPGBTMZH.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 108.177.126.132
                                                                                                                                                                                PO#218740.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.98.99.30
                                                                                                                                                                                20210111 Virginie.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                20210113155320.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                13012021.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                Po-covid19 2372#w2..exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                FtLroeD5Kmr6rNC.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.204.150.5
                                                                                                                                                                                6blnUJRr4yKrjCS.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                Consignment Document PL&BL Draft.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                5DY3NrVgpI.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                xrxSVsbRli.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                3S1VPrT4IK.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                AOA4sx8Z7l.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                FASTLYUSrufus-2.9.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 185.199.108.153
                                                                                                                                                                                2CBPOfVTs5QeG8Z.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.0.133
                                                                                                                                                                                PortionPac Chemical Corp..htmlGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.195
                                                                                                                                                                                quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.195
                                                                                                                                                                                l0sjk3o.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.44
                                                                                                                                                                                COMFAM INVOICE.htmGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.195
                                                                                                                                                                                Shipping Documents PL&BL Draft.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.211
                                                                                                                                                                                atiflash_293.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.112.193
                                                                                                                                                                                e-card.htm .exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.194.109
                                                                                                                                                                                e-card.jpg .exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.66.109
                                                                                                                                                                                Payment.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.0.133
                                                                                                                                                                                inrfzFzDHR.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.0.133
                                                                                                                                                                                mailsearcher32.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.44
                                                                                                                                                                                mailsearcher64.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.44
                                                                                                                                                                                order.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.130.159
                                                                                                                                                                                http://message.mydopweb.comGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.14.208
                                                                                                                                                                                http://www.secured-mailsharepoint.online/Get hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.46
                                                                                                                                                                                https://webmail-4fd4rvt.web.app/?emailtoken=jmahler@vocera.com&domain=vocera.comGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.195
                                                                                                                                                                                http://search.hwatchtvnow.coGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.166
                                                                                                                                                                                https://www.ensonoelevate2021.com/event/8e8c2672-3b18-40b1-8efc-026ab72e6424/summary?environment=P2&5S%2CM3%2C8e8c2672-3b18-40b1-8efc-026ab72e6424=Get hashmaliciousBrowse
                                                                                                                                                                                • 199.232.136.157
                                                                                                                                                                                GOOGLEUS13-01-21.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                NEW 01 13 2021.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                PO85937758859777.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                BankSwiftCopyUSD95000.pptGet hashmaliciousBrowse
                                                                                                                                                                                • 108.177.127.132
                                                                                                                                                                                Order_385647584.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                rB26M8hfIh.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 8.8.8.8
                                                                                                                                                                                brewin-Invoice024768-xlsx.HtmlGet hashmaliciousBrowse
                                                                                                                                                                                • 216.239.34.21
                                                                                                                                                                                WFLPGBTMZH.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 108.177.126.132
                                                                                                                                                                                PO#218740.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.98.99.30
                                                                                                                                                                                20210111 Virginie.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                20210113155320.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                13012021.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                Po-covid19 2372#w2..exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                FtLroeD5Kmr6rNC.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.204.150.5
                                                                                                                                                                                6blnUJRr4yKrjCS.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                Consignment Document PL&BL Draft.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                5DY3NrVgpI.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                xrxSVsbRli.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                3S1VPrT4IK.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180
                                                                                                                                                                                AOA4sx8Z7l.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 34.102.136.180

                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                9e10692f1b7f78228b2d4e424db3a98cPolicyUpdate.htmGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                brewin-Invoice024768-xlsx.HtmlGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                2CBPOfVTs5QeG8Z.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                #U266b Audio_47720.wavv - - Copy.htmGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                PortionPac Chemical Corp..htmlGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                ACH PAYMENT REMlTTANCE.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                l0sjk3o.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                COMFAM INVOICE.htmGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                P396143.htmGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                ACH PAYMENT REMlTTANCE.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                sfk_setup.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                P166824.htmGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                e-card.htm .exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                e-card.jpg .exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                Payment.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                Test.HTMGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                mailsearcher32.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                mailsearcher64.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                Curriculo Laura.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                prints carlos bolsonaro.docmGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.114
                                                                                                                                                                                37f463bf4616ecd445d4a1937da06e19J04gSlH5wR.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                rufus-2.9.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                Invoice-ID43739424297.vbsGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                #U266b Audio_47720.wavv - - Copy.htmGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                Customer_Receivables_Aging_20210112_2663535345242424242.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                ACH PAYMENT REMlTTANCE.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                Listings.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                Transferencia,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                Dhl Client Invoice.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                64D5aP6jQz.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                P396143.htmGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                Code.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                UbisoftInstaller.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                New inquiry CON 20-10630.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                ACH PAYMENT REMlTTANCE.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                RLFGB8pdA6.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                MPnIQlfxon.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                tyoO13LUym.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                ORDER#9403.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184
                                                                                                                                                                                sample20210111-01.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                • 35.244.253.184

                                                                                                                                                                                Dropped Files

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\System.dll5d#U25a0.exeGet hashmaliciousBrowse
                                                                                                                                                                                  VpnClientInstall.exeGet hashmaliciousBrowse
                                                                                                                                                                                    FlashPlayerInstaller.exeGet hashmaliciousBrowse
                                                                                                                                                                                      Flash PlayerInstaller.exeGet hashmaliciousBrowse
                                                                                                                                                                                        vcruntime140.exeGet hashmaliciousBrowse
                                                                                                                                                                                          https://www.arcai.com/download/netcut.exeGet hashmaliciousBrowse
                                                                                                                                                                                            https://www.userbenchmark.com/resources/download/UserBenchMark.exeGet hashmaliciousBrowse
                                                                                                                                                                                              https://dxejw4oyledi.cloudfront.net/repository/servicestudio/11.8.7.29639/DevelopmentEnvironment-11.8.7 (Build 29639).exeGet hashmaliciousBrowse
                                                                                                                                                                                                INIS_EX.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  okayfreedomwr.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    30#Uff09.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      ShopAtHome_AppCore_7127_C78621646_D1_R1051591_B3.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        ace-stream-3-1-1-multi-win.exeGet hashmaliciousBrowse
                                                                                                                                                                                                          bomgar-scc-w0eyc301ijjj7jyyxygew8d6fzhye1wjij6z55gc40jc90.exeGet hashmaliciousBrowse
                                                                                                                                                                                                            SVClientSetup(3.3.2.17.0.1).exeGet hashmaliciousBrowse
                                                                                                                                                                                                              something-else-installer.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                TLDClip_CLIENT.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  0.200228.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                    WebClient-Setup-1.17.0.17.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                      webxvid-setup-on.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\AdvSplash.dll5d#U25a0.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                          30#Uff09.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                            0.200228.exeGet hashmaliciousBrowse

                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A38A4759-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):845320
                                                                                                                                                                                                                              Entropy (8bit):3.28308157459894
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:rCfjsUd5nJN8ZWUgRxpbMRTqWMQY2Vbb0za5pASRQ7swzKKsw3M17KWI6M+gZIeD:2P
                                                                                                                                                                                                                              MD5:0744B448E1A383312F759B6D754FC145
                                                                                                                                                                                                                              SHA1:107687F82B6648480C73E9B4A8CAA21A111B69FF
                                                                                                                                                                                                                              SHA-256:5E2F156A2EE58B05EB267F6B62F1496DE669E41D700021AB9164505684E9F4E0
                                                                                                                                                                                                                              SHA-512:38771655C249E7556CF8C9FD476664D8CD98831E9B05BE099639D653CAC95039546EE0568EEDB2049B8AFE9A470A69A38AB99397619E19D1EA8F1BAA8D771809
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{02EC3568-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.742963816305048
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwRGcpr4GwpaxG4pM/EG/HpXO/nsTGcpDh/MG6Xpjg/OYG5pDg/7G94pAOS/FuYP:rnZgQjmrNO/s5hCxgWpRg/As6H5h
                                                                                                                                                                                                                              MD5:768B83C0922E64986BC109A05B03D426
                                                                                                                                                                                                                              SHA1:16BEF35F7EC11EB27C78C04DE6B9244CA97BB5E3
                                                                                                                                                                                                                              SHA-256:D5055223F33F60616B293451B66AA30B29DF182725A83231652E980CE3D54580
                                                                                                                                                                                                                              SHA-512:1CB98A9514D162298FB2D2AC828CA0E700B9BC36572ACDF3939CC6AE171CFE11D0113451DD76405DDF46553BFD657B511D278012BA696E5B60C95A8527C7E5FF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{02EC3569-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.742676442643451
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:Iw+GcprPGwpa9G4pM/wG/HpXO/csTGcpDh/cG6Xpjg/hYG5pDg/TG94pAOS/orY/:riZ5Q/mvNOEs5hSxgJpRgHAQ6Hph
                                                                                                                                                                                                                              MD5:79464A3C4ADA5669A47FBB80324A59FC
                                                                                                                                                                                                                              SHA1:2768F5B6F81853B2F0799B2378C50D87EFC22C7B
                                                                                                                                                                                                                              SHA-256:CEF7F45B2A4D2BEDD3F1618F6A5A4359EFCAB346324CC28A50FB43CA024CB367
                                                                                                                                                                                                                              SHA-512:8DCAC895C0B1BF742150BC2DFF71C9EBB12791D8DFA4956D9B52B33CC22E3764EA8DDF68C410A48CD16ED78BB80EA14FD7732C54D69CB473B90E7DB07B36E6E6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B31AC6E-5607-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7419964528638996
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:Iwp0GcprffGwpaig7G4pM/iG/HpXO/usTGcpDh/DAIYG6Xpjg/DAqYG5pDg/DAZQ:rpoZfpQDdmJNOWs5hqxghpRgUAp6HYh
                                                                                                                                                                                                                              MD5:362C10DE4A5F64E5F793B10BECAA7819
                                                                                                                                                                                                                              SHA1:A06316E251AF2FBEA560DC5BA982D8C76F426137
                                                                                                                                                                                                                              SHA-256:8B2D87FD75E42D9DD3504C7DEDC57CA2FDF4165194E175ED5C21E61F4C0253B2
                                                                                                                                                                                                                              SHA-512:3F026C3AB773C0B5C23D4B2AFF3CB7AAE4F300A72B85E2D27507FB6E7987A3C77B170E85812E614124F356E24C858B3908940C4251224B883D45D31F4FB00640
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0C70D6F1-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.74250196532229
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:Iw1GcprMGwpanG4pM//WG/HpXO/QsTGcpDh/qWG6Xpjg/6YG5pDg/eWG94pAOS/y:rrZkQJmnNNO4s5hC8xgypRgmEAC6Huh
                                                                                                                                                                                                                              MD5:E4E890E219A7E405245C0559FF36DA31
                                                                                                                                                                                                                              SHA1:3154190130968C421300CF09DE2B7565060DA525
                                                                                                                                                                                                                              SHA-256:EAD215EF456069712A7C1D78EC7977D3E85A849BD0A4901511DF073160569E15
                                                                                                                                                                                                                              SHA-512:CCFB1E1E5D243FF50F0F873058DA8346B088B3E998ADE0C9F0973B677A4FAF024688954DB4250D5359D8DD87E95899EACA902D9937F7F47F2D72E00A45DF1F13
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0C70D6F2-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7402141649825051
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwhGcprXGwpaYG4pM/xG/HpXO/0sTGcpDh/fDoG6Xpjg/fnYG5pDg/f4G94pAOS5:rXZBQIm8NO8s5hCxgnpRgeA36Heh
                                                                                                                                                                                                                              MD5:FBB1F4F5107A305B9BE785E73D9A4CBA
                                                                                                                                                                                                                              SHA1:7248AC0376A03B8B2FDF1027FFFE838D1B6DB0A5
                                                                                                                                                                                                                              SHA-256:ADC07916105FA5A0038AAA097FE5ECF0FD9E9935490DF570E2646EF6D3C1C23F
                                                                                                                                                                                                                              SHA-512:71E70FE6FA7844999FC53D648200562A791C12878392CBD612C67B114933E21114B1A9440168B17BBD430BE2D11C063C4078D94BD1AF6323E93B60E9B67830B5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12A50449-5607-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.739790124729907
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:Iw1GcprbGwpaEG4pM/VG/HpXO/RsTGcpDh/QG6Xpjg/XYG5pDg/rG94pAOS/AvYP:rrZ1Q0m4NO5s5huxgfpRgPAc6H5h
                                                                                                                                                                                                                              MD5:95643A88A2D97D1E6DC5C9EC5166DD88
                                                                                                                                                                                                                              SHA1:89BA6C54F10051AF2C2D6A1C02C711D435D47FA7
                                                                                                                                                                                                                              SHA-256:6833FC8D866FA6E5E3B38168EE7E1435FA753C654553CADA9965E6BF6F1FF98A
                                                                                                                                                                                                                              SHA-512:CA395534801471AF9E76792AD4D52FA812AC8D7606EBF31519C2637E3383E3ED9091F4CCFFC7FE944991BFA7BA81479A8044EE035AF91AED482C6292FACF47D2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{167899B5-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7420832078505541
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwVGcprMGwpa1G4pM/QG/HpXO/2sTGcpDh/MG6Xpjg/6YG5pDg/cG94pAOS/SuYB:rLZkQnm/NOus5hCxgCpRgCAX6Hvh
                                                                                                                                                                                                                              MD5:38921055B7317F54F902FD7F2912AC70
                                                                                                                                                                                                                              SHA1:87DE7E1ACB831701C42CCF3A75050979D4683874
                                                                                                                                                                                                                              SHA-256:95EDC412D828A286CAFCF2CBA69F4C1AE440DECC1E263100598456FB2C218C1D
                                                                                                                                                                                                                              SHA-512:34262A1031EE73DDE1E96DEDF9276D25195ABD94214269D4CED042998C6C415A46D9734973ACE5089235C737F1A6F49A9C64275C908DF740BD93828ADB46A2E0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{167899B6-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7403762438611576
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwOGcprvGwpaKG4pM/fG/HpXO/8xsTGcpDh/UJG6Xpjg/UwYG5pDg/UOG94pAOSB:rSZZQqmKNOos5hOxgNpRg3A3c6Hzh
                                                                                                                                                                                                                              MD5:2C1E00D8BBC2DA25E125BEE137C8916A
                                                                                                                                                                                                                              SHA1:B0C8013965DECB6073A74FCC3FF5626E2813E07B
                                                                                                                                                                                                                              SHA-256:21A401D3E67930F91F2D8B9C756FD9D3AC1662CD2B35D9DCBD9A2120CA419C83
                                                                                                                                                                                                                              SHA-512:984CFF88E2DB34C0CF7DB30433DDE48ABDB605680F384A927095E4B26208C3B1321BAB1E7C5745051A3CBB26D4FD0A019A5976C91276DBBB5586F2B867D45B6D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A53F6F8-5607-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7416504388540452
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:Iw6GcprPGwpa2G4pM/zG/HpXO/1sTGcpDh/IG6Xpjg/rYG5pDg/7G94pAOS/7+YL:r+Z5QGmmNOts5hmxgDpRgfAC6Hth
                                                                                                                                                                                                                              MD5:B3FBCFD77FA50E15B9EE4263480451E8
                                                                                                                                                                                                                              SHA1:029A5CAE25F9B51A5897E9153DE1E121CBAAF4CB
                                                                                                                                                                                                                              SHA-256:9AC81A84CE17CB1286315679DC32D9073DEBD1A6FFB4D19B83854BFACB1A32D8
                                                                                                                                                                                                                              SHA-512:51DD2754C4CF3FB9ABFB0FCCDAD5885F16844721D239660F2BB57CC6847BF1C69A5FC628E3D595E2E6209912AC1DA9C0003EFB533F082A62FE60FF2AB63796AF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21037DAD-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.742352104542025
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:Iw0GcprjGwpaUG4pM/1G/HpXO/OsTGcpDh/8G6Xpjg/oYG5pDg/YG94pAOS/ALYB:roZ9QkmYNOGs5hyxgQpRg2A46Hvh
                                                                                                                                                                                                                              MD5:263822406C206BADE2BE7E2331F2EED7
                                                                                                                                                                                                                              SHA1:C193EF57E5FBD673FA594DC21C0F5C2C2BEC0367
                                                                                                                                                                                                                              SHA-256:00D1CCC24A3DEA75EF2709DC74403AF4F40C83CDE1F142A8FAABCD9F1308535B
                                                                                                                                                                                                                              SHA-512:A5E28BE6E2D384A7B629EE8B7FBBE12A15A66ED5C57263D83720710B90B437B283E341E3FB50BC50B08BB9B56AD064CAC1A6ED8B4EC4E2A957AD15AAEDEDA9CB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21037DAE-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.743739722302584
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:rZZGQAm8NO7s5hUkxgU5pRgUMAUF6H4wh:rZZGQAm8U7sXfxgQpRgfAU6Hzh
                                                                                                                                                                                                                              MD5:ECFE20A48817868FEFBEF1210376330B
                                                                                                                                                                                                                              SHA1:9C138472C1184864F2893C4FE37C0793E8A92AE0
                                                                                                                                                                                                                              SHA-256:6625795285052B2AAF8A0EC4FC407D5E7DD888207FA1448AD7F2517992330384
                                                                                                                                                                                                                              SHA-512:291118C9F5D46859BF477C4016B0E865BB6DF516FBA0DEADD2523552F468ADDF9A9FDA133CBAA6408D2ECAD3E4DF7DFE1DF0119DBF26BD1E3FDB9EECA854214D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2B637778-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7407461618352476
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwQ7GcprlGwpaoG4pM/5G/HpXO/GsTGcpDh/QG6Xpjg/2YG5pDg/oG94pAOS/owa:rYZvQ4mkNOes5h+xgupRgGAb6Hth
                                                                                                                                                                                                                              MD5:ECB0E93A4F9E1B1EA99666F64EB6DAD5
                                                                                                                                                                                                                              SHA1:CBCF3BE30328CCA36D7A8551364D63F70D80D055
                                                                                                                                                                                                                              SHA-256:628F1726767DDFF9F3879CB357C3AE7E84D45D1381AA9497CCBBA7427F91C4F8
                                                                                                                                                                                                                              SHA-512:B2870EE1E6B7B655A990A8CD0C45F63FAEB3B9655CDC06DC4FC46A9BCAF25693BAEA35A04B7BB414A2BB9A5CDE2EF9C43F17AA2D06838E3E06E4089A6935D3BA
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2B637779-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.743301683137778
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwEGcprlGwpa9G4pM/AG/HpXO/0sTGcpDh/PrAG6Xpjg/PAYG5pDg/PtG94pAOSC:rYZvQ/mvNOMs5hSxgApRgRAq6HSh
                                                                                                                                                                                                                              MD5:E6455626B11C4BECCCD9B7A94E1E244D
                                                                                                                                                                                                                              SHA1:972A30ED9CB976CDB11483BE1C580F9328D41B92
                                                                                                                                                                                                                              SHA-256:6A99FF0682A721FD4810AB2469DA3ECBAC865446406A1DBAF92AA29C78A640C7
                                                                                                                                                                                                                              SHA-512:02505A4882D1A023C4761DC90A70BABC552791651347BA29C4F18596A1AFC2B4C34BB04F496005A7643EF43332470FDDE876B514711BDD73EEB3CEB6EAC0FA1C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3407FD25-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):19032
                                                                                                                                                                                                                              Entropy (8bit):1.5850040143292738
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwrGcpr+Gwpa8G4pQ0GrapbSKrGQpKUG7HpR8sTGIpX2EGApm:rxZ2Qc6CBSKFAfT84FDg
                                                                                                                                                                                                                              MD5:C29914EA4047900596814B83E0F37B8D
                                                                                                                                                                                                                              SHA1:5DBDBA0F9148B47317C98DFEC6AA15E6D3DDB767
                                                                                                                                                                                                                              SHA-256:8A14E6089218A9A251A6BB68813CD238BF99CE0FD9507BBAEEB30CE50824C9C6
                                                                                                                                                                                                                              SHA-512:9CC8DE47C33C95B232A5C95B54CB1FCDDAF4CB9676721282E488FD3B5A8BD128D4DD5C2634125671DD95937A5F700012910E98FBBA0B0B10E55D35E9362AF7CF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3B4E0750-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.742890433707886
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:rEZdQwm8NO8s5hanxgaYpRga7EAa96H+0h:rEZdQwm8U8sX2xgPpRgZA66Hth
                                                                                                                                                                                                                              MD5:7534BC5F5805F3877C4F027535779460
                                                                                                                                                                                                                              SHA1:5CCDCAADAD9BB263EC4C8A636DF32ED077F0F111
                                                                                                                                                                                                                              SHA-256:85C53D4110859E94AB95D6B3E8A8ACBB5EBD4A608A8F9351EA78CB7260983EF1
                                                                                                                                                                                                                              SHA-512:4C74FEB0CEA800B35E75C543EB4323875198F8EFD6B3BC7A7A60D1BAE22E3AE556E7C7CB15D2C511229B9A52E6FBFB00C98B5431A351A22DE2AA602B1FB39613
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{441B13E7-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7392034269201508
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwUGcprlGwpad0G4pM/XG/HpXO/ksTGcpDh/EG6Xpjg/koYG5pDg/xG94pAOS/J6:rIZvQdEmSNO8s5hKxg8opRgFAO6H8h
                                                                                                                                                                                                                              MD5:53C10BB8E56565FFD6177EF51878D76C
                                                                                                                                                                                                                              SHA1:F6BB860B1DE8E64517348D45DDA2166AACBE0D57
                                                                                                                                                                                                                              SHA-256:D970A63B2B9BEC340D98858320FE6667F978C8CDE4F7C297D06646A064313DCB
                                                                                                                                                                                                                              SHA-512:4C42FFEE56B7BF56EA45B0CD50B555C228B1B92C5E5C21DB2F9B566DE43B3FE5C34880D810F69CF646DE4A7001E3994A7EB515BE8F1F903CA341DEC5443861DB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{441B13E8-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7407231787767725
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwjGcpryGwpaM7G4pM/hG/HpXO/isTGcpDh/4G6Xpjg/FYG5pDg/KG94pAOS/SB6:rZZ6QImcNOKs5hWxg9pRgoA46Hph
                                                                                                                                                                                                                              MD5:20F630697D6B7D528B0B4E29F8A0146C
                                                                                                                                                                                                                              SHA1:137659E1ACA1CBDD6763A4D0734770D245AA9393
                                                                                                                                                                                                                              SHA-256:2B0983E1D2BDF32CA793FB9D2FC3CA7A3BFECF4A2881F30C5DEA3245471DC294
                                                                                                                                                                                                                              SHA-512:60AC21A1667E5F18131B31E5F8300DE2800227CE6D5E2797EC7DB4584FF258E58C5B6C81EFEBE5C3FBA97CF9EA7250E8C1751DFF2E31B2204607AC56EA8BF032
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C249FE2-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.741258451836138
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:Iw+GcprzGwpa6G4pM/qG/HpXO/hsTGcpDh/PG6Xpjg/+YG5pDg/IG94pAOS/FCY6:riZtQ6mxNOps5hjxgGpRg2Ak6Hch
                                                                                                                                                                                                                              MD5:5F9B08B7C65BF4EB40D137EC53EE53EC
                                                                                                                                                                                                                              SHA1:AE233E83DB69DA9753112AC1F27507B104CB1316
                                                                                                                                                                                                                              SHA-256:D4DEBE4D9B7B7B76DC1A5F453545B7880CF46527FF2DD62783DDD82F0E029353
                                                                                                                                                                                                                              SHA-512:C0CF0AC452AF16A10CB05C8F2328C54357B2128329FD921E78361A5A8C01068ECAC8882E443080D630454276527C923ACB08EB2AD1EA1B5025D970DE1175B7E2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{52371BF4-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.739649339319663
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:Iw2GcprVGwpacG4pM/9G/HpXO/SXsTGcpDh/4G6Xpjg/WYG5pDg/QG94pAOS/X23:rqZ/Q8mQNOqs5h2xgupRguAu6Hkh
                                                                                                                                                                                                                              MD5:C13C34E2A9E0767BAD73CB9D72D7CBA1
                                                                                                                                                                                                                              SHA1:F1DC0BAC3145CE15E068F47EC33EB2C61614A43A
                                                                                                                                                                                                                              SHA-256:5CADF79E121ABD20BF56BE0D6EE95DA986B0263C1CEEA248E2B000FCC68FE998
                                                                                                                                                                                                                              SHA-512:83256E99C9556E41A49420A33C60FE8E40D7BA54FA7516694E224DC3F7728967586EC26000FB24F3DAFD27FA51B65595A79EF4747025BC0F48847F64DA6B3A68
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{58689681-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.740062072246277
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwXGcprSGwpa01G4pM/AUG/HpXO/msTGcpDh/YG6Xpjg/AdYG5pDg/aYG94pAOS4:rdZaQWmWNO+s5h2xg6pRgi+Ax06Hoh
                                                                                                                                                                                                                              MD5:9A67A2D575265CED405A531B77B17843
                                                                                                                                                                                                                              SHA1:7732BAACBD6777D899C676E53430245BAE6C57D2
                                                                                                                                                                                                                              SHA-256:ED195A6B84FDECF2652156D659BFF96A505F3911A1BF7FB34986BD387DE13885
                                                                                                                                                                                                                              SHA-512:26C4A9509A8C39031B15FD613371B13C7E3EA2CF13567C8670AB35F4AAAEF7C28C157F25893429D696EF19548B7093E53F3D45EA13E8B80C83DDF716A699569D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{58689682-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.739217665266449
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwZGcpr4GwpabG4pM/CG/HpXO/9sTGcpDh/n4G6Xpjg/HYG5pDg/HG94pAOS/WlM:r/ZgQ9mZNO1s5hPuxg/pRgDAA6Hzh
                                                                                                                                                                                                                              MD5:4E307105F18F128C4159BC0E3C92DB2F
                                                                                                                                                                                                                              SHA1:C122126E43F4C22CBA40AC08636D026A759401AD
                                                                                                                                                                                                                              SHA-256:42D47788DFEC917C40253152E129138DE092FFC85A6E0C4C159A54E64DB72DA8
                                                                                                                                                                                                                              SHA-512:002960B0F998C8BE5A34310A415D0B4427CBB70D8014D26903D3C1AD54560920342C7C918DCB976F22AE72B079BCE84850664FBF501220531CE60851023D48E6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{64C20262-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.742845417717456
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:r6ZVQhm1NOzs5hwPNxgwipRgw6AwP6HUDh:r6ZVQhm1UzsX6xgnpRgBAm6Hwh
                                                                                                                                                                                                                              MD5:8B9FF04A763CA927D7A5B21B4CC637B3
                                                                                                                                                                                                                              SHA1:86D8AEFB015EBC90BF094EEA21F97B33794BEAC7
                                                                                                                                                                                                                              SHA-256:1EAB18ECD490D66BBAEE4E022F57CEE1970D11F5C5B1E0DD2F88C83BEEA1D8E9
                                                                                                                                                                                                                              SHA-512:5F0DABA3DB8F6537C7687474365CBAB640E67945393801A331BA1D055F73B31DA75D024970473EAE52F8F0093C1A20CCF7335A55812855218B4F0B7792DD6A04
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6B7DC56B-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7412357460638546
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwdGcprsGwpaiG4pM/eUG/HpXO/posTGcpDh/EG6Xpjg/+YG5pDg/UG94pAOS/mb:rDZEQSmQNOis5hqxgmpRgKAv6HLh
                                                                                                                                                                                                                              MD5:93A379C28D9F89DD5DA61E634C3B298C
                                                                                                                                                                                                                              SHA1:8831C5CECD1E17C0B5F382E311DE3CE011D530C0
                                                                                                                                                                                                                              SHA-256:D0F198F45848427FCBEA200EA2205F22553A03270CD4AEF99E61872F223F343B
                                                                                                                                                                                                                              SHA-512:9B058EF17D07B681803140A0C05E365559DBE77528388160807F9AE2AB3093278539225A9374D8A61E6CAF2ABED551A0BA1C08E54738766F9ACA0A11E8E6A01F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{71AA7B54-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7371265262428244
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwGGcpr3Gwpaj5G4pM/vYG/HpXO/XsTGcpDh/1/G6Xpjg/CYG5pDg/7G94pAOS/X:raZhQjbmH/NOPs5hhxgapRgPAIX6Hxh
                                                                                                                                                                                                                              MD5:594EE270775126767B5900FC725E95C4
                                                                                                                                                                                                                              SHA1:0EE1D01EB52ED0B5F041BCFE5C164947582F520E
                                                                                                                                                                                                                              SHA-256:A2F75E3CCE01B98E0049041D5278E943A568FAA9DD19115A37D21635FFD3BFCC
                                                                                                                                                                                                                              SHA-512:BFBFE804168C84207C5B279724F0D2BE76875761A8D9044C96FD17269615CBB48B11EE9B8B344C40C100D4E69A45D7D3A354F89FA31D36AAE2F087E469B77234
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{78984FB1-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7406835409681962
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwfGcprKGwpatG4pM/YG/HpXO/UsTGcpDh/rWG6Xpjg/J+YG5pDg/hWG94pAOS/v:r1ZSQPmXNOss5hYxg4pRgqAb6H4h
                                                                                                                                                                                                                              MD5:96DFCA77FB69E0D386C1586861180D8C
                                                                                                                                                                                                                              SHA1:6FD26E7AF31C50834E917EFF982766DAA314B7C1
                                                                                                                                                                                                                              SHA-256:09D0FDDC20F42D702389B7130CB7FA650441AB5A0FC2C9BCA456ADF00AA602C1
                                                                                                                                                                                                                              SHA-512:2F5C44D9161BD2012FDC27D530C314EF8C045029BE95970C3409A76278D35DC043C2B6DB81A1845E41760F3773A7AEFF4CCD5ECB20547C61520701B89C0D52E2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{78984FB2-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):19032
                                                                                                                                                                                                                              Entropy (8bit):1.5837379284720712
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwAGcprpGwpafG4pQ3GrapbSXrGQpK6G7HpRGsTGIpX2HGApm:rkZDQx6LBSXFAVTG4F6g
                                                                                                                                                                                                                              MD5:FFB5CBBFEBB2BCFDF8F99A6E6651A5AC
                                                                                                                                                                                                                              SHA1:757CB4B17D8D1EA1CC883B3F558131EADF9299F5
                                                                                                                                                                                                                              SHA-256:9BEC70B6F23FB858B08402C1C345974779BBBB2B443E62297979483337CF32AB
                                                                                                                                                                                                                              SHA-512:79E5EE483DB836328A940601459A29856CB65CBC6A925CA487D9627B38B26FF70F532B0B1C8D3338A50EC945A8CCE132BE8F2274912BA2D06CEBDBA6423558DB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{859B0248-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7392585134854825
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwwGcprNGwpamG4pM/mG/HpXO/psTGcpDh/hNAG6Xpjg/hxYG5pDg/hDG94pAOS2:r0ZXQWm1NORs5h2xgrpRgVA+6HCh
                                                                                                                                                                                                                              MD5:91931729A64161BEB3F53CB747074A81
                                                                                                                                                                                                                              SHA1:76027A14AC1A6101FE614378BE02188C6078D284
                                                                                                                                                                                                                              SHA-256:DA366741DCA6911FAE22238ECCE5F81DC3B324FD32DF08D672984B7939ACF5A3
                                                                                                                                                                                                                              SHA-512:EB6BE908B604EE0347A106A89933F76479FCBD0E9A0468F90C6F6BFA31D0994FC2EF085011B2129AC4F19931D17090B8EC3C4AB785319CDBC9AC525493AABE02
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8CD78422-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7402041473071146
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwdGcprMGwpaSG4pM/3G/HpXO/UtsTGcpDh/8G6Xpjg/WtYG5pDg/5G94pAOS/g4:rDZkQimSNOUs5hCxg6pRgNAi6HRh
                                                                                                                                                                                                                              MD5:3C2B1696F9F0297291D786B8F3589CB7
                                                                                                                                                                                                                              SHA1:68995209AAFB5D6F5CA79F380E8C10FBF74456A4
                                                                                                                                                                                                                              SHA-256:87ACA72A4D474C2140ECD76EAB1B1E62A07FA0A762EF98E5C7005EC68C31753F
                                                                                                                                                                                                                              SHA-512:D157526189252A445D251C549EC1069F6FC64045595EB3C243A85C931F6E395F0B2D8CA96E02A1F9945B213E539B1A6F29ED01778F851A713BCDEF5C49A6B755
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{94166860-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7417645633598573
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwTGcprOGwpa3G4pM/OG/HpXO/msTGcpDh/hG6Xpjg/XxYG5pDg/fG94pAOS/zrg:rpZmQ5mNNOus5hFxg/xpRg7AP6HXh
                                                                                                                                                                                                                              MD5:4E71363DECE40C76F08D9BED630BBBC3
                                                                                                                                                                                                                              SHA1:11545D099B08052446F94FA2E692CE6A1FCE09B3
                                                                                                                                                                                                                              SHA-256:0E3D260C28774DAFCE77F893A148BE27FBDC4B8987090E67362B529B653059FB
                                                                                                                                                                                                                              SHA-512:CC8FACDB1F9421E9A36A9405D1710652D8A43EFB156B6AD8F7A83C7E7E46A19A84F914CADC07DDE16958D337C2B271BCD56BC92B92C30C15C0AB74B88764EFBC
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9AD952A6-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.741320692892043
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwVGcprsGwpag5G4pM/M3oG/HpXO/H0sTGcpDh/5G6Xpjg/GYG5pDg/3G94pAOSp:rLZEQgbmE/NOv0s5htxgupRgTAQ6Hnh
                                                                                                                                                                                                                              MD5:9B7EB959069E384BBA82827579CAC626
                                                                                                                                                                                                                              SHA1:6CC81303365BCEFE8C78B04D56288DF1C6F32621
                                                                                                                                                                                                                              SHA-256:A6DFBB79091F27FF0CD1FB60D85070214AF0AC5199DCF21B75963A62AC192334
                                                                                                                                                                                                                              SHA-512:94DF246B05F58E1F1EBA9F34F2EC63EDD1F0214650D1E5E65469048FB3A251C94D5EF7A928C28B9C3DFCCE43DA028B4CE9FB46E00A8D124A3CE469801C8FB98C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A17ADB96-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7401444318476738
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwgGcpr1GwpamG4pM/AAG/HpXO/osTGcpDh/hoG6Xpjg/9YG5pDg/EG94pAOS/xe:rEZfQWmYnNOgs5hIxgVpRgqAX6HDh
                                                                                                                                                                                                                              MD5:474A27A7C1C0D55BAB6DA757BD0D290D
                                                                                                                                                                                                                              SHA1:4B29A5236388BF30867E1DAE414EB37FA7F0F745
                                                                                                                                                                                                                              SHA-256:B8AC53FD651FC95382BDB2F0E789F6666608B5C0D5B25CD8004E6086E53C6631
                                                                                                                                                                                                                              SHA-512:3C4F3451CF98000F15454A93CE3604E2DB47BDD8B014DE5F3559B7BD804ECD61F7C9CDCA77BC3F7E795C82F581625CC28BA7546BE655663C374003C876A475F2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A38A475B-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7409363928032253
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwVGcprdGwpa1G4pM/oG/HpXO/AsTGcpDh/QG6Xpjg/3YG5pDg/goG94pAOS/o3k:rLZHQnmXNOIs5hexgPpRgIOAk6HHh
                                                                                                                                                                                                                              MD5:EDEDFE9A6C7E763BE0AA0EEC5C645F2B
                                                                                                                                                                                                                              SHA1:2838E8EC8C2B74AE32B93030AEA4BE1CCBF80B8D
                                                                                                                                                                                                                              SHA-256:ABE3E55387240C5B2ABD3A9E20BED0B833A36D6DF2E396D58FB76B3C62612FF2
                                                                                                                                                                                                                              SHA-512:F3B303D40DED0F76C642E017BB71FC960BBB362744238E1CF66AFBBCB743FF52D76B2DCA07A28787E0AC2A9A34A8EE95CD57B397B0021674C7EF53D648143D9C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A38A475C-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7422750875830997
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwVAGcprCGwpa2G4pM/bG/HpXO/3sTGcpDh/EG6Xpjg/QYG5pDg/mwG94pAOS/yy:rVkZqQGmONO/s5hqxg4pRgeGA1s6HRh
                                                                                                                                                                                                                              MD5:D15197F510A70589934DA1CAC50FAF56
                                                                                                                                                                                                                              SHA1:F1AB30A52D43E47427F9223919206111822AFB12
                                                                                                                                                                                                                              SHA-256:20451F44496E60E5F132221EEC1D1AC059E2985A5011EFD5460B0696B9A8D650
                                                                                                                                                                                                                              SHA-512:0EE8670F43FDD52AE0ED03A8E3FAFFD60D4B1B0723164A8B2D862F5351F6EBFBCD9931A318FC92B2A6C6A9734A34A924C72BA574E9D65AA59FCAB5D37E1EEC0E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ABC09B43-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7389038093281046
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwoGcprhGwpapG4pM/8G/HpXO/qsTGcpDh/VG6Xpjg/wXYG5pDg/eG94pAOS/7Gv:rcZ7QrmTNOCs5hhxg4pRgkAi6Hch
                                                                                                                                                                                                                              MD5:790E87203C9FA816D5382B4EAD21FCBA
                                                                                                                                                                                                                              SHA1:7A330634BEB00853FCFE59857C5251D89EA93556
                                                                                                                                                                                                                              SHA-256:B7F16943162FA3EE80811DBACFA249E7E7EAD8D598A4095979F7A7B1D96A1F01
                                                                                                                                                                                                                              SHA-512:0C0D7A45C55911FF72BECEB69620CC1DC9D395A17E2366AEDAED47A6B6700D8B579E090163941FC724B570339B5D3BCA086267BD9119E8FCCD5818EC687E5C4B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ACA13CD0-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7405033831177659
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwIGcprlGwpapG4pM/RWG/HpXO/ZsTGcpDh/RG6Xpjg/2YG5pDg/EG94pAOS/Cuv:r8ZvQrmZNNOhs5h1xgupRgaAP6HEh
                                                                                                                                                                                                                              MD5:C1F97A1928E5084F04061A4BA39B9EE0
                                                                                                                                                                                                                              SHA1:5CD20B26926654AE82A9D0A0992214D4EA53C1BC
                                                                                                                                                                                                                              SHA-256:2A6BF0BA66F4A2C469493F03127A3976954404299BE1AE102AD1B0FA299D5343
                                                                                                                                                                                                                              SHA-512:F819D6F94B44613D5144BF3A3C9073A5CCE6E3FAE6C5CF7FAFC261F2B3E109204491D8176CD7BDF0707F84760260F8843F28D5E3872F7DF7D87AD95DE5A4C20A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ACA13CD1-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7381835992835892
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwTGcprVGwpaZG4pM/aG/HpXO/nsTGcpDh/RG6Xpjg/HYG5pDg/jG94pAOS/N6Yn:rpZ/Q7mRNO/s5hFxgPpRgnAE6Hxh
                                                                                                                                                                                                                              MD5:B41F9786BD9C6099B652CC69AC42EE41
                                                                                                                                                                                                                              SHA1:F2D9DEF5CE83F9960C5EE6C78C2072154B1405EE
                                                                                                                                                                                                                              SHA-256:AA0E4E92C13FF9970858C56507EF2797A94CB8E60A828A003A60BDA778216C4A
                                                                                                                                                                                                                              SHA-512:E4743CF0497DF1635D75333CD085EF19E12B7C7049F274F3E1BCDF3B974ED76099BEC7999DA25099739DFA99C1A467187B9B6CCA5FDDAF8A6BEF5E3882D8A507
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B325A51F-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7397363529891259
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwNGcprSGwpahG4pM/cG/HpXO/esTGcpDh/3MG6Xpjg/WYG5pDg/RG94pAOS/5AP:rTZaQzmzNOWs5hSxg+pRgFAW6Hsh
                                                                                                                                                                                                                              MD5:A405523970E480C74A89F425D4AF34EC
                                                                                                                                                                                                                              SHA1:4DCD5A1FC987281C111DC10FFAEC4AA336474D5E
                                                                                                                                                                                                                              SHA-256:8378D7C740B0F707C6A54F15211199EBFBB3EDAFC76989428F4ED58A8652F718
                                                                                                                                                                                                                              SHA-512:0EB8892BAE32C7F01B8D25330C9C08FA9F40A7E86A5989364D9637BE65F3438B2F71318AA2D535552B35824161B1E884F1BA017D8AD09ABF6D114A0C5175A754
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B68EC5EB-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.740765162965827
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwxGcpr0GwpaJG4pM/4G/HpXO/MsTGcpDh/TG6Xpjg/xcYG5pDg/8G94pAOS/Hfd:rHZMQLm3NOks5hvxgGpRgCA36HGh
                                                                                                                                                                                                                              MD5:423BC62687C51D7FCE454CCBC66AB0CE
                                                                                                                                                                                                                              SHA1:DFE6C59490A94549008CFF3F4443030E1E240B94
                                                                                                                                                                                                                              SHA-256:AA4086E1CE3484CF9DA2584476F8D8D6ABEFCCDC4D87E796239E60AA9BE7EE73
                                                                                                                                                                                                                              SHA-512:6B4846CDA5617389D8884D62F9F771D420E156D798E6C15586ED6511FD38832AD41DD5EE5B3024795B3745B5086E2A5CDC0B7D409341B0030ADC30DC77C68EDE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B68EC5EC-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7416096080782977
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwVGcprcGwpagG4pM/pG/HpXO/jsTGcpDh/0zG6Xpjg/RYG5pDg/dG94pAOS/KT2:rLZUQAm0NO7s5hsXxg5pRgZAC6H1h
                                                                                                                                                                                                                              MD5:3BE8563F59E017609EEA09379D4B569D
                                                                                                                                                                                                                              SHA1:5ECFC87B66768366CD4061D815E089C714CB6B3E
                                                                                                                                                                                                                              SHA-256:DB3F229CEDBC22B3520135C0D619155DDCE53AB00B4A24EEE1DACC8E8012F22F
                                                                                                                                                                                                                              SHA-512:533AF6C0895A9AA0A1E5D963E0F5F047DF0AD46972ADE501703473EE10D121CF8C2861101DA0C61AE614A9791D48E3ACFD61C63C8BAD1141C3DEBEDAA2B52C65
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B9F21875-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.740853399846076
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwHGcprqGwpaNG4pM/0G/HpXO/GxsTGcpDh/MG6Xpjg/2YG5pDg/NG94pAOS/OrL:rtZyQvm7NOuxs5hyxgepRgpA+6Hkh
                                                                                                                                                                                                                              MD5:2F71AE588E04F1F739E19D32751986CE
                                                                                                                                                                                                                              SHA1:7C4DD4C5FAC9BD89C925C88E57F9F50E97F4E54E
                                                                                                                                                                                                                              SHA-256:E38AF7A1303646BA4C65F5141FA5EE090D03677B4E2670CDDE507BFF0EAACDB2
                                                                                                                                                                                                                              SHA-512:621FE28E041823C90BA2AB95AC1A93111C87AF6B3E78C5CD114153D86DFEAE96357008E5003A3729254875F1B137FAA28284EF575F9BAD0ABAE50DA4482C700D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BDD995C4-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.737550342957849
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:Iw6GcprPGwparG4pM/CG/HpXO/6sTGcpDh/MG6Xpjg/lYG5pDg/qG94pAOS/BjYO:r+Z5QtmpNOCs5hixgdpRg4Ad6H4h
                                                                                                                                                                                                                              MD5:A61AEA94CD84C75154E0995E3F2B80E4
                                                                                                                                                                                                                              SHA1:BF3962F2BBA471F205DDAC2308E2131E7C6B1111
                                                                                                                                                                                                                              SHA-256:02ACC49BD5785C1B3EF440038D59B27995DBD4B7AC1303CD1A108FD41982CDB4
                                                                                                                                                                                                                              SHA-512:BCE9F21D0BE8BFCFCEF7FEF72CC53EE014D71B6E8A1B6248A466A9E7FDA4612C3558871F5612337DE34D844E1FE4D615537A2F2FD15CA625CA479FBF8801686E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C14FFB3E-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7426134178919288
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwfGcprVGwpaI7G4pM/xxG/HpXO/MxsTGcpDh/sG6Xpjg/1YG5pDg/dG94pAOS/U:r1Z/QIdm5ENOUxs5hixg9pRgZAZ6Hlh
                                                                                                                                                                                                                              MD5:7A7646DE70DEA452A43F59678FB1179B
                                                                                                                                                                                                                              SHA1:ED664774D98CAECC91FD263C60E5D81EC0231435
                                                                                                                                                                                                                              SHA-256:D3AF17DC6101C5D95306BC41073EDEDD02D083D15329F3219B2291EEBDDB52BE
                                                                                                                                                                                                                              SHA-512:300A65D0A70010A68D36E0C2E168E22CE8419EDF1241BCCB1E94ACAF23A7E8908BD582B0EF2F53177653878CDE80969984AFE36FC1E60CA0936FFBF7588FB604
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C94E2040-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7437608669755054
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:rPZcQsmwNOCs5hxd+xgxspRgxaAxr6H1Hh:rPZcQsmwUCsXxd+xgxspRgxaAxr6H1Hh
                                                                                                                                                                                                                              MD5:B87E9240ED557A0B7C3312D9436CE507
                                                                                                                                                                                                                              SHA1:58F0B34EE0C4528C385A93B4E06FE0FD334FD4BC
                                                                                                                                                                                                                              SHA-256:F9BFE304953F0F51F36F0AF7F2F9A1FE1FAFABAD1CD8ABA114169F17916888E0
                                                                                                                                                                                                                              SHA-512:9AE33D09E424352D53E0A09DEFFCC4CD98268166F99D84C3B9498378327F80F645CAA5DB8D4B77B74979046773760FDA1F70742D45CDA019CAF9525950D028CD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C94E2041-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7436771316774833
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:rrZUQkm1NOps5h7Hxg7upRg7jA7E6Hfg/h:rrZUQkm1UpsXDxgypRgXAY6Huh
                                                                                                                                                                                                                              MD5:910CB483556ABD75A6CF3FFB629534CD
                                                                                                                                                                                                                              SHA1:CBFBBF2B8CE08C725FBFC81F04F48D3D62512A8C
                                                                                                                                                                                                                              SHA-256:AA943285E6267778EFB1AB45DE6C9F5B4D3F8EF6B43CA8F1E8CAE27C4AC0AC42
                                                                                                                                                                                                                              SHA-512:CD5947CE51907A02C94E02D95436B2FA783E367F91F23B9C068E2A64DF4EDDA8F23E506D9EB692D0D5345D36375D51B5D2BE6B4C73F79364317608F2C0D2004E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C9762347-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7384354161781381
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IweGcprLGwpafG4pM/2G/HpXO/3sTGcpDh/TG6Xpjg/JYG5pDg/oG94pAOS/PoYC:rCZFQxmVNO/s5hvxghpRgGAo6Hkh
                                                                                                                                                                                                                              MD5:FC4C2F4C98191F03226C1308287AD56F
                                                                                                                                                                                                                              SHA1:A44A18CF4CA6C3E358537166FDEE5CFDB7A342D7
                                                                                                                                                                                                                              SHA-256:56CE2107EC15C28A977676AEF1A529064B6108243D98CF30F7BC16C0DD39CB68
                                                                                                                                                                                                                              SHA-512:9D20A8190D838914B60BEC309B55748080B3F3B5843E71C3554067E6219883AF7A30D0A02EC49C92CA3674E8718A8A3E8C634F7D426732568B56DBA528C192CF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D4E38686-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.741134928611327
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:rWZpQOmuNOKts5hMnxgMGtpRgM1OAMzt6H4Vh:rWZpQOmuUusXIxgTpRg0OAA6H6h
                                                                                                                                                                                                                              MD5:F84DBB5C8E672B7214B90237A15DC8A1
                                                                                                                                                                                                                              SHA1:734A0DBF791A556EC41938E287224549A7CA52D8
                                                                                                                                                                                                                              SHA-256:39D9C928498FAE7B9971EE25D080B112E78FC281AEB1E244B66110AF78BA8220
                                                                                                                                                                                                                              SHA-512:9BC59A22A77A65CC288ED071C7383E21C59C3307BA578D6FF1F39D5DF579F3E742F01879672D1E9E53EC32450DEE433382562E615C09880706AC7D13EE3D4EB5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D86E0840-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7426440095292555
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwOGcprLGwpaPG4pM/uG/HpXO/fsTGcpDh/AG6Xpjg/sYG5pDg/cG94pAOS/0QYf:rSZFQBmdNOXs5hOxg0pRgyAD6H5h
                                                                                                                                                                                                                              MD5:A2AAE19B303B351BE7B8AFA815B5B1ED
                                                                                                                                                                                                                              SHA1:57E571FED52655CA37B6499E9A05409F3DFAB352
                                                                                                                                                                                                                              SHA-256:1F9667F2E97CC1F53E3CD59E8570C3C534B4650C0520C97EAFAE802875AB5D80
                                                                                                                                                                                                                              SHA-512:F700F9EE7EAA190461C18ED6F79412ED77A487D10B28DFB421C3C790455144A70D1DC8AD9B1021AB169D1AF02CFAEAB66C846F98F367ACC0B5F78B5064AEDCFB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D86E0841-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7418803047501032
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:Iwj0GcprlfGwpaeG4pM/DG/HpXO/CsTGcpDh/cG6Xpjg/uYG5pDg/gG94pAOS//n:r8ZvQemWNOas5hyxgWpRgOAw6HRh
                                                                                                                                                                                                                              MD5:949D1B9C9E626BE365111237F273BFEA
                                                                                                                                                                                                                              SHA1:2892FB34BA774285B1C32F0FB44A7308A3C7E26F
                                                                                                                                                                                                                              SHA-256:1C7225F0ABD77AEE4F57EEECFB7CC4314C9DC7A6B928A0DCD471D241BA43DF52
                                                                                                                                                                                                                              SHA-512:BAEB20DA75BBF21C39311C196CFDE3599A0265828B58BA27FEB9991F568EA081EE2AD0674EC4038553D47BB001AA30C1C8182325D35C4DA485C42B9B914DE072
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DFD751E6-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.741147938603662
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwMGcprEGwpaohG4pM/pG/HpXO/4sTGcpDh/3G6Xpjg/1YG5pDg/aG94pAOS/5v1:rQZ8QgmUNOAs5hLxg9pRg4AJ6Hmh
                                                                                                                                                                                                                              MD5:487D2F31FED3DC41637257A97615E3CB
                                                                                                                                                                                                                              SHA1:3BC37FE2F826293B22FAB0F7EA84175D45B99FDD
                                                                                                                                                                                                                              SHA-256:6237558F9223187CD21F3067F041E395F986B8BBD4D5CB1F0E976503A16DC752
                                                                                                                                                                                                                              SHA-512:A3C82ECEE2C28FF0E2FD7036AFF85EEC378E82CBC7DB3B9040CA1AF8C8FAE7150E46A97ED4B9881336889A0A9BA900D2C3C8A96DBDF4D32528B15BE392C4AABB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E1A3FC2B-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.741859238413408
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwzGcpraGwpaHG4pM/WG/HpXO/0sTGcpDh/AG6Xpjg/3YG5pDg/MG94pAOS/LfYe:rJZCQpm1NOMs5huxgvpRgSAz6HIh
                                                                                                                                                                                                                              MD5:65BA8AD8B93B7261402479D67A53B10C
                                                                                                                                                                                                                              SHA1:EFEB4763CCE8E269C1F180DB8C584EC79F09AEE4
                                                                                                                                                                                                                              SHA-256:FF5CA60277324981BA0F15A554B6B7BEAA353AFA418296F558FA8772160D8168
                                                                                                                                                                                                                              SHA-512:9A4E8954BB7725B421C50FADF511F4278153C41A91962C305BDDEB4EA88B6DCA259B892E3C141EF5D9F58620DD2F62F653E35CE100BEBE82A68C2EA9B67064E1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E78FCE7D-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7401167332649463
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IweGcprAGwpaWG4pM/rG/HpXO/csTGcpDh/8G6Xpjg/hYG5pDg/KG94pAOS/1HYs:rCZIQmmONOEs5hSxgJpRg4AN6HSh
                                                                                                                                                                                                                              MD5:53A8B1BB73F17C3D648F6FE7899CDA72
                                                                                                                                                                                                                              SHA1:6074ED5E2720C892398E95C8AF6768CD9B2F457E
                                                                                                                                                                                                                              SHA-256:2BE137D1E8EAB119854FF02E7070F7CE59A626E357DB6B34F2C832121E863DF8
                                                                                                                                                                                                                              SHA-512:C8A620A0E9D694873A2459048EC3EC7FCC2C2449E1C0CFC603C433F68E709FB8DFFC493E49AB62D6F7AA5EE00F47733E2BAB931A8C01732C84187B147A2ADF4B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E87EBDBA-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.743239867725511
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwfGcprGGwpaAG4pM/RG/HpXO/3sTGcpDh//YG6Xpjg/lYG5pDg/nG94pAOS/K56:r1ZeQgmMNO/s5hnOxgtpRgjAU6H5h
                                                                                                                                                                                                                              MD5:A470D907C9432905C60D84F5087A20A9
                                                                                                                                                                                                                              SHA1:68112E70B89793E221E4C83BC9722B90687B1C34
                                                                                                                                                                                                                              SHA-256:0BBC3E189943B0908B88CF09A6D01583EF8C3406458170A0B9DD347392E91241
                                                                                                                                                                                                                              SHA-512:392BBCC4605ED8EC7E21DC4AFE7B66B4906EF3FFFBCDBE0409E33A1CAB8D9F669E4C4108673A0AA468388B9BF6A0B6025D195B78CD35C6689A5382627FA3D703
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E87EBDBB-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.742306373716127
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwHGcprAGwpaBG4pM/UG/HpXO/IsTGcpDh/gG6Xpjg/KYG5pDg/IG94pAOS/LeY2:rtZIQTmbNOQs5hOxgipRgmAS6HQh
                                                                                                                                                                                                                              MD5:B3A22FCF57886134985027B7EBFC84F9
                                                                                                                                                                                                                              SHA1:F753192407583BC1B1222B17D092D48BD6EEE7F2
                                                                                                                                                                                                                              SHA-256:AFFA18854965B276DD90409B915A8CE67B5E4DFA695539DF21B2AA1BA807AB92
                                                                                                                                                                                                                              SHA-512:D5CA4B804B886A6A120F01C5B1A61E07438A289AB00BD5EEAC8044B8CCD5EFB9AC20B8652079E9D968DA0FD7059DA85D508839C062F58E49F93D0E28F077D464
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EF2E1003-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7404808056479038
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwO7GcprHGwpaKG4pM/fG/HpXO/TsTGcpDh/MG6Xpjg/AYG5pDg/HG94pAOS/tSS:ruZRQqmKNOLs5hixg4pRgDAg6Hph
                                                                                                                                                                                                                              MD5:8813014ED2640B14AC751303196BC4F9
                                                                                                                                                                                                                              SHA1:172AB7BCE3DFA51A17BE3D5CDE1C4B1C9DCCAF1D
                                                                                                                                                                                                                              SHA-256:27B370D0AC0732194EB72EF32E92E038D5D2304103A128A7773757BD45214AEC
                                                                                                                                                                                                                              SHA-512:982571B78B4597139FA248BB10AA365777B507390C8F7778E33C4C486CEA832A09923901D86E84BF2387DFB08EFC009AE5E9F7A719955863D3512E63FE3074B3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2775D27-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7416176561558774
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:r/Z1qQILmyNO/s5h6xgYSpRgYUAYp6H0R0h:r/Z1qQILmyU/sX6xg7pRgHAY6Hq0h
                                                                                                                                                                                                                              MD5:79EF44B06E167C9872C72BB08A5F1972
                                                                                                                                                                                                                              SHA1:D5A459E479D9E5EFCA44561EFAC9F64DC6A17627
                                                                                                                                                                                                                              SHA-256:2B11E93746D1F118E7506C7CA0B9F88A3D5E993CA1A710286156D1C9CDD631D9
                                                                                                                                                                                                                              SHA-512:3E392CC2AC1DE192AA43690EBC46A2265F727304DCDE14BCAE1CFE455A09C6D52D4FEBC96CF66DD9732B3F2A876E2C85295558B190D23FD3504B17E8FBDFC374
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2775D28-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7438386534972565
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwVGcproGwpazG4pM/CG/HpXO/KsTGcpDh/4G6Xpjg/DYG5pDg/kG94pAOS/jrYi:rLZwQFmZNOis5h2xgLpRgaAX6Hkh
                                                                                                                                                                                                                              MD5:BACDC63DFA06C4929C5E1081F0C08714
                                                                                                                                                                                                                              SHA1:EAADD38F88091A85F780C8D6FAC17AEDC7AA585F
                                                                                                                                                                                                                              SHA-256:936ADB68279A5719AE5A7E952939CD6479D5CFEC1518019754601190E4956CC0
                                                                                                                                                                                                                              SHA-512:0422013507804B7CB3DBA30A658C9828A45051B4B0D419528C0B6D854131B0FC5701510D2B6CA162B3A23F9A9124416CDE5719C04E8F02A1D3BAA058D6A961F4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA944C55-5606-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7398415217555083
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IweGcprIGwpaYG4pM/hG/HpXO/csTGcpDh/AG6Xpjg/xYG5pDg/WG94pAOS/KFYh:rCZQQImsNOEs5hOxgZpRgsA86Hvh
                                                                                                                                                                                                                              MD5:E06BA05AC36977E8BBA1ABDACA78A92D
                                                                                                                                                                                                                              SHA1:6457149A40FD936A393A822D56379BE5694AD180
                                                                                                                                                                                                                              SHA-256:450A0BDB99E3E65910A617C392606C9B8C91219772BBB3577A46E57948D545CF
                                                                                                                                                                                                                              SHA-512:F4EBB5C9A08C5C0D104E268A24BEBDA3F4FEDCC125E3380A02BDF36B2306180DB62E9225D1507D0537D14607721EA4B5C6E7323387FFFBB9E031CBC525D3EBE7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FBFE6136-5605-11EB-90E6-ECF4BB82F7E0}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Microsoft Word Document
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23640
                                                                                                                                                                                                                              Entropy (8bit):1.7410600494913686
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:IwvGcprWGwpasJG4pM/woG/HpXO/p0sTGcpDh/cG6Xpjg/vYG5pDg/XG94pAOS/n:rlZOQAmMNOB0s5hSxgHpRgzAw6Hph
                                                                                                                                                                                                                              MD5:09D6A7A5B3C4BB258882C9E89328E20D
                                                                                                                                                                                                                              SHA1:9BCA619538E867F754407343CC70B6EBAB1707F1
                                                                                                                                                                                                                              SHA-256:615F92949FB23E3D3D5AE1BA8D9CCD41E0470F44FF332F7BBFF62253E6712A2D
                                                                                                                                                                                                                              SHA-512:26541C4AD559BBA7408B6A05DA766B7D818B63AF280BEE4C8E5DF886E481E2B5647559463407A43EC08A1D05D3E6A3A9A7D52603F71E98EA96A6B2B9C52F8601
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\ErrorPageTemplate[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4336
                                                                                                                                                                                                                              Entropy (8bit):5.207912016937144
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:5Q5K5k5pvFehWrrarrZIrHd3FIQfOSCQ5K5k5pvFehWrrarrZIrHd3FIQfOS6:5GIydFPr81yHpBGvGIydFPr81yHpBGR
                                                                                                                                                                                                                              MD5:6159ABD64336CBA0EE5B0E18D39005A8
                                                                                                                                                                                                                              SHA1:878A28A13FC79E80457541D0D75A3713630959EC
                                                                                                                                                                                                                              SHA-256:A152AFA43222B69350F261EFDF2D8C616FE143BAD398CA5C2B02AD8862005DD1
                                                                                                                                                                                                                              SHA-512:4EA9DCCCBCD43CAEEB6DD67ECDFBA58CEFEA76BB3E8CA948E84FE301FCD77D6B84568E2BC59C6C22112FC2301E1B5146A2EE059651D93A1CCB37D72DC945E9F8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\ErrorPageTemplate[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2168
                                                                                                                                                                                                                              Entropy (8bit):5.207912016937144
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                                                                                                                                                                                                              MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                                                                                                                                                                                                              SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                                                                                                                                                                                                              SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                                                                                                                                                                                                              SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\background_gradient[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):453
                                                                                                                                                                                                                              Entropy (8bit):5.019973044227213
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                                                                                                                                                                                                              MD5:20F0110ED5E4E0D5384A496E4880139B
                                                                                                                                                                                                                              SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                                                                                                                                                                                                              SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                                                                                                                                                                                                              SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\bullet[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):447
                                                                                                                                                                                                                              Entropy (8bit):7.304718288205936
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                                                                              MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                                                                              SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                                                                              SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                                                                              SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\bullet[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):447
                                                                                                                                                                                                                              Entropy (8bit):7.304718288205936
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                                                                              MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                                                                              SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                                                                              SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                                                                              SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\down[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):748
                                                                                                                                                                                                                              Entropy (8bit):7.249606135668305
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                                                                              MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                                                                              SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                                                                              SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                                                                              SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\errorPageStrings[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4720
                                                                                                                                                                                                                              Entropy (8bit):5.164796203267696
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                                                                              MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                                                                              SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                                                                              SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                                                                              SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\errorPageStrings[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4720
                                                                                                                                                                                                                              Entropy (8bit):5.164796203267696
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                                                                              MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                                                                              SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                                                                              SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                                                                              SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\httpErrorPagesScripts[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12105
                                                                                                                                                                                                                              Entropy (8bit):5.451485481468043
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                                                                              MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                                                                              SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                                                                              SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                                                                              SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\httpErrorPagesScripts[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12105
                                                                                                                                                                                                                              Entropy (8bit):5.451485481468043
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                                                                              MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                                                                              SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                                                                              SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                                                                              SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\http_403[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):9170
                                                                                                                                                                                                                              Entropy (8bit):4.046190045670235
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:u3p9ZQw6Kj36a7gG7t3p9ZQw6Kj36a7gG7I:u3p/Qw6Rqb7t3p/Qw6Rqb7I
                                                                                                                                                                                                                              MD5:0467A0A2E83313DBAF7D36739576375D
                                                                                                                                                                                                                              SHA1:0B6F744604453C6F93280D3C689C960226A5919A
                                                                                                                                                                                                                              SHA-256:BEA2EDA86359E0ED9EA694C205C827C82D65AEBAACCDDFA765D63ADDFEF92CAE
                                                                                                                                                                                                                              SHA-512:03035F1BB829EA05F4B3465AE7B9FA34EB189162B63EBD205164BAA11B25D88DFDCE0A6433C772D617EB7B9E1DF38325C4CD12B1CDE64ED4F50975AE104675F5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>.... <title>HTTP 403 Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">.. </td>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\http_403[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4585
                                                                                                                                                                                                                              Entropy (8bit):4.046190045670235
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:upUw1V4VOBXvLwSZIPTC5f1a5TI7jn3GFa7KGuc1kpNc7K1rfQy:u3p9ZQw6Kj36a7gG7I
                                                                                                                                                                                                                              MD5:3215E2E80AA8B9FABA83D76AEF71F1B9
                                                                                                                                                                                                                              SHA1:C7582D414EE6A1DAE098F6DBBBF68ED9641D0023
                                                                                                                                                                                                                              SHA-256:D91C22EF6451561F346B8C8BC6F98897E2E5C28135A421EE946800F6C8451B24
                                                                                                                                                                                                                              SHA-512:690E4D62229AD14D3D842DABE986651B4CC2E4C873A50E5B7FC4FD539662A703690ECC70649ACEA7751E69CE6046489C0E6B05D24F0030D68773C67B3DCBAE00
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>.... <title>HTTP 403 Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">.. </td>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\info_48[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4113
                                                                                                                                                                                                                              Entropy (8bit):7.9370830126943375
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                                                                                                                                                                                                              MD5:5565250FCC163AA3A79F0B746416CE69
                                                                                                                                                                                                                              SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                                                                                                                                                                                                              SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                                                                                                                                                                                                              SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\info_48[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4113
                                                                                                                                                                                                                              Entropy (8bit):7.9370830126943375
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                                                                                                                                                                                                              MD5:5565250FCC163AA3A79F0B746416CE69
                                                                                                                                                                                                                              SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                                                                                                                                                                                                              SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                                                                                                                                                                                                              SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\ErrorPageTemplate[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2168
                                                                                                                                                                                                                              Entropy (8bit):5.207912016937144
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                                                                                                                                                                                                              MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                                                                                                                                                                                                              SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                                                                                                                                                                                                              SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                                                                                                                                                                                                              SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\ErrorPageTemplate[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2168
                                                                                                                                                                                                                              Entropy (8bit):5.207912016937144
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                                                                                                                                                                                                              MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                                                                                                                                                                                                              SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                                                                                                                                                                                                              SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                                                                                                                                                                                                              SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\background_gradient[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):453
                                                                                                                                                                                                                              Entropy (8bit):5.019973044227213
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                                                                                                                                                                                                              MD5:20F0110ED5E4E0D5384A496E4880139B
                                                                                                                                                                                                                              SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                                                                                                                                                                                                              SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                                                                                                                                                                                                              SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\background_gradient[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):453
                                                                                                                                                                                                                              Entropy (8bit):5.019973044227213
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                                                                                                                                                                                                              MD5:20F0110ED5E4E0D5384A496E4880139B
                                                                                                                                                                                                                              SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                                                                                                                                                                                                              SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                                                                                                                                                                                                              SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\bullet[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):447
                                                                                                                                                                                                                              Entropy (8bit):7.304718288205936
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                                                                              MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                                                                              SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                                                                              SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                                                                              SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\bullet[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):447
                                                                                                                                                                                                                              Entropy (8bit):7.304718288205936
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                                                                              MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                                                                              SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                                                                              SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                                                                              SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\down[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1496
                                                                                                                                                                                                                              Entropy (8bit):7.249606135668305
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:GeZ6oLiqkbDuU4fqzTrvMeBBlreZ6oLiqkbDuU4fqzTrvMeBBlE:pDeqkbiU6MTrFFMDeqkbiU6MTrFFE
                                                                                                                                                                                                                              MD5:D86D65C9C03C6696B6FAE4916E60D34C
                                                                                                                                                                                                                              SHA1:40C0C486CCEA1A0E5E09D66BCE1A89FF257119BF
                                                                                                                                                                                                                              SHA-256:6BA4914CFDA51106B82FA239C69920E64C53422AE8EE30B469045395110564A6
                                                                                                                                                                                                                              SHA-512:0A76905CCE651D50C0E81B62F2B7E3F56831D6F63847F16AF89835A70E956796D59780C77E066FECB701FCAC6B3A493CAAFBDE1F00022D76F8B635B3E0E3B80F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`..PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.....................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\down[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):748
                                                                                                                                                                                                                              Entropy (8bit):7.249606135668305
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                                                                              MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                                                                              SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                                                                              SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                                                                              SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\errorPageStrings[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4720
                                                                                                                                                                                                                              Entropy (8bit):5.164796203267696
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                                                                              MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                                                                              SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                                                                              SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                                                                              SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\errorPageStrings[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4720
                                                                                                                                                                                                                              Entropy (8bit):5.164796203267696
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                                                                              MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                                                                              SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                                                                              SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                                                                              SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\httpErrorPagesScripts[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12105
                                                                                                                                                                                                                              Entropy (8bit):5.451485481468043
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                                                                              MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                                                                              SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                                                                              SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                                                                              SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\httpErrorPagesScripts[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12105
                                                                                                                                                                                                                              Entropy (8bit):5.451485481468043
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                                                                              MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                                                                              SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                                                                              SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                                                                              SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\http_403[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4585
                                                                                                                                                                                                                              Entropy (8bit):4.046190045670235
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:upUw1V4VOBXvLwSZIPTC5f1a5TI7jn3GFa7KGuc1kpNc7K1rfQy:u3p9ZQw6Kj36a7gG7I
                                                                                                                                                                                                                              MD5:3215E2E80AA8B9FABA83D76AEF71F1B9
                                                                                                                                                                                                                              SHA1:C7582D414EE6A1DAE098F6DBBBF68ED9641D0023
                                                                                                                                                                                                                              SHA-256:D91C22EF6451561F346B8C8BC6F98897E2E5C28135A421EE946800F6C8451B24
                                                                                                                                                                                                                              SHA-512:690E4D62229AD14D3D842DABE986651B4CC2E4C873A50E5B7FC4FD539662A703690ECC70649ACEA7751E69CE6046489C0E6B05D24F0030D68773C67B3DCBAE00
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>.... <title>HTTP 403 Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">.. </td>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\http_403[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4585
                                                                                                                                                                                                                              Entropy (8bit):4.046190045670235
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:upUw1V4VOBXvLwSZIPTC5f1a5TI7jn3GFa7KGuc1kpNc7K1rfQy:u3p9ZQw6Kj36a7gG7I
                                                                                                                                                                                                                              MD5:3215E2E80AA8B9FABA83D76AEF71F1B9
                                                                                                                                                                                                                              SHA1:C7582D414EE6A1DAE098F6DBBBF68ED9641D0023
                                                                                                                                                                                                                              SHA-256:D91C22EF6451561F346B8C8BC6F98897E2E5C28135A421EE946800F6C8451B24
                                                                                                                                                                                                                              SHA-512:690E4D62229AD14D3D842DABE986651B4CC2E4C873A50E5B7FC4FD539662A703690ECC70649ACEA7751E69CE6046489C0E6B05D24F0030D68773C67B3DCBAE00
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>.... <title>HTTP 403 Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">.. </td>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\info_48[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4113
                                                                                                                                                                                                                              Entropy (8bit):7.9370830126943375
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                                                                                                                                                                                                              MD5:5565250FCC163AA3A79F0B746416CE69
                                                                                                                                                                                                                              SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                                                                                                                                                                                                              SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                                                                                                                                                                                                              SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\info_48[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4113
                                                                                                                                                                                                                              Entropy (8bit):7.9370830126943375
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                                                                                                                                                                                                              MD5:5565250FCC163AA3A79F0B746416CE69
                                                                                                                                                                                                                              SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                                                                                                                                                                                                              SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                                                                                                                                                                                                              SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\APNAnalytics[1].xml
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe
                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2409
                                                                                                                                                                                                                              Entropy (8bit):5.2547875849037124
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:cTTLy6Ps6FKSRUUFIART68hPjlsroWxIjDZsLvNvG:GPs7SRU6RTFt+j1FG
                                                                                                                                                                                                                              MD5:09F013BD2B9F955605DB4FB9DC8181D6
                                                                                                                                                                                                                              SHA1:7C7DAA97A13B64777E5DD2436DD0B3E3E164C451
                                                                                                                                                                                                                              SHA-256:342FB69A2737230A473C89A53F272FA08C39577CFA4A8F19187EF0F108016DC1
                                                                                                                                                                                                                              SHA-512:41707AFCE06A1A1257DC4C2787935F944A471A8A509DDE88EE31C2DF85460C13F4E2E6882F780FC96357C8A3A380C4DAA906231156684AB141DC5310C6610485
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<root>.. <GeneralParameters>.. <PreviousX>250</PreviousX>.. <PreviousY>37</PreviousY>.. <NextX>169</NextX>.. <NextY>37</NextY>.. <CancelX>88</CancelX>.. <CancelY>37</CancelY>.. <Height>399</Height>.. <Width>513</Width>.. <bgColor>EFEBDF</bgColor>.. <RegistryKey>HKEY_CURRENT_USER\Software\APN PIP\Analytics\{partnerid}</RegistryKey>.. <ReportSever>anx.apnanalytics.com/200/pip/test.gif?</ReportSever>.. <PIPReportSever>pipoffers.apnpartners.com/PIP/OfferAccept.jhtml</PIPReportSever>.. <HideEula>1</HideEula>.. <DefaultUiReadyTimeout>15</DefaultUiReadyTimeout>.. <GetServer>http://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&amp;language={locale}&amp;version={version}</GetServer>.. </GeneralParameters>.. <stringtable>.. <Language langID="en">.. <string id="STRID_TITLE">FrostWire Setup</string>.. <string id="STRID_TEXT1">Press Page Down to see the rest of the agreement.</st
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\ErrorPageTemplate[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2168
                                                                                                                                                                                                                              Entropy (8bit):5.207912016937144
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                                                                                                                                                                                                              MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                                                                                                                                                                                                              SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                                                                                                                                                                                                              SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                                                                                                                                                                                                              SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\ErrorPageTemplate[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2168
                                                                                                                                                                                                                              Entropy (8bit):5.207912016937144
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                                                                                                                                                                                                              MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                                                                                                                                                                                                              SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                                                                                                                                                                                                              SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                                                                                                                                                                                                              SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\background_gradient[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):453
                                                                                                                                                                                                                              Entropy (8bit):5.019973044227213
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                                                                                                                                                                                                              MD5:20F0110ED5E4E0D5384A496E4880139B
                                                                                                                                                                                                                              SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                                                                                                                                                                                                              SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                                                                                                                                                                                                              SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\background_gradient[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):453
                                                                                                                                                                                                                              Entropy (8bit):5.019973044227213
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                                                                                                                                                                                                              MD5:20F0110ED5E4E0D5384A496E4880139B
                                                                                                                                                                                                                              SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                                                                                                                                                                                                              SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                                                                                                                                                                                                              SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\bullet[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):447
                                                                                                                                                                                                                              Entropy (8bit):7.304718288205936
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                                                                              MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                                                                              SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                                                                              SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                                                                              SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\bullet[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):447
                                                                                                                                                                                                                              Entropy (8bit):7.304718288205936
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                                                                              MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                                                                              SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                                                                              SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                                                                              SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\down[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):748
                                                                                                                                                                                                                              Entropy (8bit):7.249606135668305
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                                                                              MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                                                                              SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                                                                              SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                                                                              SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\down[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):748
                                                                                                                                                                                                                              Entropy (8bit):7.249606135668305
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                                                                              MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                                                                              SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                                                                              SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                                                                              SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\errorPageStrings[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4720
                                                                                                                                                                                                                              Entropy (8bit):5.164796203267696
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                                                                              MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                                                                              SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                                                                              SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                                                                              SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\errorPageStrings[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):9440
                                                                                                                                                                                                                              Entropy (8bit):5.164796203267696
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:JsUOG1yNlX6ZzWpHOWLia16Cb7b4sUOG1yNlX6ZzWpHOWLia16Cb7bk:JsDhpNOWLiIb7b4sDhpNOWLiIb7bk
                                                                                                                                                                                                                              MD5:9FDEE838E7C036092E81A4E7CC949643
                                                                                                                                                                                                                              SHA1:364FC6C36972FFD803E5999AD501F3D7A2216FDF
                                                                                                                                                                                                                              SHA-256:C6BF586821E13F7F6D6EF75AA82E69BD5E3E1336615C85AE513C70704F5C0787
                                                                                                                                                                                                                              SHA-512:622BC3BD9F0615C191B03F2E8D018867C9D9ADCF1015DA5FB4D3462D71512B72558B32CA9F74A925C150B57FD232ABD48AFFC8D32128C50540DF02FCA8ECBB2B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\httpErrorPagesScripts[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12105
                                                                                                                                                                                                                              Entropy (8bit):5.451485481468043
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                                                                              MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                                                                              SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                                                                              SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                                                                              SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\httpErrorPagesScripts[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12105
                                                                                                                                                                                                                              Entropy (8bit):5.451485481468043
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                                                                              MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                                                                              SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                                                                              SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                                                                              SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\http_403[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4585
                                                                                                                                                                                                                              Entropy (8bit):4.046190045670235
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:upUw1V4VOBXvLwSZIPTC5f1a5TI7jn3GFa7KGuc1kpNc7K1rfQy:u3p9ZQw6Kj36a7gG7I
                                                                                                                                                                                                                              MD5:3215E2E80AA8B9FABA83D76AEF71F1B9
                                                                                                                                                                                                                              SHA1:C7582D414EE6A1DAE098F6DBBBF68ED9641D0023
                                                                                                                                                                                                                              SHA-256:D91C22EF6451561F346B8C8BC6F98897E2E5C28135A421EE946800F6C8451B24
                                                                                                                                                                                                                              SHA-512:690E4D62229AD14D3D842DABE986651B4CC2E4C873A50E5B7FC4FD539662A703690ECC70649ACEA7751E69CE6046489C0E6B05D24F0030D68773C67B3DCBAE00
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>.... <title>HTTP 403 Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">.. </td>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\http_403[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4585
                                                                                                                                                                                                                              Entropy (8bit):4.046190045670235
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:upUw1V4VOBXvLwSZIPTC5f1a5TI7jn3GFa7KGuc1kpNc7K1rfQy:u3p9ZQw6Kj36a7gG7I
                                                                                                                                                                                                                              MD5:3215E2E80AA8B9FABA83D76AEF71F1B9
                                                                                                                                                                                                                              SHA1:C7582D414EE6A1DAE098F6DBBBF68ED9641D0023
                                                                                                                                                                                                                              SHA-256:D91C22EF6451561F346B8C8BC6F98897E2E5C28135A421EE946800F6C8451B24
                                                                                                                                                                                                                              SHA-512:690E4D62229AD14D3D842DABE986651B4CC2E4C873A50E5B7FC4FD539662A703690ECC70649ACEA7751E69CE6046489C0E6B05D24F0030D68773C67B3DCBAE00
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>.... <title>HTTP 403 Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">.. </td>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\info_48[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4113
                                                                                                                                                                                                                              Entropy (8bit):7.9370830126943375
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                                                                                                                                                                                                              MD5:5565250FCC163AA3A79F0B746416CE69
                                                                                                                                                                                                                              SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                                                                                                                                                                                                              SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                                                                                                                                                                                                              SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\info_48[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):8226
                                                                                                                                                                                                                              Entropy (8bit):7.9370830126943375
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:WNrzFoQSJPnvzs6rSNrzFoQSJPnvzs6rL:oX6PN8X6PNL
                                                                                                                                                                                                                              MD5:8DD2083A362E5D0D6361C004677E3D19
                                                                                                                                                                                                                              SHA1:C0B8748FB63A6F974EBAD30E69FA8318AD655CE5
                                                                                                                                                                                                                              SHA-256:808D1EBDB13BEDDA0DC9C4C3A38E3EDD1084E1F62481501641BF74354AB9097E
                                                                                                                                                                                                                              SHA-512:305818BEC504CA44341820F2A8254011916CDE768D99B20FCC06A4115936F59FE07574AC168A513D94DE985E854DA9BBD05780D2D7848B00304A0A32D06C564B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\ErrorPageTemplate[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2168
                                                                                                                                                                                                                              Entropy (8bit):5.207912016937144
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                                                                                                                                                                                                              MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                                                                                                                                                                                                              SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                                                                                                                                                                                                              SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                                                                                                                                                                                                              SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\ErrorPageTemplate[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2168
                                                                                                                                                                                                                              Entropy (8bit):5.207912016937144
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                                                                                                                                                                                                              MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                                                                                                                                                                                                              SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                                                                                                                                                                                                              SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                                                                                                                                                                                                              SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\background_gradient[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):453
                                                                                                                                                                                                                              Entropy (8bit):5.019973044227213
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                                                                                                                                                                                                              MD5:20F0110ED5E4E0D5384A496E4880139B
                                                                                                                                                                                                                              SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                                                                                                                                                                                                              SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                                                                                                                                                                                                              SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\background_gradient[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):453
                                                                                                                                                                                                                              Entropy (8bit):5.019973044227213
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                                                                                                                                                                                                              MD5:20F0110ED5E4E0D5384A496E4880139B
                                                                                                                                                                                                                              SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                                                                                                                                                                                                              SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                                                                                                                                                                                                              SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\bullet[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):447
                                                                                                                                                                                                                              Entropy (8bit):7.304718288205936
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                                                                              MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                                                                              SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                                                                              SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                                                                              SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\bullet[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):447
                                                                                                                                                                                                                              Entropy (8bit):7.304718288205936
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                                                                              MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                                                                              SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                                                                              SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                                                                              SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\down[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):748
                                                                                                                                                                                                                              Entropy (8bit):7.249606135668305
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                                                                              MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                                                                              SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                                                                              SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                                                                              SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\down[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):748
                                                                                                                                                                                                                              Entropy (8bit):7.249606135668305
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                                                                              MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                                                                              SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                                                                              SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                                                                              SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\errorPageStrings[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4720
                                                                                                                                                                                                                              Entropy (8bit):5.164796203267696
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                                                                              MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                                                                              SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                                                                              SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                                                                              SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\errorPageStrings[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4720
                                                                                                                                                                                                                              Entropy (8bit):5.164796203267696
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                                                                              MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                                                                              SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                                                                              SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                                                                              SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\httpErrorPagesScripts[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12105
                                                                                                                                                                                                                              Entropy (8bit):5.451485481468043
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                                                                              MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                                                                              SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                                                                              SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                                                                              SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\httpErrorPagesScripts[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12105
                                                                                                                                                                                                                              Entropy (8bit):5.451485481468043
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                                                                              MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                                                                              SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                                                                              SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                                                                              SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\http_403[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4585
                                                                                                                                                                                                                              Entropy (8bit):4.046190045670235
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:upUw1V4VOBXvLwSZIPTC5f1a5TI7jn3GFa7KGuc1kpNc7K1rfQy:u3p9ZQw6Kj36a7gG7I
                                                                                                                                                                                                                              MD5:3215E2E80AA8B9FABA83D76AEF71F1B9
                                                                                                                                                                                                                              SHA1:C7582D414EE6A1DAE098F6DBBBF68ED9641D0023
                                                                                                                                                                                                                              SHA-256:D91C22EF6451561F346B8C8BC6F98897E2E5C28135A421EE946800F6C8451B24
                                                                                                                                                                                                                              SHA-512:690E4D62229AD14D3D842DABE986651B4CC2E4C873A50E5B7FC4FD539662A703690ECC70649ACEA7751E69CE6046489C0E6B05D24F0030D68773C67B3DCBAE00
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>.... <title>HTTP 403 Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">.. </td>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\http_403[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4585
                                                                                                                                                                                                                              Entropy (8bit):4.046190045670235
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:upUw1V4VOBXvLwSZIPTC5f1a5TI7jn3GFa7KGuc1kpNc7K1rfQy:u3p9ZQw6Kj36a7gG7I
                                                                                                                                                                                                                              MD5:3215E2E80AA8B9FABA83D76AEF71F1B9
                                                                                                                                                                                                                              SHA1:C7582D414EE6A1DAE098F6DBBBF68ED9641D0023
                                                                                                                                                                                                                              SHA-256:D91C22EF6451561F346B8C8BC6F98897E2E5C28135A421EE946800F6C8451B24
                                                                                                                                                                                                                              SHA-512:690E4D62229AD14D3D842DABE986651B4CC2E4C873A50E5B7FC4FD539662A703690ECC70649ACEA7751E69CE6046489C0E6B05D24F0030D68773C67B3DCBAE00
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>.... <title>HTTP 403 Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">.. </td>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\info_48[1]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4113
                                                                                                                                                                                                                              Entropy (8bit):7.9370830126943375
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                                                                                                                                                                                                              MD5:5565250FCC163AA3A79F0B746416CE69
                                                                                                                                                                                                                              SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                                                                                                                                                                                                              SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                                                                                                                                                                                                              SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\info_48[2]
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4113
                                                                                                                                                                                                                              Entropy (8bit):7.9370830126943375
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                                                                                                                                                                                                              MD5:5565250FCC163AA3A79F0B746416CE69
                                                                                                                                                                                                                              SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                                                                                                                                                                                                              SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                                                                                                                                                                                                              SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\APNAnalytics.xml
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe
                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                              Size (bytes):2409
                                                                                                                                                                                                                              Entropy (8bit):5.2547875849037124
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:cTTLy6Ps6FKSRUUFIART68hPjlsroWxIjDZsLvNvG:GPs7SRU6RTFt+j1FG
                                                                                                                                                                                                                              MD5:09F013BD2B9F955605DB4FB9DC8181D6
                                                                                                                                                                                                                              SHA1:7C7DAA97A13B64777E5DD2436DD0B3E3E164C451
                                                                                                                                                                                                                              SHA-256:342FB69A2737230A473C89A53F272FA08C39577CFA4A8F19187EF0F108016DC1
                                                                                                                                                                                                                              SHA-512:41707AFCE06A1A1257DC4C2787935F944A471A8A509DDE88EE31C2DF85460C13F4E2E6882F780FC96357C8A3A380C4DAA906231156684AB141DC5310C6610485
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<root>.. <GeneralParameters>.. <PreviousX>250</PreviousX>.. <PreviousY>37</PreviousY>.. <NextX>169</NextX>.. <NextY>37</NextY>.. <CancelX>88</CancelX>.. <CancelY>37</CancelY>.. <Height>399</Height>.. <Width>513</Width>.. <bgColor>EFEBDF</bgColor>.. <RegistryKey>HKEY_CURRENT_USER\Software\APN PIP\Analytics\{partnerid}</RegistryKey>.. <ReportSever>anx.apnanalytics.com/200/pip/test.gif?</ReportSever>.. <PIPReportSever>pipoffers.apnpartners.com/PIP/OfferAccept.jhtml</PIPReportSever>.. <HideEula>1</HideEula>.. <DefaultUiReadyTimeout>15</DefaultUiReadyTimeout>.. <GetServer>http://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&amp;language={locale}&amp;version={version}</GetServer>.. </GeneralParameters>.. <stringtable>.. <Language langID="en">.. <string id="STRID_TITLE">FrostWire Setup</string>.. <string id="STRID_TEXT1">Press Page Down to see the rest of the agreement.</st
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\apn_pip_local\objectmodel.js
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe
                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1297
                                                                                                                                                                                                                              Entropy (8bit):4.122551884453584
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:b2T2F618z2F6U3k30Evu6uWHXN2aaHYBJw3mkcSND:bgE6CzE6U0EEvA+X3aHYBi2kjh
                                                                                                                                                                                                                              MD5:74971AF79ED0EE64DE22865D87668BA5
                                                                                                                                                                                                                              SHA1:1114A1316A7BA38C8B9C6B31AF4DAFDF81B89C29
                                                                                                                                                                                                                              SHA-256:C0B255F7E25694ADA6447EF6A9602EEFFB3914B2026A6A245ED7501D8748C90B
                                                                                                                                                                                                                              SHA-512:899465E49EAFB1A0DCE6864471DF6D75A1603BDAA60C93B6933334B8E09E4015784D089142A92027E4FB7FBD8350535DDFC9BE399D9E490C46343EB0AC7616F3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: var objectModel = {};..objectModel.initialized = false;....function init() {.. if (objectModel.initialized === false && typeof window !== "undefined" &&.. typeof window.external !== "undefined") {.... logger = {};.. _logger = window.external.GetObject("logger");.. .. .. try {.. logger.log = function(var1) {.. return _logger.log(var1);.. };.. logger.error = function(var1) {.. return _logger.error(var1);.. };.. logger.debug = function(var1) {.. return _logger.debug(var1);.. };.. logger.info = function(var1) {.. return _logger.info(var1);.. };.. logger.warn = function(var1) {.. return _logger.warn(var1);.. };.. logger.group = function(var1) {.. return _logger.group(var1);.. };.. logger.dir = function(var1) {..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\apn_pip_local\orchestrator.html
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe
                                                                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1842
                                                                                                                                                                                                                              Entropy (8bit):5.161988778490562
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:Sq5EuChNvfo3Be/Z9I4aN7h4Le2kiK4aNB72+yizEAIdEAtgWzX9it:S6h6NvfNSCrHM8iBe1zI
                                                                                                                                                                                                                              MD5:E8F54316A55A37F862112B008A5AF7B0
                                                                                                                                                                                                                              SHA1:B8D87B5A06B99999A26D735C21C6D4C393BB4063
                                                                                                                                                                                                                              SHA-256:68081FB47AFB3039A37845BFCCBC322BE04E5A68C672D9DA3D4CB90D712DD6E9
                                                                                                                                                                                                                              SHA-512:E6F03FCC0D3D17536C2036812DAD09485B819490262BF7451426B4A29059DA5305F35316DC9C7A076C1F4A835FC2B2827147AB77726AD394809D2920480530E5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <HTML>..<HEAD>...<script type="text/javascript" src="./objectModel.js"></script>.. .<script type="text/javascript" src="./rules.js"></script>. ...<script type="text/javascript">....var primaryTlbrID = getURLParameters("PTBPartnerID");....var satTlbrID. = getURLParameters("STBPartnerID");....var pipPartnerID = getURLParameters("PIPPID");....var tbType=getURLParameters("tbType");....var version=getURLParameters("version");....var paramName;..........function getURLParameters(paramName) ....{..........var sURL = window.document.URL.toString(); .....if (sURL.indexOf("?") > 0).....{......var arrParams = sURL.split("?"); ......var arrURLParams = arrParams[1].split("&"); ......var arrParamNames = new Array(arrURLParams.length);......var arrParamValues = new Array(arrURLParams.length); ......var i = 0;......for (i=0;i<arrURLParams.length;i++)......{.......var sParam = arrURLParams[i].split("=");.......arrParamNames[i] = sParam[0];.......if (sParam[1] != "")........arrPara
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\apn_pip_local\rules.js
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):13143
                                                                                                                                                                                                                              Entropy (8bit):5.630441681993109
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:kWslK0mzjBMswpTqrRhszBz1y4lLFDpZzqnCRB/5z55nlxhRynraRVAHLXhyt:kWs0LCpTqr4znptoMNt5FVRynsYXW
                                                                                                                                                                                                                              MD5:17AB4529C8627F1FFA233F5B213D8060
                                                                                                                                                                                                                              SHA1:9E5AD7EE42EE58D7E727BF54D5BBFB2A7ECB6D49
                                                                                                                                                                                                                              SHA-256:8FD9A8C0157EE05D3155C0C7D69F57E0C7303E2BCADCF50634D80730BC88D8FA
                                                                                                                                                                                                                              SHA-512:3739B76970DC6A84820D230119165668C3B90C5659BBBC869B41D05ED5AC84EAE9E3813DD3A0DB4AAA8454F3263FC7F0A2AEB388855AC18BDBFDDFAB77CB67EA
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: var regsistryPathx64 = "HKEY_LOCAL_MACHINE\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\";..var registryPathx86 = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\";..var checkObj;..var n;..var registryPath;..var regValue="";..var partnerID;..var v5toolbarOffered = false;..var v6SaturationToolbarOfferFlag = false;..var overinstallFlag=false;..var v5Offerpresented="7:Saturation offer was not made because primary offer was made";..var unsupportedBrowser="2:Unsupported default browser";..var blocklistedPartner="5:Block V6 ? New toolbar listed in the block list";..var v6SatInstalled="4:Prior toolbar typet (Shopping)";..var v5ToolbarInstalled ="1:Offer cannot be installed as offer already exists";..var reasonString="";....var jsonString={.. "blocklistedPartners": [],.. "makeofferdisabled": [.."WCL2","ACDS","ADS","AF3-SRS","AGH","ALSV5-DL","AM2","AM3","AMG","APLV5","APL1V5","APL2V5","ASDGS","ATR","ATU","ATU-DL","ATU-ASK","ATU-QBD","ATU-SRS","AXBX","BBY","BBY-SRS","BBY2","BB
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\apn_pip_local\tb.png
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe
                                                                                                                                                                                                                              File Type:PNG image data, 500 x 320, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):13389
                                                                                                                                                                                                                              Entropy (8bit):7.953294162664782
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:UXkxeQFxBbJ32ynlw+WTmVjXLWamYgU7mrM8:UXkdT1w+GOgUSt
                                                                                                                                                                                                                              MD5:2A753A1848396D99D4D928A49FEBBEF3
                                                                                                                                                                                                                              SHA1:000383E3AB3113F98FC80AF9E35219D46DD7E275
                                                                                                                                                                                                                              SHA-256:3AF3197144DB1610FDF05836E5BE933B3294C222F2B38A559E3C9C89EBDB16E0
                                                                                                                                                                                                                              SHA-512:93922F19B2A1FE8DB307734B9E99B4123333B5288FB7BF895BA3454496837DF50AD7B1A3DE221D7AD6AAF7B6BF973D9756CED7AF3FE54E77268AFB37F5A9D3F6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR.......@.....}S~.....tEXtSoftware.Adobe ImageReadyq.e<....PLTE.............66....rrs...{...a^...6So.6.......c`.............s.6t.........x...6_a....K.z............................a.....`.l........_^E.....7.u...........9............6.......|..c.....`.............b................q.P..............................{.....b.....7POO...j...`..b.........&&...Kev...S.....`6.Z......w...a.............66`.`......6..W..................Uj.....v..........223...kg`j~....,k.6.`6..`.6MVd...66`.........76.b65........7bYW(.,>R.....................z...?..................fqr.k......6.6k..............V........88.1B................................b...........f..q......6.........`6.6.....6`...^9......`....................`..s...............D`.5..X......{...<]+F[......F?A.........`ae.E<...XGs.........\k..0.IDATx...`T.......$Ly.f.e$jH.Z...<.b....`..e$.....1.tv...."......juk."u.23$...*....>.]............~.}.;......8..{....=.9.~..N.= ...2.....q..H..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\mp3rocket.exe
                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):882888
                                                                                                                                                                                                                              Entropy (8bit):6.611822955908285
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24576:IwzL88qhxY6Vn21A19Y7qGVkaHd58u5RpDp7q:qY60A19Y7qGV98A37q
                                                                                                                                                                                                                              MD5:93B06056604F3227AB2E1392F250DF32
                                                                                                                                                                                                                              SHA1:3909F7FCFAD1BAFA6A12FA54FCE7E18B6FF425BA
                                                                                                                                                                                                                              SHA-256:C1AC254BA33292737960F838FCAD06AD3F9921BB335F3BC065DFF9ABBEFCE8FC
                                                                                                                                                                                                                              SHA-512:82AE5F5A252743F919DCF50C84DC1049F35F669B73BD114FD02CC3D97D3E1EC92894A93931D3B8F1DCA287919B75E10585FD1D7821870D986644718A4F17102B
                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n.Z]...]...]....An.\...2yh.F...2y\.....2y].....Twu.^...Twe.z...].......2yY.u...2yl.\...2yk.\...Rich]...........................PE..L......P..........................................@..................................9....@.................................d........P..h............\.............`...................................@...............t............................text...p........................... ..`.rdata..F...........................@..@.data...D........X..................@....rsrc...h....P......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsx2FD0.tmp
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\mp3rocket.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1507685
                                                                                                                                                                                                                              Entropy (8bit):6.436562136380666
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24576:32wzL88qhxY6Vn21A19Y7qGVkaHd58u5RpDp7Sq6xmNoZ:YY60A19Y7qGV98A37SqS
                                                                                                                                                                                                                              MD5:02E73F49952E833D945B7874B8F72B69
                                                                                                                                                                                                                              SHA1:A545F6E9A8AA224CC8A4FC15462543BEDCDD959E
                                                                                                                                                                                                                              SHA-256:E52CF0A5DA771A083265797A4D26372442BA930EEF86985F9AE2DCEC6B272DD7
                                                                                                                                                                                                                              SHA-512:F8C012FE30C22585A065AFB36D743B57C01C5BCC0DE2F395D604A10CEFB9B578738EA7704B2E5B02BBE0BC9F670E103C78CA53182C8951DB4F662552690AFDCC
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: F.......,...............|...................................................Y...........................V...................................................................................................................................................................................J...N...............................................................................f.......................e....................a..g...............h.......................e.......................................g.......................e.......................................j.......................e...............................................................................................................................e........................................o...................m..................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\AdvSplash.dll
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\mp3rocket.exe
                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):6144
                                                                                                                                                                                                                              Entropy (8bit):4.538419944782178
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:6hNSXIcmYjkvTS6MnBNZ1BMjDfhkkEkkXstWpPwoS:JXIpzTSd1BSk/kJtWpP
                                                                                                                                                                                                                              MD5:13CC92F90A299F5B2B2F795D0D2E47DC
                                                                                                                                                                                                                              SHA1:AA69EAD8520876D232C6ED96021A4825E79F542F
                                                                                                                                                                                                                              SHA-256:EB1CA2B3A6E564C32677D0CDC388E26B74EF686E071D7DBCA44D0BFA10488FEB
                                                                                                                                                                                                                              SHA-512:FF4E6E6E7104568FC85EF3A3F0494A5C7822A4CEAF65C584AD534F08F9A472A8D86F0A62F1F86343C61E2540B2254714B7EA43E4B312FF13D8271FF069386FA3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                              • Filename: 5d#U25a0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: 30#Uff09.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: 0.200228.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+.Y.o.7Do.7Do.7Do.6DG.7D..jDf.7D;..Dm.7D..3Dn.7DRicho.7D................PE..L......K...........!................`........ ...............................P......................................p$..E.... ..d............................@..8.................................................... ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\System.dll
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\mp3rocket.exe
                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11264
                                                                                                                                                                                                                              Entropy (8bit):5.568877095847681
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
                                                                                                                                                                                                                              MD5:C17103AE9072A06DA581DEC998343FC1
                                                                                                                                                                                                                              SHA1:B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
                                                                                                                                                                                                                              SHA-256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
                                                                                                                                                                                                                              SHA-512:D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                              • Filename: 5d#U25a0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: VpnClientInstall.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: FlashPlayerInstaller.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: Flash PlayerInstaller.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: vcruntime140.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: INIS_EX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: okayfreedomwr.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: 30#Uff09.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: ShopAtHome_AppCore_7127_C78621646_D1_R1051591_B3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: ace-stream-3-1-1-multi-win.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: bomgar-scc-w0eyc301ijjj7jyyxygew8d6fzhye1wjij6z55gc40jc90.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: SVClientSetup(3.3.2.17.0.1).exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: something-else-installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: TLDClip_CLIENT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: 0.200228.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: WebClient-Setup-1.17.0.17.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              • Filename: webxvid-setup-on.exe, Detection: malicious, Browse
                                                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\modern-header.bmp
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\mp3rocket.exe
                                                                                                                                                                                                                              File Type:PC bitmap, Windows 3.x format, 150 x 57 x 32
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34256
                                                                                                                                                                                                                              Entropy (8bit):5.240922985115519
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:0z61PcLq891Eg1Eg3UvYvIJ1EdX4NqZysyO:IgYvIbWH
                                                                                                                                                                                                                              MD5:FFA46326447C684E2F24E13595B85E28
                                                                                                                                                                                                                              SHA1:434D969B3F854C10F26E280F29CE9C02B6D5E482
                                                                                                                                                                                                                              SHA-256:EE6D4D7A34BDF58B18111FF8E11CD6E61E5FD77967F1865C98D5336D459A62EF
                                                                                                                                                                                                                              SHA-512:668D48A06DB6DB306A1A08DA9D0064504EEBE0CEC8CD06EB2530B2594ED00DA2E9C7D3B5511483A62F3475827D928DBAC8DACA89049246FB7C695639F84C14C6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: BM.......6...(.......9..... ..........................q..q..q..q..q..r..r..r..s..u..u..v..x..y..y..z..|..}..}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................q..q..q..q..q..r..r..r..u..u..w..w..x..x..z..{..}..}........................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\modern-wizard.bmp
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\mp3rocket.exe
                                                                                                                                                                                                                              File Type:PC bitmap, Windows 3.x format, 164 x 314 x 32
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):412080
                                                                                                                                                                                                                              Entropy (8bit):5.592396256581093
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:RTBJu+Y2nWbGZLkM7AnDQniss/YQUTLWbjiM4vkCoPVUnp3CY1nkCX5ql2nQKtLh:LMa51HQKxQG2sZhMa51HQKxQG2sZV
                                                                                                                                                                                                                              MD5:87F30176C01BC85F35917EA210D4B9DA
                                                                                                                                                                                                                              SHA1:88344292B4EFC8A527DAC121CC5BFA908D97706F
                                                                                                                                                                                                                              SHA-256:BB3F2DED13352BCD3507AD4296833F134C0A0230CC191C4BD4E13286063A7947
                                                                                                                                                                                                                              SHA-512:A7FC1D2047F3EC80C3C3C565CF659755A25B592029CBEE3F2F6482193423764B330C9B66754E7022C47690321CDD5639FF6DE956CFFAFF0ACE3CEFA6581F2C26
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: BM.$......6...(.......:..... ......$....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\nsDialogs.dll
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\mp3rocket.exe
                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                              Size (bytes):9728
                                                                                                                                                                                                                              Entropy (8bit):5.054726426952
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
                                                                                                                                                                                                                              MD5:C10E04DD4AD4277D5ADC951BB331C777
                                                                                                                                                                                                                              SHA1:B1E30808198A3AE6D6D1CCA62DF8893DC2A7AD43
                                                                                                                                                                                                                              SHA-256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
                                                                                                                                                                                                                              SHA-512:853A5564BF751D40484EA482444C6958457CB4A17FB973CF870F03F201B8B2643BE41BCCDE00F6B2026DC0C3D113E6481B0DC4C7B0F3AE7966D38C92C6B5862E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.cXN`0XN`0XN`0XNa0mN`0.A=0UN`0.mP0]N`0.Hf0YN`0.nd0YN`0RichXN`0........................PE..L......K...........!......... ...............0.......................................................................6..k....0.......`.......................p.......................................................0...............................text...G........................... ..`.rdata..k....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..<....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\splash.bmp
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\mp3rocket.exe
                                                                                                                                                                                                                              File Type:PC bitmap, Windows 3.x format, 375 x 300 x 16
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):225656
                                                                                                                                                                                                                              Entropy (8bit):4.755193897135102
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:87pahxarbU3No9IMjl0UEWIe1O3E21lFgWNambSZH23Sib:wpaZNoX
                                                                                                                                                                                                                              MD5:2C143AB4E1E1B28C4755A916E89B35C5
                                                                                                                                                                                                                              SHA1:A8883BD8925E5BF83CA75E87F20BB2A08032DF03
                                                                                                                                                                                                                              SHA-256:B6200F2D521BAF9B5F68AE2036BB9B0E03BD3891966ED4961623373E60769C18
                                                                                                                                                                                                                              SHA-512:72D82F59EAF61BF95CBAA7EF8F1B2C558FFF7D8F54BA738706B7EBC4C8C880CC5F138A5880850465644C2853F33E744E384E5EC520A852FF956B5CB2AB8C7F0E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: BMxq......6...(...w...,...........Bq..............................%...............%.&.&.&.....&.&.&.&.&.&.'.'.'.'.'.'.'.'.'.(.(.(.(.(.(.(.(.H.H.I.I.I.I.I.I.I.I.I.I.J.J.J.J.J.j.K.K.K.k.k.k.k.k.k.l.l.l.l.l.l.m.m.m.m.m.m.m.m.....................................................................................................................9.\.....9...v.T...3.....................q.p.p.p.P.P.p.O./.........,.-.-.-.....-.....-...........................................................................................................................................................................................................................................................O.o.p.q...p.p.p.............4.4.4...4.U.4.U.3.S.....\...............................................................................................................&.&...&.&.&.&.&.&.&.'.'.'.'.'.'.'.'.'.(.(.(.(.H.(.(.(.(.I.I.I.I.I.I.I.I.I.I.I.J.J.J.J.J.j.K.K.K.k.k.k.k.k.k.l.l.l.l.l.l.m.m.m.m.m.m.m.m...........................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsx2FD1.tmp\splash.wav
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\mp3rocket.exe
                                                                                                                                                                                                                              File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):16428
                                                                                                                                                                                                                              Entropy (8bit):1.8837153569684004
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:UTEClNCBHmQINnQQcQ29d1QxOBxbArOT3KT5QQ27htECS3Q2Q0v:5ClNCBHzQQKCe0DDT3DQudD0v
                                                                                                                                                                                                                              MD5:0E38E1919F45A4A4629EFB7138801D25
                                                                                                                                                                                                                              SHA1:1155E537007DF34D94F93288BE77610DF8A7D7C4
                                                                                                                                                                                                                              SHA-256:48076A033CF319892E265CCCCE16E08A9F525F97E0AACD97A0CF074BA8148982
                                                                                                                                                                                                                              SHA-512:C11343362B0AE927B45F19C8127E2E027B4C6425E4FCC11B287D6293052B8D5DDD5A537592833208EAB2DF219A7884DEF8C062184E831C35E17F081DB49394AF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: RIFF$@..WAVEfmt ........D....X......data.@..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpofferstate.ini
                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe
                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                              Size (bytes):30
                                                                                                                                                                                                                              Entropy (8bit):4.2817276788697365
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:1xPPhHyykn:zPFqn
                                                                                                                                                                                                                              MD5:A090793F2D15FE1396B037ECD8E1227E
                                                                                                                                                                                                                              SHA1:92772B1F66AEC544873B7576695175BA6F1B82B0
                                                                                                                                                                                                                              SHA-256:5001AD357A606F79E45B3B22A2A3E23DFE2C6BDE2F84049ABFF67D700327D792
                                                                                                                                                                                                                              SHA-512:321C50784F58AA4B5A732CC0884B7DD1EB585891246526BE1A3BBFBE545A66B7EB5BA5CD9F2213453C730DB249AA97F49C87352509FD7724B565123164A13D38
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: [APNOF_TOOL_APN01]..ds=false..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF01D8EAA0F100C985.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4721177260731524
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Bh/Qg/ug/4OS/KOOS/K7G1rN:kBqoxKcoZOKOuhphIgGgipqo
                                                                                                                                                                                                                              MD5:E6AD36C9AF958B5573B6A1C7E7216248
                                                                                                                                                                                                                              SHA1:EADDE153F3A6C1569002264DE57D67F80F4C6CB1
                                                                                                                                                                                                                              SHA-256:E21C89E193BE7B1F02EC7D0D1E5D467BF8FBA609827D2547EA0B8AEE43BC319E
                                                                                                                                                                                                                              SHA-512:0D3A25DC8BF59418838BF2F315E543ACCD4F2F4CB5F0C173195111FF0D6D6FE7C30DBF96435D5AA5B923799A8EA5221FD423C92634853DC545D217E4EFF6F365
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF037DBEA9F1234943.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4719501324115621
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Mh/Hg/1g/7OS//OOS//771rN:kBqoxKcoZOKOuhEhvgdgXkLX
                                                                                                                                                                                                                              MD5:8D64156C91794E55B6D0ED6FD6FB9763
                                                                                                                                                                                                                              SHA1:05EEF74B4C9D93727849AC6E8C43C2171BDA5A85
                                                                                                                                                                                                                              SHA-256:2B3D8EF4F683DE221BE2221696FDA2116E276F38D66AB7ADC080D694FF52E421
                                                                                                                                                                                                                              SHA-512:58A714B09DB5281E6F1DD34EEA60D6B1EE27415C370806E243B894B08BA579F18C1C597A1739E1D7EC051CDE7BA21A20D3A92408F91D28BBE7851CAD241F3972
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF0A90978EC1924B51.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4705205666267561
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/+h/dg/Pg/1OS/1OOS/17J1rN:kBqoxKcoZOKOuhmh1gngFetd
                                                                                                                                                                                                                              MD5:34B933F1F9692FE4118DACA7CADE7D3D
                                                                                                                                                                                                                              SHA1:52FE92C72A2FDE2355A39D05A5C630F25718A493
                                                                                                                                                                                                                              SHA-256:F0E3F3C3BEEE2CB5BCCC111D9B6F693FFDC07A38D03FADE48E1AC5347890B003
                                                                                                                                                                                                                              SHA-512:5C0AD044A5E69A7FB946A484CB83E2EBED9B4A0B03C84C153F11442EDE0A029014A22A315AB1AA553125EF82F0AA9E4F2BA97A888CAC21E27E8103D7156D81D5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF0EC16733DD1E2843.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47039980625668765
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/ih/pg/rg/hOS/5OOS/57V1rN:kBqoxKcoZOKOuhahxgzg5yRZ
                                                                                                                                                                                                                              MD5:4E9F57CBCEEB30F9BBE52A79EDFA609B
                                                                                                                                                                                                                              SHA1:84207733CA77ED32443F3DC19086840ED3981FD5
                                                                                                                                                                                                                              SHA-256:03F1117324893D75D398899BF67C3DA9D123CB430FADDF4780EEFACF04A4731D
                                                                                                                                                                                                                              SHA-512:D78EE5346C9F73A7FF0403254DCA087A05659061234277B71C224BC29E4A00DF7895F04120070CA63F179788BB0211718AF2C32AA6C5DCFD2933A2784FEE460F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF1881C31F600B7BC3.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4699690376536908
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/fah/fxg/fzg/f5OS/fROOS/fR7LR1rN:kBqoxKcoZOKOuhahxgzg5yR5
                                                                                                                                                                                                                              MD5:3C8713FE66F8CD9F3C6AD44CCD7CE5CA
                                                                                                                                                                                                                              SHA1:31132F692DFED42E72D8778DC088934F925555E5
                                                                                                                                                                                                                              SHA-256:D5C6D7826A458B6AB1058D12907B727D54C84D4E3ECD1CBEFCE8E584148BD4F3
                                                                                                                                                                                                                              SHA-512:98EE129F7A1C6A73307BCE072657136D39A4CBBEE0B526D45DED5D16408229FE55BC133120AE085BAFD7CD9A518CF2DB84610998A0D12D8274ECA3D0FC4E9382
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF211A51CC4AEB3943.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4719664739296402
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Ph/ag/8g/2OS/8OOS/87g1rN:kBqoxKcoZOKOuhHhCgEg0nAK
                                                                                                                                                                                                                              MD5:3F8D42A30A2E50E8A2BA4AE3DC9D2289
                                                                                                                                                                                                                              SHA1:58309ADF8159C119FAB20AF444E5FDF7CA783C8B
                                                                                                                                                                                                                              SHA-256:F1C14BE67068ADDDEAFFF3D343C53C70AE2A3F673A776F4974885DEC282445C6
                                                                                                                                                                                                                              SHA-512:CA76969948497B95D39AF13217BE2AD4D3F2B3C1BE8131301D53B7D2DE179DF07F0EECDF2DFC55D21B56ADFB31D0A723A114FD010C8C575CCDA7F50F41BFB014
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF2C81B8CA90FE8943.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47171525374312506
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Ih/7g/5g/fOS/LOOS/L7f1rN:kBqoxKcoZOKOuhwhTgxgTgnL
                                                                                                                                                                                                                              MD5:120891A21A2C4950D447FCC9EF409F41
                                                                                                                                                                                                                              SHA1:325FA899B00DEEC7024ADBA26B1454C81CBFE1A2
                                                                                                                                                                                                                              SHA-256:46D28D3BE05B7E4AB2C02855C6662FDF1C5CE807728370C2FF5B65F430046A31
                                                                                                                                                                                                                              SHA-512:35F765898B82251D0690E898D7A2404B2B32E2C4BA99F6FEEB0B8B097086DAD3EA585612792FC3CEF7BED3582EAA2D316EA5C366730CE0B388B42407F53E3C8F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF2C8B5B0141449B2D.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4681727122892373
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/ch/Xg/lg/LOS/POOS/P7j1rN:kBqoxKcoZOKOuhUh/gNgH07f
                                                                                                                                                                                                                              MD5:6C65E14884C66E38E483F859EFB693CA
                                                                                                                                                                                                                              SHA1:4EE45B0FB8FA144CA7DE9A7008F03C88079CD3D5
                                                                                                                                                                                                                              SHA-256:A3347634356A6DBBAAAE29777504C982FEA3F4B07DA32CA1DD8DDA5E8D7ABA3F
                                                                                                                                                                                                                              SHA-512:F1DB73147A8C78C36AEE47A3BA1FC4A3DAAAC53EE6ED04FAFD4BC326962EB1CFDB89C12C7EB460F37BE744F1432372245A79EABE6042B95BD8F9632F052A1723
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF2C96EEFD570FD082.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4712219589181377
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/yh/5g/bg/xOS/JOOS/J7t1rN:kBqoxKcoZOKOuhqhBgjgpCBR
                                                                                                                                                                                                                              MD5:1E6D96696315C6E42902837D447677E5
                                                                                                                                                                                                                              SHA1:A404976A0631FE98FEC0C8BD751A02DD5BE6421D
                                                                                                                                                                                                                              SHA-256:91E61A3748B50F62359F4C070DC6CE5DDDEBAE00C955CD0112915FF2A6C3B370
                                                                                                                                                                                                                              SHA-512:58ACAA7EEF0471CFD650AF24E65F6F44D670CA88B2AC0DEA7D6DD3AAEFE578CDBC89D2158267BF1914A226533A21C881D5E6B494499120808DCF4F39B122E02A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF39FD256A6201B66A.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47023708055970903
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Eh/vg/dg/TOS/XOOS/X7z1rN:kBqoxKcoZOKOuhshngVgPcDP
                                                                                                                                                                                                                              MD5:CE774F013F4DE0D7291CC842202954FB
                                                                                                                                                                                                                              SHA1:C98AF68FA088D827C1339BA08196B18F60FBFBDA
                                                                                                                                                                                                                              SHA-256:EE033227246C1134C7EBE1DB3D9AF4F07DB7243DF2F6D66C09CC2A4A321D813F
                                                                                                                                                                                                                              SHA-512:3E4013BE9C96CE070847E0474A5B90FB82E74DE791FB3062D767506C3C68244A9499CB89F878D664393C768090B12EA01C84F69149789E4C45E317F6A1E56590
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF3A9EAE4AF23B2482.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47112063872862986
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/wh/Tg/xg/HOS/zOOS/z7/1rN:kBqoxKcoZOKOuhIh7g5g7ovr
                                                                                                                                                                                                                              MD5:63EFE3016FDD50205DD2A0F1DA42EE3B
                                                                                                                                                                                                                              SHA1:E2359E7ABB6B9D229340E0E810BF4DD6C46DEF47
                                                                                                                                                                                                                              SHA-256:95120741F4421E6CBDB9110A292247DC74CB9825D16093151061927D8E44DD65
                                                                                                                                                                                                                              SHA-512:7C4E80D7D9F5D373D08098A8281146B1953D18E62AAEF8608BE1E32D598AB06ED3E0EC92E6E7115DF943269D12CC30F48E239323AA6F4818C7AE5AA1F76B87C8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF3D9C793140B26E5B.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4695449819142571
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/UHh/UCg/UEg/UOOS/UUOOS/UU7AU1rN:kBqoxKcoZOKOuhuhNgfg9WFl
                                                                                                                                                                                                                              MD5:2A5A835CC0DB76743E2E977C83ABD4FC
                                                                                                                                                                                                                              SHA1:B0322DDD9DA8F8DF4CB8B2621B450DF04C1FBF3F
                                                                                                                                                                                                                              SHA-256:16D9AC6986474019601D021C3E0F1DE3BAEE32B4502491DA3F391EF8C11BC56A
                                                                                                                                                                                                                              SHA-512:8D9AF79BBD0B3E29B7FDC905980F729CE55B85060359CD9F3FDDA0BE0992FA24D88BB6B566C21F369E481FCE90BA5FCF52C08B7A6243FCE8421AD830DA5F2CAB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF3EBA6D81CF336273.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4712962319341422
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/ph/Ig/w1g/w7OS/w/OOS/w/70/1rN:kBqoxKcoZOKOuhBhQgY1gYvY8Yj0r
                                                                                                                                                                                                                              MD5:35491A7D09EAE3E370B74D9EF9BC1CA5
                                                                                                                                                                                                                              SHA1:DE3C6675C0916678624036528B6949E463A1D157
                                                                                                                                                                                                                              SHA-256:25ED9C91E27CA9920A3C7FE11F8F651CE618212724227627C5E971EA1A5A40B0
                                                                                                                                                                                                                              SHA-512:5E63B9FAAFE1D3DDE7CFCD81F1393A597354EBBF8C8AA56F668764C414F1DD9AFA07806285642165E188B223BE2E9DA66ED895E7B9F6FC0B5ADAA00A289ADD8A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF3EE43464956B22B4.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47252085692561957
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Th/Gg/og/SOS/AOOS/A7M1rN:kBqoxKcoZOKOuhrhugwgob0G
                                                                                                                                                                                                                              MD5:A8FE6F14F646179D0AD6359B54B5F614
                                                                                                                                                                                                                              SHA1:BE510A608010B2BD680C982BDFF3D24384FF4334
                                                                                                                                                                                                                              SHA-256:EBCED1516D3D2DA955288954AE5F79144D264E866D267D28F3509C179BE38C7E
                                                                                                                                                                                                                              SHA-512:4D7C34B6A455637712D916239E2ACE48F42783EB9F0BE78A82104B92C8741C78DC1DC174E0294AA12EC0B57B975B910EC4D9CAF7C3C3AA946AA973E4D32AADF8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF437031B82F0F28F9.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4706505758816403
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Bh/Qg/ug/4OS/KOOS/K7G1rN:kBqoxKcoZOKOuhJhogmgCJKo
                                                                                                                                                                                                                              MD5:4658A9E560B890529AEA67F2559A4077
                                                                                                                                                                                                                              SHA1:23B96DCF3FAD9913861A86CE13B4B1B2A844CBA3
                                                                                                                                                                                                                              SHA-256:ECC54E3E7B65439DE2A6691712F5F5DE74E46DACB8D7A6DC67B1DD1076B5D312
                                                                                                                                                                                                                              SHA-512:FFD5AC267A1659DF04BCE993134F38100FE79D77C3196FF5A45454C31074FD2A77C93D800028BC784B0ADDB1C56379F5CEC32C5F0723BA4AD09E540926ACDF81
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF43C6A4595D416C4F.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47060606590591936
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Bh/Qg/ug/4OS/KOOS/K7O1rN:kBqoxKcoZOKOuh5hYg2gS5aw
                                                                                                                                                                                                                              MD5:21A3F22DA832BF741FD8BED84DF3E226
                                                                                                                                                                                                                              SHA1:17EAD029BDF3E22EB21850C62ADA2EEB0243FBAC
                                                                                                                                                                                                                              SHA-256:D0673E81B227312F2489EE0382B9A6A4E0DE8DCC577E0C123458603D33F2BE9C
                                                                                                                                                                                                                              SHA-512:56D46E50DF2F9F2FA42D63A91C59DC4873D02D621E446E8CFEFEADA97C8E82CD73B340BEAB69C7216BAB8396679A1553A9B9E226ECDC0D419D6E04FF94949CE0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF4B90382A54082999.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47271858124813154
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Ih/7g/5g/fOS/LOOS/L7/1rN:kBqoxKcoZOKOuhAhjghgDwXr
                                                                                                                                                                                                                              MD5:ABC83CB6A939A0357CC9B710377B9453
                                                                                                                                                                                                                              SHA1:BE140D4031C0795704AF2FA7661E1E74A9BFFA10
                                                                                                                                                                                                                              SHA-256:A9381E523F3AB39671E4AA402041AD022C825DA0E15B95722EC6E8FDCEE5A4FB
                                                                                                                                                                                                                              SHA-512:65BD5CCF20C966AF1F7ACF73A8DA67095E44E761B28099746A79BB6C397343A3A2413C7F191F59E70D9AA502A2B9660A89021181BE5BB0D0C212A04DB014C1A5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF50597A7B9E3D1D95.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):74197
                                                                                                                                                                                                                              Entropy (8bit):5.0157602153249
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:kBqoI4mFsmyLPwkGfiab+dc2IkgzDsqgukJTAMPfDIypA5mS39om5gM:kBqoI4mFsmy+h
                                                                                                                                                                                                                              MD5:6474F136E1EEE498DA53AE22008E14AD
                                                                                                                                                                                                                              SHA1:5B4E204FC050732DD44F1411493B5C48ABE41C82
                                                                                                                                                                                                                              SHA-256:949CE5CBE7917771A5E5A31092FFAC46F67E2CF7802D218EEEE7D1AD831C1C83
                                                                                                                                                                                                                              SHA-512:5E5B8D6B53D2AB02378670CBE232B6B88B6E6EB75D0BA84F375E1D622B5DB911F9C422A2B678F6939CDFAFCE832079AFB58760B338696939EC0F59CF9400C991
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF51169BBBB72E9525.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47271858124813154
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/nh/ig/kg/uOS/0OOS/07A1rN:kBqoxKcoZOKOuhvh6gcgsfYq
                                                                                                                                                                                                                              MD5:0D3A56F6F729B62F27015CC9C64E6C86
                                                                                                                                                                                                                              SHA1:974C88C207A7707EECC9FA9B24C4AADCC24DF606
                                                                                                                                                                                                                              SHA-256:D08F373899DB06C5A296E5138FFA55D58CA124639C467C43B855783755CAC794
                                                                                                                                                                                                                              SHA-512:75489DF4DC48F9F55E49BFC99BBB01381E4A0E501F5613C7778E40631FBECE999019395EBF7690AC0AC73EC8D6E391D0E9AE827131BF84F9B23E9FDA1C8CB830
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF5E513ABF7F988DAC.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4707143788471179
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/q7h/tg//g/FOS/FOOS/F7x1rN:kBqoxKcoZOKOuhWhlg3gVO9l
                                                                                                                                                                                                                              MD5:40EC1504FD1FD534279D8688BBB4C6EF
                                                                                                                                                                                                                              SHA1:2F03B259BF4B15CBC60B7CA9D68E81A10168B891
                                                                                                                                                                                                                              SHA-256:18D812116D3FE427DC34FE36657F980ABCE0BA48A2158FD508EAED9A71CF7935
                                                                                                                                                                                                                              SHA-512:A49AFB5D4EE3ACE6BEEC65F8ECE6833355CB9562CB78C4845DA9266A8D3E75D6B60FFADEBEC3A7A8CF39C1D1D81720A19B7852DD3B4A52A9D1CA7F3B68ED75D4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF6544F7A2B70707DF.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4714196832406496
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/YHh/YCg/YEg/YOOS/YUOOS/YU7UU1rN:kBqoxKcoZOKOuhwHhwCgwEgw0wnwAUu
                                                                                                                                                                                                                              MD5:9E4B9F3D9C2E485C8D0791AECDF9B755
                                                                                                                                                                                                                              SHA1:E08B9474BE9936BDCA998E4F3C56B291830DCAC4
                                                                                                                                                                                                                              SHA-256:6443B6E4B6E49CEB90476A8FF26280B1DBF8B6DC31C1E79845B9BA9DD9ED3002
                                                                                                                                                                                                                              SHA-512:75851663B5CF4AF3ED3A02FA282172E4CC826F7E236DBAEFD6ACB0352F3E7825B2EE07E7AC04CB2B88E99AA4995FB1C302428A69C1A6A7DEF8626391DFA6036C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF67A7EA33EB1D7BE3.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4718221555706769
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/DAqh/DABg/DAjg/DAJOS/DAhOOS/DAh7HAh1rN:kBqoxKcoZOKOuhNh0gyg29u8
                                                                                                                                                                                                                              MD5:F4FF238FC32B683FE0BBDF6C069882DE
                                                                                                                                                                                                                              SHA1:AF5EDBE33D192E1156A634F6468C23F06AC61EB2
                                                                                                                                                                                                                              SHA-256:BD988B486485C43A7B80D1B25F40E947D722F0BECF01FC3BE3B19029A9F6B44E
                                                                                                                                                                                                                              SHA-512:A1D1E8C686A180432D4F50496D6FFC8203186B76EA48FEC0847913FFD39B0FA91FAAA176115B07A216B55FB734A014D3C0B89776D83D30D67882FFC0A2BBBCE9
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF6ACCB92F2036C41D.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47161884961012096
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/gh/Dg/Bg/3OS/jOOS/j731rN:kBqoxKcoZOKOuhYhLgpgr4fj
                                                                                                                                                                                                                              MD5:D3BA92F61C2478D05B954EC2C0291DAD
                                                                                                                                                                                                                              SHA1:3316DE75D5094A8D90FEC09EE9975FE5692E1086
                                                                                                                                                                                                                              SHA-256:A6B942056E11939CF8A0C27E11BDC701B86ED4A652EAE824FCB39C7A12D60E00
                                                                                                                                                                                                                              SHA-512:0B426E2045D521F20CC52BD1849FC5BBDD2EB939B9DF8788AE7E0C8AFAC0771061E0F0BD6D59E0B615E6838507B19BA7043674573DD37A3DB7E60E8009D765F8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF7547C1EE8837AB2C.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4709713972540625
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/th/nUg/Sg/MOS/WOOS/W7S1rN:kBqoxKcoZOKOuh1hPUgqgO1mE
                                                                                                                                                                                                                              MD5:46D8CA6114F7FD48DB1ED2E32FD234F6
                                                                                                                                                                                                                              SHA1:1325FF82CAB0B476B92ABF4001529E0C676F1264
                                                                                                                                                                                                                              SHA-256:9A6EE48DC36994D4D16A1D22413FDA773098FE26C5DC70DD5B0C468459FBEF34
                                                                                                                                                                                                                              SHA-512:CB9EC81C7E2D521AD70D5B6177888DB4EA7EE3F82E9DCB5288CBFAD9AB3129BA96850B219A23B1AC3DE1B52B1CD6781A3222BAE853EADD1ED07C0D85D7FE8779
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF7A075482D584C946.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47050439629860186
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Th/Gg/og/SOS/AOOS/A7E1rN:kBqoxKcoZOKOuh7h+gggYrk+
                                                                                                                                                                                                                              MD5:7AD7CE0274AC92D2B436A6A2A350182C
                                                                                                                                                                                                                              SHA1:5AD177A8F79C8FA9E4D517DB546B2ED494F6EF4C
                                                                                                                                                                                                                              SHA-256:FAA8356790BD8373424346EAC3A8A90E0AC6398EEED4DFF8F70EA96525AD1908
                                                                                                                                                                                                                              SHA-512:28F23B0103E0E8BFBFA315CAEE979621D3B22F10AB1DE89DD032DECE5174CF249B548418FF8667553B0DC6C9BC3436CDEA71D6A45D30BFB64F906E4EA5015187
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF7E9FF8C83996A3D4.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.46800631424940964
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Kh/hg/Dg/pOS/BOOS/B791rN:kBqoxKcoZOKOuhihpgrgxqJB
                                                                                                                                                                                                                              MD5:B7164160AF231437811AD29331144928
                                                                                                                                                                                                                              SHA1:1771741DA9216DA8EDD68EE34A05C528C21B3DFA
                                                                                                                                                                                                                              SHA-256:A1D8051B4F5880BFB4AAC58F941FE5867D0DE89E8980AC5718D6ED966AE97FC5
                                                                                                                                                                                                                              SHA-512:BA34EA8598F0E62B6B4D89E0412D45CE1D2A2A838B10F4C6B3950ED1A32A4CF1C1BDB6EAFE3CFA3C2862EF0D1790E27B5DF820A5844CEF69429CE6FEBF22C1B4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF8DA4BA3D82441555.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.471624431248165
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/2h/Fg/Xg/NOS/tOOS/t7B1rN:kBqoxKcoZOKOuh+hdgPgtm1V
                                                                                                                                                                                                                              MD5:FA63E88010399EB31C37C1001059B9A4
                                                                                                                                                                                                                              SHA1:C2633F80FCE7A63B287E031251AD2D847D466184
                                                                                                                                                                                                                              SHA-256:C57BE385169A0460FE98896D7D4E9D40105BE694A946AEE91080C1E25E22C656
                                                                                                                                                                                                                              SHA-512:52B71E204D282C0D137254A81C3BB41933D9649918EEA064DB6A86DEF1B5DB01320C01A40AA118CFAEFC2B5A137A49610C2F6D0CDDAEA1B052F2CA472B9441CE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF8E60392A42D5FF89.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47271858124813154
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/ph/Ig/Gg/AOS/yOOS/y7e1rN:kBqoxKcoZOKOuhRhggegahig
                                                                                                                                                                                                                              MD5:DC74FA35B5F78D3C3999DBBF20ABCCF7
                                                                                                                                                                                                                              SHA1:430251BD8D1284EC4A9C076DCCA07A9D59A509E7
                                                                                                                                                                                                                              SHA-256:D14149D0D31355D9142D7B8A2280ED2E665DA37C87102BE916A8E6B97934B57C
                                                                                                                                                                                                                              SHA-512:1F335EBE7F6C8ADA46E372309FBA1E7B75DED97F333DA58F7F1F0C4A15B915C08B16746D3819F471B1914F2666F55997CF00E0691344C8B31E59FAE6EEF10FF6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF91D16699FFF02D89.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47096872806267776
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/4h/rg/Jg/POS/7OOS/77X1rN:kBqoxKcoZOKOuhwhTgxgTgnD
                                                                                                                                                                                                                              MD5:3A3071EA73ABCCAD4D470C4832AC88BE
                                                                                                                                                                                                                              SHA1:E2ADBB8C03DC435A7CCA93B24A9CD2143ABE94C3
                                                                                                                                                                                                                              SHA-256:D40EF8E25AB1F682A594F8D7DC83F5D683E03AF8BA64906BDC3F54C8904B0C61
                                                                                                                                                                                                                              SHA-512:A01F87C1182FE23497BBAF662B059113A31D0DF095DE06ABFDD476E800D3DAA78400367B91F6A1D48BB97D0E69EB8FA9995F1E4885B3E38AA5D8B8261E4CB773
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF99227512A7B76768.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4708188280656705
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/3h/yg/Ug/+OS/EOOS/E7Y1rN:kBqoxKcoZOKOuh/hKgMgcvIi
                                                                                                                                                                                                                              MD5:D0107DB3C4F136E13872F30D6778E3C9
                                                                                                                                                                                                                              SHA1:4760FA2A7BFA9817380E3DDBB6E455D71EF80DDE
                                                                                                                                                                                                                              SHA-256:03A43E9FFB4124F74F532FB4BA6FB5B5AC1EBEB147BE668D17F1DC770ACEFCB0
                                                                                                                                                                                                                              SHA-512:03766B27E870841794245A67101FB68290B7DE96526728071E6A596DF588DC24C7F80A79D8FD6D84815F7B3E80F83DD65D0A67AD111D9C00BDB4EF531630E6D9
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF9991FA7EC6E4FEE8.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4722887444081222
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Cyh/C5g/Cbg/CxOS/CJOOS/CJ7+J1rN:kBqoxKcoZOKOuhayha5gabgaha6a5+d
                                                                                                                                                                                                                              MD5:B67429FD0471594CF080CC14528F537A
                                                                                                                                                                                                                              SHA1:F6D0CBFE89CFEC9D1B9647BF4A71D276EB96E89F
                                                                                                                                                                                                                              SHA-256:EF1E9AE2353EF351D4A545A98B87FB5C6DD7095C75C72C8E56EDAB7912DA885B
                                                                                                                                                                                                                              SHA-512:6CCF30FFB4871E2DA8131E5532A254356C37A82AB8ACA3A676CB93A0B471A0DE4056D694E6A78F16D9BC12ED87BAD7C735DCE71DFE6C5E768E8E58A84D51EFDD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFA41459567B8F851A.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4699690376536908
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/bh/eg/Ag/6OS/oOOS/o7U1rN:kBqoxKcoZOKOuhDh2g4gwj8u
                                                                                                                                                                                                                              MD5:68049FB8E83CF22A1D5D5B098A961435
                                                                                                                                                                                                                              SHA1:BDA6E67DFA74D978C99B3F70112E8DACB22812F3
                                                                                                                                                                                                                              SHA-256:8568CF145D6DEA550C816C358F2ED9137D60BE2AAB2E6BF75945EEDBABEE8F1F
                                                                                                                                                                                                                              SHA-512:EC25CFAE58C7265E97EDE8E28391051B0C03D6A0CFDE48CE370D8831792183D15649FDA1340E6A0314A05D2C529C100BCB271C5AB0138B6F2045BC04DF7A0C2F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFA4F85B9C187CC044.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4718221555706769
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Xh/Sg/0g/eOS/kOOS/k7o1rN:kBqoxKcoZOKOuhPhag8gM/4S
                                                                                                                                                                                                                              MD5:FDF0EE328F97B3FF76BCBC079EA6B949
                                                                                                                                                                                                                              SHA1:59C37A2F65CE5230295AB46C709542BA0235FD8D
                                                                                                                                                                                                                              SHA-256:1899EE0CF7ED54DCDE5EFFE99F3A7E6FFD71373E7735205A15BE34C6ECA7E919
                                                                                                                                                                                                                              SHA-512:2F8246A9461BCDCE809AD70A1F8342DF92FE3D0868458215A7085CB95204AE9E6371DE991D5F07218AFE11A37789FBC0C1AF454B385E62BFC4D1C9AE973F417A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFA67615B55785378D.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4713232791076455
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/zh/mg/Ig/yOS/gOOS/g781rN:kBqoxKcoZOKOuhrhugwgob0W
                                                                                                                                                                                                                              MD5:CEA869C08E3C78306A9316833F667397
                                                                                                                                                                                                                              SHA1:610C6F77C33A2256580036590C6C73AA45348A53
                                                                                                                                                                                                                              SHA-256:F89DE4863326ED833550217BDE753354F22212520429737B77F540BE2F5E5C28
                                                                                                                                                                                                                              SHA-512:07E7BF6165CEB5D474E0CED32244409CB18BFB2D92F51CDF45FA2B7CB5AD2A8A40C576ECDF40FBF651617F331CCEDE3F2D2205A47C6690A327376F1898972A7D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFA755F1474E5C2982.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4721177260731524
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/bh/eg/Ag/6OS/oOOS/o7M1rN:kBqoxKcoZOKOuhjhWgYgQDcG
                                                                                                                                                                                                                              MD5:FB94F5181AC7D82B9A1162D0F9DAC04C
                                                                                                                                                                                                                              SHA1:D81E0A480FAD2DC5CEFB684126F1FE52DD870306
                                                                                                                                                                                                                              SHA-256:86A7B7B42C421FFC7652A895848A8C2153D25086DA82DF645B9709D3D507550A
                                                                                                                                                                                                                              SHA-512:0AB404A7E0A244DAFCE87D5BB7BFF0171A8CBD79AB8DC1BFFD6735A2124A5AE2F0ADD828B4562B4D2297224F8EAE55A1A094047474AB6FBD3F2689854AA6C29C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFAA0FF1272A7E079A.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47137066541468875
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/0h/fg/tg/DOS/HOOS/H7z1rN:kBqoxKcoZOKOuh8h3gFg/szP
                                                                                                                                                                                                                              MD5:D638E6D8F5D66FE709C9E41811734272
                                                                                                                                                                                                                              SHA1:1F529FEF5BC90EA8F7AFEB054290569CB42143A1
                                                                                                                                                                                                                              SHA-256:8EEF356CE30BA5A45EF42DEDBF58A431B2F462525C4E73C9308AA952272F7BA8
                                                                                                                                                                                                                              SHA-512:06D4306815D4A8A4FE322A6B466856AEF0A062B6C72B46905FA6C9AC3E0EB2A4CCA34586DA27B5CB54F30D238234A9F9B756B396CDA54BEB74D120EEB4F9AB68
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFABB98D5CE2456ADE.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47222181241359984
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Fh/cg/ag/kOS/OOOS/O7S1rN:kBqoxKcoZOKOuhthUgSgWdOE
                                                                                                                                                                                                                              MD5:06F2448F77B08B821245F9A09EF4F2FF
                                                                                                                                                                                                                              SHA1:9CE1A55A55112B28393937D85370D5319A32B552
                                                                                                                                                                                                                              SHA-256:DA73955B58AB53AFDDAD361FA519E62D9060F50C2FBED349AA831A1CDCF0DB34
                                                                                                                                                                                                                              SHA-512:38941A78D86F768BA2635D397B3E9D5A842512285C882C123534D3BD7E535BD566B3A601B153F104C0C2B44350DAEEADD8BE4297150DB91FE8026C099FDABE50
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFADF0FA6B8FF798D1.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47271858124813154
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/syh/s5g/sbg/sxOS/sJOOS/sJ74J1rN:kBqoxKcoZOKOuhUyhU5gUbgUhU6U54d
                                                                                                                                                                                                                              MD5:D94C04312A640F2D512D93EC7E32EFD5
                                                                                                                                                                                                                              SHA1:B656EC9A4CAB944FB81416FF137CCA0AD953795C
                                                                                                                                                                                                                              SHA-256:0C60ED7B57310F815C872D35CC785BB24DE9F4942F65441792A7D9C0CDF6BC5C
                                                                                                                                                                                                                              SHA-512:796AD01E2AE5B52ADBEEB72E181DA302B2300C5DFD715B77F31D0EDBC883B6E08C685FF6768642496FA525C0810C6E20D36338BE79403BA61682E2E32D343501
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFB3C420F0936F25E9.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4725935700207175
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/5ah/5xg/5zg/55OS/5ROOS/5R71R1rN:kBqoxKcoZOKOuhxahxxgxzgx5xyxR1F
                                                                                                                                                                                                                              MD5:C57557AF4D0939C40B0162352476D640
                                                                                                                                                                                                                              SHA1:75C3638430835808C99F07D196D28FAA98DA8B7E
                                                                                                                                                                                                                              SHA-256:CF025533C03A07470B7A9A6547EF8EE2637C123566E7A92A5F12F354F84F1130
                                                                                                                                                                                                                              SHA-512:8CE8B3E975178189F1D4C92C5116B0FABC3585AD3CEC647E81D1DA3A331EA21838CC5FFC5616B2F625CC0255B06A9C37D73DB30DA2D09A3A1AB6DCFECE065AE7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFB936203483A31A87.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4713232791076455
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Fh/cg/ag/kOS/OOOS/O7K1rN:kBqoxKcoZOKOuhthUgSgWdOc
                                                                                                                                                                                                                              MD5:256923E8E06D208BA4622D7CCE896EC1
                                                                                                                                                                                                                              SHA1:80EA20CEE5FB4AE81AEAB28B2CC3FE85546C768F
                                                                                                                                                                                                                              SHA-256:1297BA0C95FF9FF31383BDEAFDB25FB37833C2565F7A3C965772B06CD481DBF5
                                                                                                                                                                                                                              SHA-512:90EA7EF9F39BF699BAB55D12E2DD0906F55389516FA51242FE9B3BA59E13E3515B2412BFA76548AF758F71F62017B4B518C387698D4C209BF0D2719D07797092
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFBA727533B740399F.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):29745
                                                                                                                                                                                                                              Entropy (8bit):0.2920107282763179
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAC9laAC9lrz:kBqoxxJhHWSVSEabeQ2y
                                                                                                                                                                                                                              MD5:CE909A43525B3843C907DCBE55E9D7DD
                                                                                                                                                                                                                              SHA1:8B6E53CCBAAB132FF8100ECB696282F011402047
                                                                                                                                                                                                                              SHA-256:540A8B39EAF1EF9CF341697FC4CDABBEBDED17B16321398C539639FD17EE1602
                                                                                                                                                                                                                              SHA-512:027F1DF5288441E3BFF63ABABD90521E2A72DC20FFAC545E0F180483761229D13254375ADA525D3C5155C1BAC6602117B24617A160C4B9D21C30721B9DF17446
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFBB8C885C4FFBD0D4.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4718221555706769
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/9h/kg/Cg/cOS/mOOS/m7y1rN:kBqoxKcoZOKOuhlh8g6gel2k
                                                                                                                                                                                                                              MD5:D354BEFC129AF315AF4003A3B70AE055
                                                                                                                                                                                                                              SHA1:ACEB220D22AAA831BAB35DA1759FA5D2EF2E1D1C
                                                                                                                                                                                                                              SHA-256:6A6481710949755E37A2F881BF2D85FFEE15BD884754B428E257E5AE1E9009B6
                                                                                                                                                                                                                              SHA-512:CA068CE96896C2AC2FE6FB067F23686F271A0A488875B6F5D70B85D187F3A444B960BE8729BCFE16484CF679CB7586435E19633ED02CA6CB86457B93718C95B4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFC08A540850D79B0E.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47148930832446034
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Wh/lg/3g/tOS/NOOS/N7B1rN:kBqoxKcoZOKOuhuhNgfg9WFV
                                                                                                                                                                                                                              MD5:6E3D60F245EAE2B417DB74896A39BD1D
                                                                                                                                                                                                                              SHA1:0BFEB363AC9AC03C874ED586B5187A68444019D6
                                                                                                                                                                                                                              SHA-256:65CDFAF153CC678B9F722D53C8519EC59DBAD1FAEF8953C38029A0606FA4DA00
                                                                                                                                                                                                                              SHA-512:9FFB7887B1A3AF4A63BB117C2EBC1F62C538CC1E9889640CAA18323D63D5819C81AC6D6D51604BFBC86CFC503B471DB8EDCD79227F5270772E68BBC03BFE43B0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFC53D1C41A4E7E9CF.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4712213003956978
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/ih/pg/rg/hOS/5OOS/57t1rN:kBqoxKcoZOKOuhKhhgDgJihR
                                                                                                                                                                                                                              MD5:7AFD853DC8E11CBF54719E51C155460F
                                                                                                                                                                                                                              SHA1:F43DEF42B8335726F128C8451E1E8D25183B1BC0
                                                                                                                                                                                                                              SHA-256:E4EB3630C07D3F94F141B70D5627C853E403B537DBF9DA8B173A4047247DB8E5
                                                                                                                                                                                                                              SHA-512:0080B35484122825FA9BF4167BF0E95D4C0E7D73B85C61AA06657466F559770ABD6487D318B7F28C2F530EEF323EA1BBC29BE41C84EEE155776DDDB066D9C396
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFC5A0D6BAF6471944.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.470670245113543
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/4h/rg/Jg/POS/7OOS/77X1rN:kBqoxKcoZOKOuhwhTgxgTgnD
                                                                                                                                                                                                                              MD5:737E0024179A153BE62A293BF798F85F
                                                                                                                                                                                                                              SHA1:508AC88CA870D4E4A79A106F5C71655B9A6E100D
                                                                                                                                                                                                                              SHA-256:DB3243A728A596FAEE30E970F8A7E124B906490B91ED88F11C0F0CDE9F050E64
                                                                                                                                                                                                                              SHA-512:1755B54341D32ED23C08E09479C79DA5CF78A12B161B02F40DD3F063463D762CD720AA1D7B7971CE1E3B759231FC02F5AB0561CD9B83CC71A1272F78BB5EE95F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFC840B24C2AEE7080.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47072242393266633
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Uh//g/Ng/jOS/nOOS/n7D1rN:kBqoxKcoZOKOuhchXglgfMT/
                                                                                                                                                                                                                              MD5:3217AD8AC4A5D7A3E9227F402DCF9737
                                                                                                                                                                                                                              SHA1:FA43AD9014B88C1E98D51F8DBEA5EC8C97EB2335
                                                                                                                                                                                                                              SHA-256:CDC81A81AB48E9ADAFFD1146819F84BD376E3331D8348EFB61ABEDB1FA5FADB9
                                                                                                                                                                                                                              SHA-512:46B3EEB5B26AE86D374438E89DA79B6324911E5AED70B756CB6F477064B07D303CCFDF59D661CB1A9757541182E16B5FDD66479F323F995A79AC7AE6557DEA4B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFCD926247CB825981.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4712195729327382
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/5h/Yg/2g/QOS/COOS/C7u1rN:kBqoxKcoZOKOuhhhwgOgKxSQ
                                                                                                                                                                                                                              MD5:72B164B9F9441976FA8B8D13F61C301F
                                                                                                                                                                                                                              SHA1:97BE5221BC42F2F6C11C15BBF8BF01C726811613
                                                                                                                                                                                                                              SHA-256:0B0C8F6F566CAB11090EA2960F440DFD408FA8A52D399E0474CF4D0679B70582
                                                                                                                                                                                                                              SHA-512:47FDA337709EDD6016DC245ACD94925461CCFE7F60289D0367A1629E20D43BB8A4BE51D18F3E41C879FFB9C9DB53413B9E5108172299A7C9032FA8A4297B66C5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFD30D6CD449AAB5B6.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.470754957962677
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/6h/Rg/Tg/ZOS/xOOS/x791rN:kBqoxKcoZOKOuhShZg7gBaZB
                                                                                                                                                                                                                              MD5:E516A0D4E5B22A9651DD3B7A952B594D
                                                                                                                                                                                                                              SHA1:BF7E4304CB5E1B5802DACB66889D33D6B8CBE669
                                                                                                                                                                                                                              SHA-256:B12A49627FDAFD4396E889458062DC68FC85E3DE140D0FE1AE54155C3C04ED40
                                                                                                                                                                                                                              SHA-512:4FD1AD80AE288CD4F12191299DA95E334237879B9E9B479DF4FD6E15C03BBA554D2C850EE271749CD16CF586163B219E55F80336363D8513D500A51CE798C4F0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFD36F2FF2F728EB4C.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47125143105661943
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/UHh/UCg/UEg/UOOS/UUOOS/UU74U1rN:kBqoxKcoZOKOuhMHhMCgMEgM0MnMA4u
                                                                                                                                                                                                                              MD5:4E8801459A783C8FBA2968B688336C95
                                                                                                                                                                                                                              SHA1:6048658E7F41F1208AC66A0E41DE2ACE1E7F5C08
                                                                                                                                                                                                                              SHA-256:4F14C9876EB013A67FE7B97290F1B702ED10D47539E7AE165A0EB6749270C812
                                                                                                                                                                                                                              SHA-512:121A2B2DECCDB16E759AF60C911BF7FC08433D7DA45FEE7E874BC4338E89BE5673791FA1A9A1C6A57B64DD8074AF5BF2D4200C2FBC981CD773CAEE2F97F573F9
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFD43736D5F1C96238.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):29745
                                                                                                                                                                                                                              Entropy (8bit):0.2920107282763179
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAC9laAC9lrz:kBqoxxJhHWSVSEabeQ2y
                                                                                                                                                                                                                              MD5:CE909A43525B3843C907DCBE55E9D7DD
                                                                                                                                                                                                                              SHA1:8B6E53CCBAAB132FF8100ECB696282F011402047
                                                                                                                                                                                                                              SHA-256:540A8B39EAF1EF9CF341697FC4CDABBEBDED17B16321398C539639FD17EE1602
                                                                                                                                                                                                                              SHA-512:027F1DF5288441E3BFF63ABABD90521E2A72DC20FFAC545E0F180483761229D13254375ADA525D3C5155C1BAC6602117B24617A160C4B9D21C30721B9DF17446
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFD62D07C078E15593.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47271858124813154
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Oh/tg//g/FOS/FOOS/F7B1rN:kBqoxKcoZOKOuhWhlg3gVO9V
                                                                                                                                                                                                                              MD5:FD1CADE559FEB35DBAD7A4034505AF63
                                                                                                                                                                                                                              SHA1:32A53295E5762F7CD18F69446E6BE0F7CDBBE189
                                                                                                                                                                                                                              SHA-256:FB03FFD17A9F422A6AA55AABC42AAA145E3AF505BBD65A689FCA232A873AE7DA
                                                                                                                                                                                                                              SHA-512:89A048C17C2079DAA59EFD5E22A3720708A4CF4089BFFF33CB9B7D4342E5592E9700F0982450806B9786054FF788882C5F0A337B207E59E58B9420E3F74CD935
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFD6A33674DF721CED.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4708061270256057
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/hyh/h5g/hbg/hxOS/hJOOS/hJ7NJ1rN:kBqoxKcoZOKOuhAhjghgDwXz
                                                                                                                                                                                                                              MD5:21934334FDA52B7F406CEF4DD52502E3
                                                                                                                                                                                                                              SHA1:10D4F337FD5B46A643C699137D95CEEEF5B7B42F
                                                                                                                                                                                                                              SHA-256:0AF436F08061755FDD7023D2CAD005006EBA8D867633AEF4DD76327CF10CA33E
                                                                                                                                                                                                                              SHA-512:23FA34672F320F274323CBA339FCF5ABDC14570F58B476E50F46118FF645C04A93B54AD36FFFA8F61CFEC8C718270EE6A36F743ED1EAC3ACCEC0448DA01E7D8F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFDAFC2067E1BF9176.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47187260692684074
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Jh/og/mg/gOS/SOOS/S7+1rN:kBqoxKcoZOKOuhhhwgOgKxSA
                                                                                                                                                                                                                              MD5:26C49A63F56FF6EDC67E70906FE059A1
                                                                                                                                                                                                                              SHA1:CF78FD93AC189035F2B31A314045FFB9E92C5D79
                                                                                                                                                                                                                              SHA-256:A9117F9FC0A78D0316325F82A9AA17A73FA78F6FEFEA18A50677D99D1248CE09
                                                                                                                                                                                                                              SHA-512:19769F148DDD4105ACE4DC96E08A6249EE3269C1401331CFAB4BD44A44A777E5AA3532E128F824AA03D2860125FF4FC51DECEA9BE3C9937E4CAA3CDE3616DCF3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFE54225A1D9BD133F.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.47108737903866355
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/+h/dg/Pg/1OS/1OOS/17B1rN:kBqoxKcoZOKOuhmh1gngFetV
                                                                                                                                                                                                                              MD5:9450B8B2BDC65EC4AC75AB43004DE5DC
                                                                                                                                                                                                                              SHA1:6BBD186D0945D48B158978BA9B32385611982910
                                                                                                                                                                                                                              SHA-256:85027BAB0E8E59E9F0B5BA5D749B6DD1991B48BBF920B38AF5654359EA2CA090
                                                                                                                                                                                                                              SHA-512:0AFDC1020C3E7F4C2238464C0797247171CD929406B8B5A9D4BD65B85C1BA07DB575BB5A2F95282B3C401C333A4A8AF2349F28AFE64B49D2188D45DB9262ABB9
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFE596491A11E35A53.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4710449696821495
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Jh/og/mg/gOS/SOOS/S7m1rN:kBqoxKcoZOKOuhBhQgugqRyI
                                                                                                                                                                                                                              MD5:8880DAC9663DA9DE91BE518437237CDE
                                                                                                                                                                                                                              SHA1:2F925A0F75BCEDDCAB8EF3377FB503F3BC5F13FA
                                                                                                                                                                                                                              SHA-256:CCCAC1B0044958D5AAE3F29F0B4FBB765A45382B0A4ECCD017A90DDC286592B9
                                                                                                                                                                                                                              SHA-512:AD4585ED59034DA866D1F0207088074AF6CAFFFE573296F20641828A3CFD5C3982B6D5E6EB54BFB241832E1BDE3A197123133F6DBE7CCF45C31D154F79BA88EA
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFEA69D61FE948C299.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.46907261197623623
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Xh/1Ug/0g/eOS/kOOS/k7Y1rN:kBqoxKcoZOKOuh/hKgMgcvIi
                                                                                                                                                                                                                              MD5:4FC422BE184BE84C729BE0FA219F3042
                                                                                                                                                                                                                              SHA1:311983ACD85F722F4F3E92EB66B68ABAB2B71CEB
                                                                                                                                                                                                                              SHA-256:77D9050CD221C50B1739D48FC9D9A18491AC68380731EBEEA5222F39EE5490E5
                                                                                                                                                                                                                              SHA-512:11AD4A012C1B8744E88C3780929F9D66DD47C3F9B48FA70656200A730C6351028A00461B643E7885E10CD864612012C68E1FBC7CC7E8E85D1B11878B9C455901
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFEF8C3318C7999AFF.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4721641982521521
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/jyh/j5g/jbg/jxOS/jJOOS/jJ7fJ1rN:kBqoxKcoZOKOuh7yh75g7bg7h7675fd
                                                                                                                                                                                                                              MD5:C70706B9D17482A548CF615174519F0C
                                                                                                                                                                                                                              SHA1:5E82CC121F50B9D396C65BF657D602C495F67220
                                                                                                                                                                                                                              SHA-256:FA9AC2291107D1D15BB7DB8EDBD20F44D87981D69ADC7ED48116009CFBABDD98
                                                                                                                                                                                                                              SHA-512:8044C430ACF81C2B6C786BC4ED5C5EAFDA3FCD23A5D3ABADB8750C2867095327B26DDF836ED997000BB9C92DA88FA8A00ADA9E76FA8EAD1C59EF5FA1E3BB1705
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFFB7AB40EA80E5A6B.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4723958456982056
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/Pyh/P5g/Pbg/PxOS/PJOOS/PJ7rJ1rN:kBqoxKcoZOKOuhyh5gbgh65h
                                                                                                                                                                                                                              MD5:6F41D1E5FEF6282A2F17AC7F7C9A32A0
                                                                                                                                                                                                                              SHA1:C439019FBF684A09E8EBF6A9173A3061F148D4C3
                                                                                                                                                                                                                              SHA-256:C3DD7070A751931C704C6C918988B4D4647C133321E29B7C8704C977F464CAEA
                                                                                                                                                                                                                              SHA-512:2C66044BCA8518539FFF56A3DB923764354D55332DDE8714DB64AAC01ED231E0D0E22B72E6BD4503AB14DED1A9B0D167C96F319AB053F6834A73728B78E50A36
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFFF1E0465A24126BD.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):34785
                                                                                                                                                                                                                              Entropy (8bit):0.4722675032101587
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:kBqoxKc/A/BO/SO/Wh/bh/eg/Ag/6OS/oOOS/o781rN:kBqoxKcoZOKOuhThGgoggzsW
                                                                                                                                                                                                                              MD5:91E80D7E9BA9A7AFFC1A89334DF11062
                                                                                                                                                                                                                              SHA1:D0F9798518C3C84BED9EF27AFA20D3BEA15DB174
                                                                                                                                                                                                                              SHA-256:789669B24C14CEBD3598B1AE729A55CE8CCBED06B8DE69F850B806A198EBA64D
                                                                                                                                                                                                                              SHA-512:A56761C516F5384330DE79D8F2A9CF536C78A165A009F8EA4EA1CA258F76B899C4C75244CB39EA7389BFDD0D951D025A462BFDF42EF9CC3151AF11099B3F2E68
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                              Entropy (8bit):7.999318948976755
                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                                                                                                                                              • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                              File name:mp3rocket.exe
                                                                                                                                                                                                                              File size:9763792
                                                                                                                                                                                                                              MD5:a9fbd79c820e2878c052161afe97d274
                                                                                                                                                                                                                              SHA1:6b329f9a85e1dc4cb169e7321a46b39337e68007
                                                                                                                                                                                                                              SHA256:a507d6b4f120b63e1dc0bdd6d76a9d89877c7a21e320b5873224d7ca0a951a8a
                                                                                                                                                                                                                              SHA512:6b53d7ce6896f3f24c6b3b350be061b31a039b4056b0f40dcb92ecda5ffa1e8fffe2c816490e2ae2bfc200ed42f4e8b691bdedb3e5d4133171db6a4e1e39ab10
                                                                                                                                                                                                                              SSDEEP:196608:3VbrCve45Fb/7unYB12gTC2tcMtbFtnMrHSZmeHgq5sNTsw4R8:FbrCv5Fbj1BggTCucMGLS4+NsNy8
                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\.........

                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                              Icon Hash:f9d283879788c031

                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Entrypoint:0x40323c
                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                                                                                                              DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                              Time Stamp:0x4B1AE3C6 [Sat Dec 5 22:50:46 2009 UTC]
                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                              OS Version Major:4
                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                              File Version Major:4
                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                              Subsystem Version Major:4
                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                              Import Hash:099c0646ea7282d232219f8807883be0

                                                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                                                              Signature Valid:false
                                                                                                                                                                                                                              Signature Issuer:CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
                                                                                                                                                                                                                              Signature Validation Error:A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file
                                                                                                                                                                                                                              Error Number:-2146762495
                                                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                                                              • 6/6/2011 5:00:00 PM 7/11/2013 4:59:59 PM
                                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                                              • CN=MP3 Support, OU=SECURE APPLICATION DEVELOPMENT, O=MP3 Support, L=Oshawa, S=Ontario, C=CA
                                                                                                                                                                                                                              Version:3
                                                                                                                                                                                                                              Thumbprint MD5:4B0C41291BAD4B8B9693EB605849E4B8
                                                                                                                                                                                                                              Thumbprint SHA-1:5A16E317B85F211C8CFE8BFC386808DE2698F9A0
                                                                                                                                                                                                                              Thumbprint SHA-256:03E1E9B56B410335F5C30B14034A6D17583B4D2AD2D6E9415B6AAD4624E5F64B
                                                                                                                                                                                                                              Serial:6CA038127129FA262DA256411F21A600

                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                              sub esp, 00000180h
                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                              xor ebx, ebx
                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                              mov dword ptr [esp+18h], ebx
                                                                                                                                                                                                                              mov dword ptr [esp+10h], 00409130h
                                                                                                                                                                                                                              xor esi, esi
                                                                                                                                                                                                                              mov byte ptr [esp+14h], 00000020h
                                                                                                                                                                                                                              call dword ptr [00407030h]
                                                                                                                                                                                                                              push 00008001h
                                                                                                                                                                                                                              call dword ptr [004070B4h]
                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                              call dword ptr [0040727Ch]
                                                                                                                                                                                                                              push 00000008h
                                                                                                                                                                                                                              mov dword ptr [00423F58h], eax
                                                                                                                                                                                                                              call 00007FEFA0DC10EEh
                                                                                                                                                                                                                              mov dword ptr [00423EA4h], eax
                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                              lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                              push 00000160h
                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                              push 0041F458h
                                                                                                                                                                                                                              call dword ptr [00407158h]
                                                                                                                                                                                                                              push 004091B8h
                                                                                                                                                                                                                              push 004236A0h
                                                                                                                                                                                                                              call 00007FEFA0DC0DA1h
                                                                                                                                                                                                                              call dword ptr [004070B0h]
                                                                                                                                                                                                                              mov edi, 00429000h
                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                              call 00007FEFA0DC0D8Fh
                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                              call dword ptr [0040710Ch]
                                                                                                                                                                                                                              cmp byte ptr [00429000h], 00000022h
                                                                                                                                                                                                                              mov dword ptr [00423EA0h], eax
                                                                                                                                                                                                                              mov eax, edi
                                                                                                                                                                                                                              jne 00007FEFA0DBE4ECh
                                                                                                                                                                                                                              mov byte ptr [esp+14h], 00000022h
                                                                                                                                                                                                                              mov eax, 00429001h
                                                                                                                                                                                                                              push dword ptr [esp+14h]
                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                              call 00007FEFA0DC0882h
                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                              call dword ptr [0040721Ch]
                                                                                                                                                                                                                              mov dword ptr [esp+1Ch], eax
                                                                                                                                                                                                                              jmp 00007FEFA0DBE545h
                                                                                                                                                                                                                              cmp cl, 00000020h
                                                                                                                                                                                                                              jne 00007FEFA0DBE4E8h
                                                                                                                                                                                                                              inc eax
                                                                                                                                                                                                                              cmp byte ptr [eax], 00000020h
                                                                                                                                                                                                                              je 00007FEFA0DBE4DCh
                                                                                                                                                                                                                              cmp byte ptr [eax], 00000022h
                                                                                                                                                                                                                              mov byte ptr [eax+eax+00h], 00000000h

                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x3d0000x9c70.rsrc
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x94ec400xf90
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                              .text0x10000x5a5a0x5c00False0.660453464674data6.41769823686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .rdata0x70000x11900x1200False0.4453125data5.18162709925IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .data0x90000x1af980x400False0.55859375data4.70902740305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .ndata0x240000x190000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .rsrc0x3d0000x9c700x9e00False0.537232990506data5.77559450974IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                                              RT_BITMAP0x3d4600x666dataEnglishUnited States
                                                                                                                                                                                                                              RT_ICON0x3dac80x25a8dataEnglishUnited States
                                                                                                                                                                                                                              RT_ICON0x400700x1ca8dataEnglishUnited States
                                                                                                                                                                                                                              RT_ICON0x41d180x10a8dataEnglishUnited States
                                                                                                                                                                                                                              RT_ICON0x42dc00xea8dataEnglishUnited States
                                                                                                                                                                                                                              RT_ICON0x43c680xca8dBase IV DBT of @.DBF, block length 3072, next free block index 40, next free block 208, next used block 0EnglishUnited States
                                                                                                                                                                                                                              RT_ICON0x449100x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16776176, next used block 10526884EnglishUnited States
                                                                                                                                                                                                                              RT_ICON0x451b80x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                                                              RT_ICON0x457200x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                                                              RT_ICON0x45b880x368GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                                                              RT_DIALOG0x45ef00xb4dataEnglishUnited States
                                                                                                                                                                                                                              RT_DIALOG0x45fa80x120dataEnglishUnited States
                                                                                                                                                                                                                              RT_DIALOG0x460c80x158dataEnglishUnited States
                                                                                                                                                                                                                              RT_DIALOG0x462200x200dataEnglishUnited States
                                                                                                                                                                                                                              RT_DIALOG0x464200xf8dataEnglishUnited States
                                                                                                                                                                                                                              RT_DIALOG0x465180xa0dataEnglishUnited States
                                                                                                                                                                                                                              RT_DIALOG0x465b80xeedataEnglishUnited States
                                                                                                                                                                                                                              RT_GROUP_ICON0x466a80x84dataEnglishUnited States
                                                                                                                                                                                                                              RT_VERSION0x467300x17cdata
                                                                                                                                                                                                                              RT_MANIFEST0x468b00x3beXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                              KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                                                                                                                                                                                                              USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                                                                                                                                                              GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                              SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                                                                                                                                                              ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                                                                                                                                                              COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                              ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                              VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                                                                                                                                              Version Infos

                                                                                                                                                                                                                              DescriptionData
                                                                                                                                                                                                                              LegalCopyright
                                                                                                                                                                                                                              FileVersion6.2.4
                                                                                                                                                                                                                              FileDescriptionMP3Rocket-Win.exe
                                                                                                                                                                                                                              Translation0x0000 0x04e4

                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.626271009 CET4972780192.168.2.735.244.183.133
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.676779032 CET804972735.244.183.133192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.676897049 CET4972780192.168.2.735.244.183.133
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.677556038 CET4972780192.168.2.735.244.183.133
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.728049994 CET804972735.244.183.133192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.819226980 CET804972735.244.183.133192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.820261955 CET4972780192.168.2.735.244.183.133
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.900275946 CET4972880192.168.2.734.102.244.163
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.940387964 CET804972834.102.244.163192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.940642118 CET4972880192.168.2.734.102.244.163
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.941307068 CET4972880192.168.2.734.102.244.163
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.983781099 CET804972834.102.244.163192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.072962046 CET804972834.102.244.163192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.073079109 CET4972880192.168.2.734.102.244.163
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.149293900 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.196917057 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.197451115 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.225346088 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.273001909 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.275558949 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.275599957 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.275625944 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.275648117 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.275685072 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.275723934 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.363811016 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.412024021 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.413410902 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.431957960 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.484076977 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.581790924 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.581824064 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.581850052 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.581876040 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.581916094 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.581938982 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.581942081 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.581998110 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.582005024 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.582035065 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.582087994 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.582093954 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.585378885 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.585434914 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.585464001 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.585484028 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.588718891 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.588757992 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.588793993 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.588816881 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.592108965 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.592183113 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.592237949 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.592261076 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.595560074 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.595809937 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.629601002 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.629637003 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.629709959 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.629734039 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.631239891 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.631267071 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.631643057 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.634612083 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.634650946 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.634694099 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.634715080 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.638134956 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.638154030 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.638350964 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.641345024 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.641375065 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.641411066 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.641427994 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.644746065 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.644773960 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.644829988 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.644855976 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.648071051 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.648096085 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.648154974 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.648170948 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.651243925 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.651269913 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.651310921 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.651326895 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.654340029 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.654364109 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.654412985 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.654428959 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.657421112 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.657445908 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.657510042 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.660464048 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.660471916 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.660617113 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.663562059 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.663661957 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.663723946 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.663748026 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.666625023 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.666646957 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.666759014 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.669755936 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.669785976 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.669817924 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.669836044 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.677351952 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.677360058 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.677470922 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.678569078 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.678595066 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.678630114 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.678652048 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.681005955 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.681030035 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.681090117 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.681109905 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.683268070 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.683296919 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.683343887 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.683365107 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.685307980 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.685365915 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.685447931 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.685506105 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.687516928 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.687545061 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.687567949 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.687588930 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.689692974 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.689717054 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.689785004 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.689815044 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.691833019 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.691855907 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.691907883 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.691926003 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.694063902 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.694089890 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.694134951 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.694165945 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.696177959 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.696193933 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.696301937 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.698412895 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.698431015 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.698487043 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.698508978 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.700553894 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.700573921 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.700642109 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.700665951 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.702668905 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.702686071 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.702740908 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.702764988 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.704849005 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.704870939 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.704929113 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.704953909 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.707045078 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.707093000 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.707155943 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.707185984 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.709306955 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.709332943 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.709405899 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.709413052 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.711422920 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.711445093 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.711507082 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.711529970 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.713530064 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.713551044 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.713686943 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.715600014 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.715617895 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.715766907 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.717690945 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.717713118 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.718846083 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.719665051 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.719691038 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.719791889 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.721674919 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.721703053 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.721767902 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.723457098 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.723484993 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.725328922 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.725347996 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.725353003 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.725480080 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.727197886 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.727225065 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.727581978 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.729012966 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.729036093 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.729120970 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.730153084 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.730170012 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.730240107 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.731293917 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.731308937 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.731411934 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.732434988 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.732459068 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.732510090 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.732563019 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.733561993 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.733580112 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.733666897 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.734738111 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.734762907 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.734869957 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.735831976 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.735852957 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.735991955 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.737051964 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.737090111 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.737144947 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.737165928 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.737992048 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.738014936 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.738454103 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.739109039 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.739135027 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.739310026 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.740187883 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.740210056 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.740446091 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.741307020 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.741328001 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.741408110 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.742317915 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.742352009 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.742650032 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.742664099 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.743319988 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.743350029 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.743434906 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.743448973 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.744380951 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.744406939 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.744503975 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.744524002 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.745419979 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.745444059 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.746407986 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.746428967 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.746490002 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.746514082 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.747423887 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.747447968 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.747654915 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.748454094 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.748476982 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.748559952 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.749461889 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.749483109 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.749680996 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.750411987 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.750433922 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.750514984 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.751422882 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.751447916 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.751523018 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.751533985 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.752305984 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.752334118 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.752439976 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.752460003 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.753247023 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.753267050 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.753415108 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.755744934 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.755770922 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.755800009 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.755815983 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.755888939 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.755906105 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.756052971 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.756073952 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.756460905 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.756978989 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.756999016 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.757067919 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.757993937 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.758017063 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.758096933 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.758924961 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.758944035 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.759094954 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.759766102 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.759782076 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.759898901 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.760750055 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.760775089 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.760835886 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.760843992 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.761651039 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.761667013 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.761782885 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.762612104 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.762635946 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.763295889 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.763408899 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.763425112 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.763519049 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.764266968 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.764281988 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.764373064 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.765163898 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.765264034 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.765500069 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.765604973 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.766047955 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.766073942 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.766465902 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.766845942 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.766863108 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.767653942 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.767697096 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.767719984 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.768569946 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.768634081 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.768717051 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.768735886 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.769427061 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.769459009 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.769521952 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.769537926 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.770222902 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.770240068 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.770304918 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.771059036 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.771079063 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.771229982 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.771892071 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.771910906 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.772031069 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.772768974 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.772789955 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.773411036 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.773601055 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.773619890 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.773883104 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.774369955 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.774389982 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.774641991 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.775230885 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.775254965 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.775338888 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.775369883 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.776031971 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.776050091 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.776554108 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.776801109 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.776822090 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.776983023 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.777694941 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.777726889 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.778017998 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.778492928 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.778512001 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.778611898 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.779175043 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.779203892 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.779287100 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.779303074 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.779895067 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.779915094 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.779978037 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.780677080 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.780695915 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.781017065 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.781348944 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.781363964 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.781605005 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.782087088 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.782107115 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.782179117 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.782200098 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.782746077 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.782764912 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.782845020 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.782866001 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.783397913 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.783463955 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.783478975 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.783584118 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.784106016 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.784127951 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.784184933 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.784362078 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.784759998 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.784782887 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.784852982 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.785475969 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.785492897 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.786027908 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.786052942 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.786072969 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.786187887 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.786737919 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.786758900 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.786776066 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.786799908 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.786854982 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.787722111 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.787739992 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.787758112 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.788564920 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.788650990 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.788666010 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.788727045 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.788783073 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.788798094 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.789633989 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.789648056 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.789665937 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.790043116 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.790553093 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.790574074 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.790592909 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.790632963 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.790663004 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.791455984 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.791471004 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.791486979 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.791543007 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.792418003 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.792432070 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.792480946 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.792494059 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.792517900 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.792521000 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.793267012 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.793284893 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.793304920 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.793401957 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.793422937 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.794215918 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.794246912 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.794250965 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.794497967 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.795011997 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.795027018 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.795042992 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.795098066 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.795855999 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.795871019 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.795888901 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.795952082 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.796681881 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.796696901 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.796711922 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.796770096 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.797509909 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.797529936 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.797547102 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.797581911 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.797641993 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.798357964 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.798374891 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.798388958 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.798434019 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.798502922 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.799122095 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.799140930 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.799154997 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.799242020 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.799262047 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.799952030 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.799973965 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.799992085 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.800668001 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.800688982 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.800709963 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.800762892 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.800781965 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.801507950 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.801522017 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.801541090 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.801609039 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.801629066 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.802238941 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.802256107 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.802268982 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.802392006 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.802978992 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.802994967 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.803014994 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.803123951 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.803677082 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.803699970 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.803719997 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.803910971 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.804402113 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.804423094 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.804440975 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.804491997 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.805143118 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.805171967 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.805190086 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.805227041 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.805291891 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.805860043 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.805882931 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.805901051 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.805918932 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.805941105 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.806020975 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.806035995 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.806835890 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.806857109 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.806880951 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.806899071 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.806957960 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.806972980 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.807791948 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.807806969 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.807820082 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.807847023 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.807917118 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.807936907 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.808728933 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.808746099 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.808767080 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.808785915 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.808829069 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.808846951 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.809596062 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.809745073 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.809798002 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.809818029 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.809842110 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.809866905 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.809907913 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.809922934 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.809954882 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.810672998 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.810693026 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.810715914 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.810734034 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.810801983 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.810813904 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.811541080 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.811559916 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.811579943 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.811598063 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.811625004 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.811642885 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.812604904 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.812645912 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.812664986 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.812683105 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.812693119 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.812711954 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.812793016 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.813339949 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.813363075 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.813416004 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.813435078 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.813483000 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.813494921 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.814116001 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.814136982 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.814163923 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.814181089 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.814249992 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.814268112 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.814920902 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.814943075 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.814975977 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.815001011 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.815057039 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.815121889 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.815735102 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.815761089 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.815778017 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.815799952 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.815841913 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.815860033 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.816525936 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.816549063 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.816576958 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.816593885 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.816617012 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.816679001 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.817408085 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.817433119 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.817451000 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.817468882 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.817497015 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.817508936 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.817555904 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.818160057 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.818181038 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.818206072 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.818223953 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.818262100 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.818696976 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.818907022 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.819037914 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.819057941 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.819070101 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.819077969 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.819092989 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.819143057 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.819150925 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.819924116 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.819942951 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.819955111 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.819974899 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.819988012 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.820008039 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.820074081 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.820188046 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.820866108 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.820887089 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.820902109 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.820919991 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.820938110 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.820993900 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.821011066 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.821106911 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.821738958 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.821758986 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.821772099 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.821791887 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.821820021 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.821870089 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.821887016 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.821891069 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.822654009 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.822669983 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.822695017 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.822711945 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.822737932 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.822773933 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.822792053 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.823605061 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.823628902 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.823646069 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.823674917 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.823688030 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.823709011 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.823709011 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.823736906 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.823764086 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.824513912 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.824531078 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.824554920 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.824573040 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.824587107 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.824621916 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.824717045 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.825560093 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.825581074 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.825599909 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.825613976 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.825639009 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.825673103 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.825689077 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.825701952 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.826806068 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.826824903 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.826849937 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.826864004 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.826915026 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.826993942 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.828602076 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.828633070 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.828649998 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.828672886 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.828687906 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.828738928 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.828759909 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.830452919 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.830466986 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.830490112 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.830503941 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.830528975 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.830542088 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.830575943 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.830595970 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.830600023 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.831931114 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.831960917 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.831974030 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.831995964 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.832007885 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.832031012 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.832043886 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.832067966 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.833595991 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.833611965 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.833642006 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.833662033 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.833769083 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.833787918 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.836249113 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.836272955 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.836296082 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.836298943 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.836313009 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.836328030 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.836384058 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.836405039 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.837668896 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.837687016 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.837703943 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.837721109 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.837733984 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.837747097 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.837785959 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.837805986 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.839083910 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.839097977 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.839114904 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.839128017 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.839135885 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.839142084 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.839159012 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.839162111 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.839185953 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.839657068 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.840471029 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.840882063 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.840897083 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.840955019 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.840955973 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.840969086 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.841000080 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.841012955 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.841047049 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.841058969 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.841409922 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.841476917 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.842622042 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.842637062 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.842653036 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.842667103 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.842685938 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.842701912 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.842705965 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.842715025 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.842751026 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.842765093 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.844316959 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.844336033 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.844357967 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.844372034 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.844393015 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.844409943 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.844429970 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.844444036 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.844513893 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.844640970 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.844655037 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.846024036 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.846039057 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.846055984 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.846069098 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.846081972 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.846174002 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.846194983 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.873531103 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.873750925 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888133049 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888155937 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888178110 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888195992 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888219118 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888237000 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888262033 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888266087 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888283968 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888286114 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888303995 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888329029 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888344049 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888348103 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888353109 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888398886 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888401985 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888422966 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888437033 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888454914 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888475895 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888497114 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888516903 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888516903 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888521910 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888540030 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888565063 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888582945 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888588905 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888588905 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888607979 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888628006 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888637066 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888641119 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888678074 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.888679981 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889396906 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889425039 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889437914 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889502048 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889513969 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889539003 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889578104 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889600992 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889626980 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889630079 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889635086 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889653921 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889692068 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889714003 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889724016 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889730930 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889746904 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889777899 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889801979 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889802933 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889806032 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889827013 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889859915 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.889863968 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890450954 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890475035 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890510082 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890527010 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890536070 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890538931 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890564919 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890585899 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890599966 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890604019 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890619040 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890645981 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890666008 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890671968 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890674114 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890703917 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890717983 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890722036 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890731096 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890935898 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.890952110 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.891418934 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.891452074 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.891479969 CET4434972935.244.253.184192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.891500950 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.891520977 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.891788006 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:48.834741116 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:12:51.561567068 CET4972880192.168.2.734.102.244.163
                                                                                                                                                                                                                              Jan 13, 2021 17:12:51.561585903 CET4972780192.168.2.735.244.183.133
                                                                                                                                                                                                                              Jan 13, 2021 17:12:51.561623096 CET49729443192.168.2.735.244.253.184
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.230473042 CET4973180192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.230734110 CET4973280192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.273467064 CET8049731151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.273495913 CET8049732151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.273566961 CET4973180192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.273605108 CET4973280192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.274238110 CET4973180192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.316874027 CET8049731151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.317915916 CET8049731151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.317965031 CET8049731151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.318001032 CET4973180192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.318030119 CET4973180192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.318142891 CET4973180192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.360805988 CET8049731151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.365016937 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.407906055 CET44349733151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.408907890 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.414216995 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.457756042 CET44349733151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.458929062 CET44349733151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.458950996 CET44349733151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.458967924 CET44349733151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.458985090 CET44349733151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.459002972 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.459019899 CET44349733151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.459033966 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.459084988 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.508100033 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.516119003 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.516370058 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.551120996 CET44349733151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.551254034 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.558955908 CET44349733151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.593899965 CET44349733151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.593986034 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.594244003 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.683796883 CET44349733151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.685192108 CET44349733151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.685275078 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.605923891 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.607527018 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.648797989 CET44349736151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.648945093 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.650335073 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.650515079 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.662848949 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.662918091 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.705651999 CET44349736151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.705679893 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.706989050 CET44349736151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707022905 CET44349736151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707052946 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707065105 CET44349736151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707082033 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707089901 CET44349736151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707108021 CET44349736151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707108974 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707130909 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707156897 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707362890 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707391024 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707417965 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707432985 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707443953 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707473040 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707499981 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707518101 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707554102 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.745498896 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.745565891 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.754307985 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.754704952 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.754740953 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.788523912 CET44349736151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.788556099 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.788625956 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.788667917 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.797497988 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.831357956 CET44349736151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.831413984 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.831512928 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.831562042 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.831696033 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.831798077 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.918143034 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.920996904 CET44349736151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.963763952 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.963833094 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.995217085 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.995935917 CET49741443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.038167000 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.038338900 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.038728952 CET44349741151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.038844109 CET49741443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.055275917 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.056252956 CET49741443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.098185062 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.099184036 CET44349741151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.099221945 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.099244118 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.099272013 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.099292994 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.099311113 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.099344015 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.099399090 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.100259066 CET44349741151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.100295067 CET44349741151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.100317001 CET44349741151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.100333929 CET49741443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.100337982 CET44349741151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.100357056 CET44349741151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.100378036 CET49741443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.100461006 CET49741443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.138525963 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.141685009 CET49741443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.145085096 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.145292997 CET49741443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.145507097 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.181363106 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.181648016 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.184747934 CET44349741151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.184818983 CET49741443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.188543081 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.224354029 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.224462986 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.224683046 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.227647066 CET44349741151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.227737904 CET49741443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.228018045 CET49741443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.308912992 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.312659979 CET44349741151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.318860054 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.318958044 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.595253944 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.597074986 CET49752443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.638071060 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.638156891 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.640150070 CET44349752151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.640264034 CET49752443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.650980949 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.651195049 CET49752443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.693756104 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.693908930 CET44349752151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695056915 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695085049 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695101976 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695117950 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695131063 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695143938 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695197105 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695656061 CET44349752151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695679903 CET44349752151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695699930 CET44349752151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695718050 CET44349752151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695732117 CET44349752151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695749044 CET49752443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695780993 CET49752443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.732651949 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.738318920 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.738662004 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.740345955 CET49752443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.740833044 CET49752443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.775623083 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.775764942 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.782955885 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.791832924 CET44349752151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.792016983 CET44349752151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.792078972 CET49752443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.818473101 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.818593979 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.818826914 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.834856987 CET44349752151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.834949970 CET49752443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.835133076 CET49752443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.903997898 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.916316986 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.916415930 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.919224977 CET44349752151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.787498951 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.830339909 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.944914103 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.945012093 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.658832073 CET49758443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.667285919 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.701637983 CET44349758151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.701745987 CET49758443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.709176064 CET49758443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.709880114 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.709969044 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.717010021 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.751897097 CET44349758151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.753161907 CET44349758151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.753200054 CET44349758151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.753221989 CET44349758151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.753243923 CET44349758151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.753262043 CET44349758151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.753262997 CET49758443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.753293037 CET49758443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.753350019 CET49758443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.759649992 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.760683060 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.760716915 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.760739088 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.760752916 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.760761976 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.760778904 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.760787964 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.760853052 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.795481920 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.795658112 CET49758443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.805115938 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.805532932 CET49758443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.805911064 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.838433981 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.838474035 CET44349758151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.838548899 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.838603020 CET49758443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.848486900 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.881347895 CET44349758151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.881405115 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.881479979 CET49758443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.881540060 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.881865978 CET49758443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.881913900 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.964653969 CET44349758151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.967477083 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.968734980 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.968822002 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:44.003418922 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:13:44.046122074 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:44.182291985 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:44.182420015 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.462297916 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.464432955 CET49773443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.505218029 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.505348921 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.510426044 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.553318977 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.554663897 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.554699898 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.554721117 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.554743052 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.554764032 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.554776907 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.554843903 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.835901022 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.849704981 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.849963903 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.879247904 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.879395008 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.892694950 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.922259092 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.922401905 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.922612906 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.010231972 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.015259981 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.015434027 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.465112925 CET49773443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.511334896 CET44349773151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.511461973 CET49773443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.512629032 CET49773443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.555526972 CET44349773151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.555576086 CET44349773151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.556176901 CET49773443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.569262028 CET49773443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.572442055 CET49773443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.615421057 CET44349773151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.615451097 CET44349773151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.615833998 CET49773443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.616194010 CET49773443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:05.701553106 CET44349773151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:12.379049063 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:12.421976089 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:12.538537979 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:12.539506912 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.553042889 CET49776443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.553263903 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.595920086 CET44349776151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.595948935 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.596116066 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.596153021 CET49776443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.627198935 CET49776443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.627554893 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.670053959 CET44349776151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.670202017 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671408892 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671441078 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671472073 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671499014 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671516895 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671541929 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671575069 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671622992 CET44349776151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671653986 CET44349776151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671678066 CET44349776151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671701908 CET44349776151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671722889 CET44349776151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671768904 CET49776443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671832085 CET49776443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671839952 CET49776443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.711776018 CET49776443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.712193966 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.725892067 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.726214886 CET49776443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.726294041 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.754899979 CET44349776151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.755089045 CET49776443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.755134106 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.755203009 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.769026041 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.798775911 CET44349776151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.798813105 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.798980951 CET49776443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.799241066 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.799253941 CET49776443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.801166058 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.883409023 CET44349776151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.890013933 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.917467117 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.917674065 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:36.017091990 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:36.060125113 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:36.187450886 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:36.188077927 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.131624937 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.132534027 CET49778443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.174487114 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.174597979 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.175324917 CET44349778151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.175426960 CET49778443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.192100048 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.192241907 CET49778443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.235105038 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.235141039 CET44349778151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.236921072 CET44349778151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.236958981 CET44349778151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.236982107 CET44349778151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.237003088 CET44349778151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.237019062 CET44349778151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.237078905 CET49778443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.237124920 CET49778443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.238296986 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.238327026 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.238349915 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.238373041 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.238385916 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.238409042 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.238420010 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.238461018 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.285339117 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.285484076 CET49778443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.298527002 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.298691988 CET49778443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.298995018 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.328615904 CET44349778151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.328658104 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.328744888 CET49778443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.328787088 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.341763020 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.371551991 CET44349778151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.371573925 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.371670961 CET49778443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.371932030 CET49778443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.371948004 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.371994972 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.459745884 CET44349778151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.462476969 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.466979980 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.467111111 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:50.969922066 CET4973280192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:50.970067978 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:51.012748003 CET8049732151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:51.012770891 CET44349733151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:51.012778997 CET44349733151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:51.012831926 CET4973280192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:51.012953997 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:51.012994051 CET49733443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:55.577743053 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:55.620690107 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:55.743253946 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:55.743374109 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:57.251149893 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:57.251254082 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:57.294162035 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:57.294208050 CET44349737151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:57.294245958 CET44349736151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:57.294260979 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:57.294282913 CET44349736151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:57.294307947 CET49737443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:57.294327021 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:14:57.294367075 CET49736443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.622467995 CET49780443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.622780085 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.665304899 CET44349780151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.665467024 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.665652990 CET49780443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.665699005 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.700658083 CET49780443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.701013088 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.743486881 CET44349780151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.743693113 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.744776011 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.744801044 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.744817972 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.744833946 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.744880915 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.744944096 CET44349780151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.744956017 CET44349780151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.744959116 CET44349780151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.744970083 CET44349780151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.744988918 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.745004892 CET44349780151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.745049953 CET49780443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.745717049 CET49780443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.783498049 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.783571959 CET49780443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.796597004 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.796900034 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.797029018 CET49780443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.826785088 CET44349780151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.826829910 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.826881886 CET49780443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.826922894 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.840960026 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.869595051 CET44349780151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.869642019 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.870485067 CET49780443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.870537043 CET49780443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.870553017 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.870559931 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.959057093 CET44349780151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.960479021 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.960577011 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:05.686120033 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:05.686369896 CET49741443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:05.728955030 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:05.728985071 CET44349740151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:05.729123116 CET44349741151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:05.729152918 CET44349741151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:05.729170084 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:05.729217052 CET49740443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:05.729259968 CET49741443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:05.729444981 CET49741443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:12.300585032 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:12.343434095 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:12.472558022 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:12.472640038 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:13.247685909 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:13.247890949 CET49752443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:13.290543079 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:13.290564060 CET44349751151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:13.290611982 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:13.290656090 CET49751443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:13.291728020 CET44349752151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:13.291743994 CET44349752151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:13.291867971 CET49752443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:13.291910887 CET49752443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.746085882 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.751522064 CET49783443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.788891077 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.789001942 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.794295073 CET44349783151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.794372082 CET49783443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.804122925 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.804302931 CET49783443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.848498106 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.848753929 CET44349783151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.848824978 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.848895073 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.848913908 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.848922014 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.848932028 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.848946095 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.848963976 CET44349783151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.848972082 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.848980904 CET44349783151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.848980904 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.849001884 CET44349783151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.849021912 CET44349783151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.849036932 CET44349783151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.849057913 CET49783443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.849086046 CET49783443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.849088907 CET49783443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.893897057 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.894272089 CET49783443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.899823904 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.900124073 CET49783443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.900152922 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.936789989 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.936877966 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.937043905 CET44349783151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.937098980 CET49783443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.943159103 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.979594946 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.979670048 CET44349783151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.979684114 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.979741096 CET49783443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.979999065 CET49783443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.980035067 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:21.059305906 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:21.059377909 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:21.069673061 CET44349783151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:26.217084885 CET49758443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:26.259963036 CET44349758151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:26.260011911 CET44349758151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:26.260119915 CET49758443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:26.260155916 CET49758443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:28.345555067 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:28.388377905 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:28.511480093 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:28.511549950 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:39.903563023 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:39.989736080 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:40.082389116 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:40.082509995 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.730689049 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.731266975 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.773426056 CET44349784151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.773581982 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.773782015 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.773845911 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.778994083 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.779050112 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.821635962 CET44349784151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.821667910 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.822772026 CET44349784151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.822814941 CET44349784151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.822848082 CET44349784151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.822849989 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.822881937 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.822882891 CET44349784151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.822906971 CET44349784151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.822920084 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.822967052 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.823271036 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.823302984 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.823338985 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.823338985 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.823358059 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.823367119 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.823379040 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.823395014 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.823406935 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.823432922 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.866919041 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.867055893 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.882875919 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.883171082 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.883217096 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.909857035 CET44349784151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.909892082 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.910051107 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.910079002 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.925924063 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.952824116 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.952871084 CET44349784151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.952919006 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.952984095 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.953144073 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.953298092 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:49.038249969 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:49.043293953 CET44349784151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:49.044702053 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:49.044780970 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:54.080611944 CET49773443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:54.123734951 CET44349773151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:54.123780012 CET44349773151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:54.124089956 CET49773443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:54.124141932 CET49773443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:55.862972021 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:15:55.953664064 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:56.083872080 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:56.083950996 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:04.444314003 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:04.489892960 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:04.627827883 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:04.627991915 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.794481993 CET49786443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.795655012 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.837055922 CET44349786151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.837147951 CET49786443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.838129997 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.838202953 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.874902964 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.877772093 CET49786443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.917577028 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.918498039 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.918517113 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.918533087 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.918549061 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.918559074 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.918560982 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.918591022 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.918638945 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.920301914 CET44349786151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.921639919 CET44349786151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.921694040 CET49786443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.921799898 CET44349786151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.921817064 CET44349786151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.921832085 CET44349786151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.921844006 CET44349786151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.921853065 CET49786443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.921891928 CET49786443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.971534014 CET49786443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.972040892 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.979639053 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.979785919 CET49786443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.980180979 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.014297009 CET44349786151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.014374018 CET49786443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.014775038 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.014919996 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.022980928 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.056942940 CET44349786151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.057020903 CET49786443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.057200909 CET49786443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.057426929 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.057524920 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.057754993 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.140764952 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.142143011 CET44349786151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.142383099 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.142471075 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.185133934 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:14.185250044 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:17.948205948 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:17.990951061 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:18.095117092 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:18.095284939 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:19.206243038 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:19.206366062 CET49776443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:19.249329090 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:19.249350071 CET44349776151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:19.249361038 CET44349776151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:19.249375105 CET44349777151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:19.249424934 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:19.249470949 CET49776443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:19.249491930 CET49776443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:19.249511957 CET49777443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.401676893 CET49788443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.402091026 CET49789443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.445472002 CET44349788151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.445508003 CET44349789151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.445593119 CET49788443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.445607901 CET49789443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.446480036 CET49788443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.447623968 CET49789443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.489145041 CET44349788151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.489228964 CET44349788151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.489310980 CET49788443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.489840984 CET49788443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.490353107 CET44349789151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.491492987 CET44349789151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.491520882 CET49788443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.491553068 CET49789443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.491816044 CET49788443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.492193937 CET49789443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.493664980 CET49789443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.534441948 CET44349788151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.534481049 CET44349788151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.534600019 CET49788443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.534872055 CET49788443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.537126064 CET44349789151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.537251949 CET44349789151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.537341118 CET49789443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.537525892 CET49789443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.575843096 CET44349788151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.577579975 CET44349788151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.622695923 CET44349789151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.654717922 CET44349788151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.654808044 CET49788443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:34.676105976 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:34.676419973 CET49778443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:34.718949080 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:34.718967915 CET44349779151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:34.719011068 CET44349778151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:34.719049931 CET44349778151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:34.719149113 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:34.719167948 CET49779443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:34.719224930 CET49778443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:34.719335079 CET49778443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.006448984 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.007116079 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.049336910 CET44349790151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.049438000 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.049695015 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.049771070 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.055721998 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.055938959 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.098735094 CET44349790151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.098800898 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.100013971 CET44349790151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.100094080 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.100110054 CET44349790151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.100167990 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.100167990 CET44349790151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.100220919 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.100301027 CET44349790151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.100359917 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.100693941 CET44349790151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.100758076 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.100950003 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.101011038 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.101032972 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.101068974 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.101083040 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.101126909 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.101133108 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.101176977 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.101182938 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.101223946 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.141721010 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.141875982 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.148139000 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.148319960 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.148453951 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.184664965 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.184694052 CET44349790151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.184771061 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.184773922 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.191034079 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.227694035 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.227750063 CET44349790151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.227843046 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.227858067 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.228060961 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.228082895 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.309215069 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.309339046 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.313707113 CET44349790151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:47.789491892 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:47.875108004 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:47.992213011 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:47.992299080 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:54.256669998 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:54.257622957 CET49780443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:54.299582005 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:54.299633980 CET44349781151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:54.299901009 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:54.299949884 CET49781443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:54.300184965 CET44349780151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:54.300215960 CET44349780151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:54.300395012 CET49780443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:54.300431967 CET49780443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.326791048 CET49793443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.327162027 CET49792443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.369759083 CET44349793151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.369848967 CET44349792151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.369918108 CET49793443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.369951963 CET49792443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.374053001 CET49792443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.374217987 CET49793443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.416877031 CET44349792151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.416912079 CET44349793151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.416939020 CET44349792151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.417047024 CET44349793151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.417043924 CET49792443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.417119980 CET49793443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.417695999 CET49792443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.420242071 CET49792443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.420481920 CET49792443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.421139956 CET49793443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.422949076 CET49793443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.462958097 CET44349792151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.463007927 CET44349792151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.463191032 CET49792443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.463548899 CET49792443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.465645075 CET44349793151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.465692997 CET44349793151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.465760946 CET49793443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.465969086 CET49793443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.506330967 CET44349792151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.556315899 CET44349793151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.605360031 CET44349792151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.605633020 CET49792443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:10.413552999 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:10.413743973 CET49783443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:10.456407070 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:10.456432104 CET44349782151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:10.456461906 CET44349783151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:10.456540108 CET44349783151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:10.456604004 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:10.456624985 CET49783443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:10.456625938 CET49782443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:10.456670046 CET49783443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.730703115 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.730705976 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.773503065 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.773536921 CET44349794151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.773596048 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.773648977 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.777041912 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.777101994 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.819716930 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.819824934 CET44349794151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820744038 CET44349794151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820770979 CET44349794151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820797920 CET44349794151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820811987 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820825100 CET44349794151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820838928 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820851088 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820851088 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820873022 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820877075 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820900917 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820909023 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820924044 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820924997 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820943117 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820955992 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820959091 CET44349794151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820986032 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.821024895 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.833655119 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.836745977 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.837115049 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.837361097 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.837610006 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.877226114 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.877321005 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.880414963 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.880853891 CET44349794151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.116112947 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.147352934 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.158876896 CET44349794151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.159022093 CET44349794151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.159087896 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.190133095 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.190162897 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.190232992 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.190359116 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.201807976 CET44349794151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.201890945 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.202020884 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.277137041 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.291161060 CET44349794151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.320610046 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:15.320733070 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:16.226350069 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:16.269040108 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:16.269077063 CET44349757151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:16.272785902 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:16.274997950 CET49757443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:29.247308969 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:29.290347099 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:29.415473938 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:29.416018009 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.919114113 CET49801443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.920336008 CET49802443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.961852074 CET44349801151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.961952925 CET49801443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.962901115 CET44349802151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.963001013 CET49802443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.969088078 CET49802443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.969523907 CET49801443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.012398958 CET44349802151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.012512922 CET44349802151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.012578011 CET49802443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.012593031 CET44349801151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.012902021 CET44349801151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.012955904 CET49801443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.016062021 CET49802443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.016079903 CET49802443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.017036915 CET49802443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.017198086 CET49801443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.020021915 CET49801443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.060189962 CET44349802151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.060226917 CET44349802151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.060337067 CET49802443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.060956955 CET49802443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.062721968 CET44349801151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.062747955 CET44349801151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.062827110 CET49801443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.063055038 CET49801443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.101820946 CET44349802151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.103513956 CET44349802151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.153177977 CET44349801151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.181545973 CET44349802151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.184873104 CET49802443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.407397985 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.409154892 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.451955080 CET44349784151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.451989889 CET44349784151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.452172041 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.452203035 CET49784443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.454761982 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.454797029 CET44349785151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.454886913 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:38.454926014 CET49785443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.032789946 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.032924891 CET49804443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.075465918 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.075481892 CET44349804151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.075674057 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.075689077 CET49804443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.083749056 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.084196091 CET49804443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.126759052 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.126781940 CET44349804151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127424955 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127449989 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127464056 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127480030 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127486944 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127490044 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127521992 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127563953 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127763987 CET44349804151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127778053 CET44349804151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127794027 CET44349804151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127805948 CET44349804151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127831936 CET49804443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127851963 CET44349804151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127878904 CET49804443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127892971 CET49804443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.143924952 CET49804443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.144098043 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.147046089 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.147173882 CET49804443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.147563934 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.186732054 CET44349804151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.186857939 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.186975002 CET49804443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.186988115 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.190162897 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.229923010 CET44349804151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.229968071 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.230079889 CET49804443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.230117083 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.230530977 CET49804443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.230627060 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.296181917 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.296318054 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.315747023 CET44349804151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:44.087884903 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:44.130753994 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:44.130762100 CET44349772151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:44.130834103 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:44.130858898 CET49772443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:52.916426897 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:17:53.010086060 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:53.088876963 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:53.089133024 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.372595072 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.372648001 CET49786443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.376739979 CET49805443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.378128052 CET49806443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.415278912 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.415311098 CET44349787151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.415364027 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.415404081 CET49787443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.417463064 CET44349786151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.417484045 CET44349786151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.417800903 CET49786443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.417824030 CET49786443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.419284105 CET44349805151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.420614958 CET44349806151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.420815945 CET49805443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.420880079 CET49806443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.427000046 CET49805443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.427058935 CET49806443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.469598055 CET44349805151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.469628096 CET44349806151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.469739914 CET44349805151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.469753981 CET44349806151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.469816923 CET49805443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.470873117 CET49806443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.473277092 CET49805443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.475374937 CET49805443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.475723982 CET49805443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.479178905 CET49806443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.491118908 CET49806443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.517924070 CET44349805151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.517944098 CET44349805151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.518008947 CET49805443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.518213034 CET49805443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.533854961 CET44349806151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.533874989 CET44349806151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.534058094 CET49806443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.534343004 CET49806443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.559906960 CET44349805151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.560652018 CET44349805151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.620590925 CET44349806151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.638171911 CET44349805151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.639235020 CET49805443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.904377937 CET49807443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.905540943 CET49808443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.947221041 CET44349807151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.947704077 CET49807443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.948198080 CET44349808151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.948386908 CET49808443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.967436075 CET49807443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.967698097 CET49808443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.010166883 CET44349807151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.010198116 CET44349808151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.010216951 CET44349807151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.010283947 CET49807443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.010363102 CET44349808151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.010546923 CET49808443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.013184071 CET49807443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.017420053 CET49808443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.017838955 CET49807443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.028182983 CET49807443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.033751965 CET49808443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.060610056 CET44349807151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.060646057 CET44349807151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.062633038 CET49807443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.068943977 CET49807443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.076483965 CET44349808151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.076514006 CET44349808151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.076711893 CET49808443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.079066038 CET49808443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.111627102 CET44349807151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.164838076 CET44349808151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.191376925 CET44349807151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.191960096 CET49807443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.263307095 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.263458014 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.305943966 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.305970907 CET44349810151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.307681084 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.309600115 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.334407091 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.334469080 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.376995087 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.377032042 CET44349810151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.377945900 CET44349810151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378000975 CET44349810151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378015995 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378037930 CET44349810151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378051996 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378078938 CET44349810151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378079891 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378118038 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378129005 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378168106 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378211021 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378247976 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378277063 CET44349810151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378293991 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378304958 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378312111 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378319979 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378346920 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.392379999 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.392641068 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.394586086 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.394588947 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.395121098 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.435209036 CET44349810151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.435285091 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.435904026 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.435992002 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.437676907 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.477847099 CET44349810151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.478039980 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.478137970 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.478487968 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.478640079 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.478697062 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.563966036 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.564639091 CET44349810151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.582056046 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.582175016 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:29.686110020 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:29.686255932 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:29.728775024 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:29.728805065 CET44349791151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:29.728821039 CET44349790151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:29.728835106 CET44349790151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:29.728902102 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:29.728919983 CET49791443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:29.728946924 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:29.729429960 CET49790443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:30.982465029 CET49788443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:30.982520103 CET49789443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:31.025190115 CET44349788151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:31.025213957 CET44349788151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:31.025427103 CET44349789151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:31.025445938 CET44349789151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:31.025608063 CET49788443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:31.025618076 CET49789443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:31.025643110 CET49788443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:31.025648117 CET49789443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:35.337146044 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:35.379811049 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:35.507143021 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:35.507348061 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.724107981 CET49811443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.725693941 CET49812443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.766829967 CET44349811151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.768197060 CET49811443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.768641949 CET44349812151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.768779039 CET49812443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.777968884 CET49811443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.781888008 CET49812443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.820830107 CET44349811151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.820874929 CET44349811151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.820954084 CET49811443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.823009968 CET49811443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.824690104 CET44349812151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.824826002 CET44349812151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.824903965 CET49812443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.831994057 CET49811443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.832536936 CET49811443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.834526062 CET49812443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.836184025 CET49812443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.874850988 CET44349811151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.874886990 CET44349811151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.875397921 CET49811443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.875597000 CET49811443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.879010916 CET44349812151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.879039049 CET44349812151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.879092932 CET49812443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.879220009 CET49812443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.918138981 CET44349811151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.964828014 CET44349812151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.991689920 CET44349811151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.992312908 CET49811443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:46.327636003 CET49792443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:46.327781916 CET49793443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:46.370485067 CET44349792151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:46.370512009 CET44349792151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:46.370590925 CET44349793151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:46.370616913 CET44349793151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:46.370701075 CET49792443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:46.370711088 CET49793443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:46.370745897 CET49792443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:46.371736050 CET49793443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.405185938 CET49814443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.409126043 CET49813443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.447760105 CET44349814151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.447887897 CET49814443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.451076984 CET49814443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.451889992 CET44349813151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.452045918 CET49813443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.454487085 CET49813443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.493642092 CET44349814151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.493720055 CET44349814151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.494580030 CET49814443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.496850967 CET49814443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.497136116 CET44349813151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.497282982 CET44349813151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.497520924 CET49813443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.498718977 CET49814443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.499032021 CET49814443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.510128975 CET49813443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.513286114 CET49813443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.541218996 CET44349814151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.541244984 CET44349814151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.542260885 CET49814443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.542428970 CET49814443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.555991888 CET44349813151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.556015968 CET44349813151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.556113958 CET49813443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.556255102 CET49813443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.584980011 CET44349814151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.641247988 CET44349813151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.671359062 CET44349814151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.671725988 CET49814443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:04.579797983 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:04.579998016 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:04.622649908 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:04.622721910 CET44349795151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:04.622736931 CET44349794151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:04.622749090 CET44349794151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:04.622831106 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:04.622854948 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:04.622864008 CET49795443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:04.622876883 CET49794443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.181830883 CET49815443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.183053970 CET49816443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.224761009 CET44349815151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.225630045 CET49815443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.225845098 CET44349816151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.227116108 CET49815443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.227349043 CET49816443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.228077888 CET49816443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.269834042 CET44349815151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.269886017 CET44349815151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.270730019 CET49815443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.270788908 CET44349816151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.270986080 CET44349816151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.271379948 CET49816443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.272613049 CET49816443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.272859097 CET49815443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.274928093 CET49816443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.274959087 CET49815443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.274962902 CET49816443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.317728043 CET44349815151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.317771912 CET44349815151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.317807913 CET44349816151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.317837954 CET44349816151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.319056988 CET49816443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.319190025 CET49815443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.319308996 CET49816443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.319315910 CET49815443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.359441042 CET44349816151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.362086058 CET44349816151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.410056114 CET44349815151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.440850019 CET44349816151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.441488028 CET49816443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:27.924629927 CET49802443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:27.925247908 CET49801443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:27.967318058 CET44349802151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:27.967344999 CET44349802151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:27.967858076 CET44349801151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:27.967874050 CET44349801151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:27.967894077 CET49802443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:27.967921019 CET49802443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:27.967988014 CET49801443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:27.967998981 CET49801443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.356782913 CET49818443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.357765913 CET49819443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.399616957 CET44349818151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.400444031 CET44349819151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.400783062 CET49818443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.400957108 CET49819443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.406923056 CET49818443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.407922029 CET49819443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.449640036 CET44349818151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.449759960 CET44349818151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.449908018 CET49818443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.450812101 CET44349819151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.451080084 CET44349819151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.451174974 CET49819443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.456352949 CET49818443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.460457087 CET49818443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.461836100 CET49818443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.463829041 CET49819443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.465786934 CET49819443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.503206015 CET44349818151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.503248930 CET44349818151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.503355026 CET49818443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.506418943 CET49818443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.508438110 CET44349819151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.508466005 CET44349819151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.508569956 CET49819443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.508783102 CET49819443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.546000957 CET44349818151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.549096107 CET44349818151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.596055984 CET44349819151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.634860039 CET44349818151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.635113001 CET49818443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:32.893877029 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:32.893893003 CET49804443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:32.936610937 CET44349804151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:32.936625957 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:32.936665058 CET44349804151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:32.936680079 CET44349803151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:32.936743021 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:32.936750889 CET49804443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:32.936757088 CET49803443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:32.936778069 CET49804443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.494719028 CET49821443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.495074034 CET49820443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.537925959 CET44349821151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.537976980 CET44349820151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.539274931 CET49821443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.539319038 CET49820443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.543656111 CET49821443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.543924093 CET49820443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.586668015 CET44349821151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.586735010 CET44349820151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.586770058 CET44349821151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.586853027 CET49821443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.587088108 CET44349820151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.587259054 CET49820443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.588619947 CET49821443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.592319965 CET49821443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.592834949 CET49821443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.619616032 CET49820443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.622828960 CET49820443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.635169029 CET44349821151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.635221004 CET44349821151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.635361910 CET49821443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.635958910 CET49821443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.665699959 CET44349820151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.665730953 CET44349820151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.665846109 CET49820443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.666018009 CET49820443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.678809881 CET44349821151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.750787020 CET44349820151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.760672092 CET44349821151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.761585951 CET49821443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:53.366322041 CET49805443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:53.366437912 CET49806443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:53.408960104 CET44349805151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:53.408998013 CET44349805151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:53.409060001 CET44349806151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:53.409097910 CET44349806151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:53.410739899 CET49805443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:53.410767078 CET49805443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:53.410769939 CET49806443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:53.410851955 CET49806443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.189857006 CET49822443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.192729950 CET49823443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.232717991 CET44349822151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.232872009 CET49822443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.235553980 CET44349823151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.235730886 CET49823443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.263561964 CET49822443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.263936996 CET49823443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.306410074 CET44349822151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.306571960 CET44349822151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.306619883 CET44349823151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.306818962 CET44349823151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.307085037 CET49822443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.307611942 CET49823443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.313570023 CET49822443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.315927029 CET49822443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.316567898 CET49822443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.333148003 CET49823443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.336437941 CET49823443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.358692884 CET44349822151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.358722925 CET44349822151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.359970093 CET49822443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.379350901 CET44349823151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.379376888 CET44349823151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.379477978 CET49823443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.389751911 CET49823443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.389934063 CET49822443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.402077913 CET44349822151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.432876110 CET44349822151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.478174925 CET44349823151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.485511065 CET44349822151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.485747099 CET49822443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.528621912 CET44349822151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.529740095 CET49822443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:02.913041115 CET49807443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:02.913330078 CET49808443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:02.955813885 CET44349807151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:02.955833912 CET44349807151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:02.955878019 CET44349808151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:02.955892086 CET44349808151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:02.955969095 CET49807443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:02.955990076 CET49808443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:02.956015110 CET49807443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:02.956059933 CET49808443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:05.973066092 CET49824443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:05.976558924 CET49825443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.016664982 CET44349824151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.016927004 CET49824443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.017806053 CET49824443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.019354105 CET44349825151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.021476984 CET49825443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.023121119 CET49825443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.060484886 CET44349824151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.060534954 CET44349824151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.060645103 CET49824443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.065825939 CET44349825151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.065850973 CET44349825151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.066104889 CET49825443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.067158937 CET49824443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.072423935 CET49824443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.072947025 CET49824443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.078605890 CET49825443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.081409931 CET49825443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.115125895 CET44349824151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.115158081 CET44349824151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.115257025 CET49824443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.123620987 CET49824443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.124095917 CET44349825151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.124115944 CET44349825151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.124507904 CET49825443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.132020950 CET49825443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.160046101 CET44349824151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.166315079 CET44349824151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.218044043 CET44349825151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.299249887 CET44349824151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.300715923 CET49824443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:14.131603003 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:14.131655931 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:14.174355984 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:14.174400091 CET44349809151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:14.176057100 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:14.176110983 CET49809443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:14.184919119 CET44349810151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:14.184953928 CET44349810151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:14.188144922 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:14.188297987 CET49810443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.204799891 CET49826443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.214622021 CET49827443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.248248100 CET44349826151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.248435974 CET49826443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.251703978 CET49826443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.257369995 CET44349827151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.259325981 CET49827443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.264996052 CET49827443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.294451952 CET44349826151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.294785023 CET44349826151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.294924021 CET49826443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.301019907 CET49826443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.307771921 CET44349827151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.307859898 CET44349827151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.308157921 CET49826443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.308209896 CET49827443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.310849905 CET49826443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.321620941 CET49827443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.324376106 CET49827443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.350920916 CET44349826151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.350940943 CET44349826151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.351022959 CET49826443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.357726097 CET49826443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.367135048 CET44349827151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.367161989 CET44349827151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.367327929 CET49827443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.367516041 CET49827443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.396059036 CET44349826151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.400505066 CET44349826151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.450860977 CET44349827151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.474278927 CET44349826151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.474694967 CET49826443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.638612032 CET49828443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.638941050 CET49829443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.681462049 CET44349828151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.681588888 CET44349829151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.684175014 CET49829443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.684176922 CET49828443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.687865973 CET49828443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.694367886 CET49829443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.731679916 CET44349828151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.731704950 CET44349828151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.731807947 CET49828443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.735147953 CET49828443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.737445116 CET44349829151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.737447977 CET49828443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.737463951 CET44349829151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.737693071 CET49828443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.737776995 CET49829443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.738219023 CET49829443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.739054918 CET49829443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.776544094 CET49811443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.776947021 CET49812443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.780141115 CET44349828151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.780164957 CET44349828151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.780333996 CET49828443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.780436039 CET49828443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.781672955 CET44349829151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.781721115 CET44349829151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.781883001 CET49829443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.782111883 CET49829443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.819184065 CET44349811151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.819211006 CET44349811151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.819595098 CET44349812151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.819649935 CET44349812151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.819745064 CET49811443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.819767952 CET49811443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.819782019 CET49812443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.819806099 CET49812443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.822938919 CET44349828151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.823014975 CET44349828151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.871078968 CET44349829151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.909121990 CET44349828151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.909864902 CET49828443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.060055971 CET49830443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.060435057 CET49831443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.103028059 CET44349830151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.103055000 CET44349831151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.104018927 CET49830443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.104156017 CET49831443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.108191013 CET49830443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.108473063 CET49831443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.150979042 CET44349830151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.151129961 CET44349831151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.151282072 CET44349831151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.152647018 CET44349830151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.152777910 CET49831443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.152786016 CET49830443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.153398037 CET49831443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.154608011 CET49831443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.154963017 CET49831443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.155451059 CET49830443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.156508923 CET49830443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.197379112 CET44349831151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.197443008 CET44349831151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.197773933 CET49831443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.198736906 CET49831443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.199146032 CET44349830151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.199161053 CET44349830151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.199254036 CET49830443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.199322939 CET49830443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.239432096 CET44349831151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.241372108 CET44349831151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.285470963 CET44349830151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.322851896 CET44349831151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.324847937 CET49831443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.382612944 CET49814443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.385827065 CET49813443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.425523996 CET44349814151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.425549984 CET44349814151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.425635099 CET49814443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.426206112 CET49814443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.428643942 CET44349813151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.428673029 CET44349813151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.428787947 CET49813443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.428888083 CET49813443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.399619102 CET49832443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.399672031 CET49833443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.442459106 CET44349832151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.442778111 CET44349833151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.442991972 CET49832443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.443085909 CET49833443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.443495989 CET49832443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.446208954 CET49833443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.486129045 CET44349832151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.486232996 CET44349832151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.486295938 CET49832443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.488688946 CET44349833151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.488933086 CET44349833151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.489059925 CET49833443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.496839046 CET49832443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.507363081 CET49832443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.507641077 CET49832443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.509260893 CET49833443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.510802984 CET49833443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.550513029 CET44349832151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.550534010 CET44349832151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.550656080 CET49832443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.550811052 CET49832443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.554043055 CET44349833151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.554054976 CET44349833151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.554356098 CET49833443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.554367065 CET49833443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.637856960 CET44349832151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.637911081 CET44349833151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.673371077 CET44349832151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.673583984 CET49832443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:09.201772928 CET49816443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:09.202048063 CET49815443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:09.244611025 CET44349816151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:09.244653940 CET44349816151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:09.244733095 CET49816443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:09.244755030 CET44349815151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:09.244760990 CET49816443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:09.244781017 CET44349815151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:09.245429039 CET49815443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:09.245456934 CET49815443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.065227032 CET49834443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.066373110 CET49835443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.107842922 CET44349834151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.109078884 CET44349835151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.109153986 CET49834443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.109219074 CET49835443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.114367962 CET49834443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.116414070 CET49835443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.157043934 CET44349834151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.157124996 CET44349834151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.158730030 CET49834443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.159061909 CET44349835151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.159133911 CET49834443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.159246922 CET44349835151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.159378052 CET49835443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.162094116 CET49834443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.163204908 CET49834443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.164304972 CET49835443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.178546906 CET49835443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.204708099 CET44349834151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.204731941 CET44349834151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.204799891 CET49834443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.208132029 CET49834443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.221226931 CET44349835151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.221340895 CET44349835151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.221421003 CET49835443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.221574068 CET49835443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.250940084 CET44349834151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.307085991 CET44349835151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.341738939 CET44349834151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.342658043 CET49834443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:21.356056929 CET49818443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:21.356383085 CET49819443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:21.399426937 CET44349818151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:21.399452925 CET44349818151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:21.399779081 CET44349819151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:21.399805069 CET44349819151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:21.399904013 CET49818443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:21.399926901 CET49819443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:21.399941921 CET49818443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:21.399983883 CET49819443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.221929073 CET49836443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.222800016 CET49837443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.264890909 CET44349836151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.265423059 CET49836443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.265548944 CET44349837151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.265795946 CET49837443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.271522045 CET49836443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.271532059 CET49837443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.314326048 CET44349837151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.314353943 CET44349836151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.314369917 CET44349836151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.314382076 CET44349837151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.314439058 CET49836443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.314476013 CET49837443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.316764116 CET49836443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.318658113 CET49836443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.319127083 CET49836443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.324104071 CET49837443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.361495018 CET44349836151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.361521006 CET44349836151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.361641884 CET49836443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.367188931 CET49836443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.368083954 CET49837443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.404938936 CET44349836151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.409832001 CET44349836151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.410588026 CET44349837151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.410681963 CET44349837151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.411191940 CET49837443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.411220074 CET49837443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.483217955 CET44349836151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.483297110 CET49836443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.497711897 CET44349837151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:33.481873989 CET49821443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:33.482830048 CET49820443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:33.524833918 CET44349821151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:33.524859905 CET44349821151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:33.525589943 CET44349820151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:33.525604963 CET44349820151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:33.525674105 CET49821443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:33.525718927 CET49821443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:33.525736094 CET49820443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:33.525743008 CET49820443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:45.202110052 CET49822443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:45.202203035 CET49823443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:45.244982004 CET44349823151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:45.245026112 CET44349823151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:45.245038986 CET44349822151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:45.245043039 CET44349822151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:45.245090008 CET49823443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:45.245116949 CET49823443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:45.245162964 CET49822443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:45.245177984 CET49822443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.598906994 CET49838443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.600570917 CET49839443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.641694069 CET44349838151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.642694950 CET49838443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.643141031 CET44349839151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.644192934 CET49839443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.654082060 CET49838443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.658252001 CET49839443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.696739912 CET44349838151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.696822882 CET44349838151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.696906090 CET49838443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.699168921 CET49838443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.700848103 CET44349839151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.700897932 CET44349839151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.701769114 CET49839443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.711101055 CET49839443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.712013006 CET49838443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.714765072 CET49838443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.714955091 CET49839443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.754734039 CET44349838151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.754776001 CET44349838151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.754929066 CET49838443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.757450104 CET44349839151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.757474899 CET44349839151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.758398056 CET49839443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.761636972 CET49838443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.762034893 CET49839443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.797698975 CET44349838151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.804250002 CET44349838151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.844984055 CET44349839151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.880727053 CET44349838151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.880888939 CET49838443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:55.968709946 CET49824443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:55.969340086 CET49825443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:56.011578083 CET44349824151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:56.011605978 CET44349824151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:56.011982918 CET44349825151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:56.012003899 CET44349825151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:56.012507915 CET49824443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:56.012528896 CET49825443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:56.012537956 CET49824443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:21:56.012547016 CET49825443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.572060108 CET49840443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.574791908 CET49841443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.614753962 CET44349840151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.615489960 CET49840443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.617378950 CET44349841151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.619479895 CET49841443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.648148060 CET49840443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.649029016 CET49841443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.690826893 CET44349840151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.690924883 CET44349840151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.691006899 CET49840443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.691566944 CET44349841151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.691761017 CET44349841151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.692487001 CET49841443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.716384888 CET49840443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.719451904 CET49840443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.719952106 CET49840443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.720277071 CET49841443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.723368883 CET49841443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.762207985 CET44349840151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.762238026 CET44349840151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.762352943 CET49840443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.762980938 CET49840443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.772180080 CET44349841151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.772270918 CET44349841151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.772336006 CET49841443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.790935040 CET49841443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.803019047 CET44349840151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.805494070 CET44349840151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.876224041 CET44349841151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.879605055 CET44349840151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.879739046 CET49840443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:04.140522957 CET49832443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:04.140558004 CET49833443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:04.183330059 CET44349832151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:04.183392048 CET44349833151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:04.183419943 CET44349832151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:04.183446884 CET44349833151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:04.183551073 CET49832443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:04.183573961 CET49833443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:04.183589935 CET49832443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:04.183594942 CET49833443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:13.213474989 CET49826443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:13.213565111 CET49827443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:13.256608009 CET44349826151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:13.256649017 CET44349826151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:13.256664991 CET44349827151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:13.256683111 CET44349827151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:13.256980896 CET49826443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:13.257039070 CET49826443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:13.257055044 CET49827443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:13.257061005 CET49827443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.332273006 CET49842443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.333878040 CET49843443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.375416040 CET44349842151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.375662088 CET49842443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.376681089 CET44349843151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.376828909 CET49843443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.377906084 CET49842443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.382102013 CET49843443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.420783997 CET44349842151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.420856953 CET44349842151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.421751976 CET49842443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.424799919 CET44349843151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.425199032 CET49842443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.425437927 CET44349843151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.425616026 CET49843443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.430562973 CET49842443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.430902958 CET49842443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.432029009 CET49843443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.444786072 CET49843443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.473617077 CET44349842151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.473649979 CET44349842151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.474867105 CET49842443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.477814913 CET49842443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.487591982 CET44349843151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.487601995 CET44349843151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.487749100 CET49843443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.487998009 CET49843443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.514029980 CET44349842151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.520637989 CET44349842151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.572587967 CET44349843151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.605063915 CET44349842151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.605583906 CET49842443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.481544018 CET49844443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.481926918 CET49845443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.524399042 CET44349844151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.524480104 CET44349845151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.524504900 CET49844443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.525023937 CET49845443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.526766062 CET49844443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.527605057 CET49845443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.569593906 CET44349844151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.569948912 CET44349844151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.570188046 CET44349845151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.570343018 CET44349845151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.570497990 CET49844443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.570494890 CET49845443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.572720051 CET49845443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.574542046 CET49845443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.574857950 CET49845443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.575932980 CET49844443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.577754974 CET49844443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.617341042 CET44349845151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.617372990 CET44349845151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.617516041 CET49845443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.617666960 CET49845443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.620393038 CET44349844151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.620405912 CET44349844151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.620544910 CET49844443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.620728970 CET49844443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.657897949 CET44349845151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.660269976 CET44349845151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.709471941 CET44349844151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.740967035 CET44349845151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.741147041 CET49845443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:44.597186089 CET49828443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:44.597228050 CET49829443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:44.640218019 CET44349829151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:44.640245914 CET44349829151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:44.640261889 CET44349828151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:44.640273094 CET44349828151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:44.640500069 CET49829443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:44.640527964 CET49829443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:44.640552998 CET49828443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:22:44.641060114 CET49828443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.067266941 CET49834443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.067369938 CET49835443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.112214088 CET44349835151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.112262011 CET44349835151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.113117933 CET49835443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.113157034 CET49835443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.114991903 CET44349834151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.115024090 CET44349834151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.115499020 CET49834443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.115540028 CET49834443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.351313114 CET49847443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.351550102 CET49846443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.394113064 CET44349847151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.394148111 CET44349846151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.394848108 CET49847443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.394892931 CET49846443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.408050060 CET49846443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.408176899 CET49847443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.450792074 CET44349847151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.450818062 CET44349846151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.450901031 CET44349846151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.450972080 CET44349847151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.451219082 CET49846443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.451311111 CET49847443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.453083992 CET49846443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.469489098 CET49846443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.469810009 CET49846443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.471935987 CET49847443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.482587099 CET49847443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.512290955 CET44349846151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.512335062 CET44349846151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.512504101 CET49846443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.512706041 CET49846443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.525316000 CET44349847151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.525404930 CET44349847151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.525785923 CET49847443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.526273966 CET49847443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.555352926 CET44349846151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.611749887 CET44349847151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.628073931 CET44349846151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.629211903 CET49846443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:12.912126064 CET49831443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:12.912149906 CET49830443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:12.954961061 CET44349831151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:12.954983950 CET44349831151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:12.955075979 CET49831443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:12.955176115 CET49831443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:12.955395937 CET44349830151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:12.955410957 CET44349830151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:12.956188917 CET49830443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:12.956264973 CET49830443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.044867992 CET49848443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.044908047 CET49849443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.087748051 CET44349848151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.087784052 CET44349849151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.091747046 CET49849443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.091753960 CET49848443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.327693939 CET49849443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.327939034 CET49848443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.370740891 CET44349849151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.370812893 CET44349848151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.370846033 CET44349848151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.370937109 CET49848443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.371592999 CET44349849151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.372896910 CET49849443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.396111012 CET49848443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.397727013 CET49849443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.425419092 CET49848443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.432565928 CET49848443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.435972929 CET49849443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.468431950 CET44349848151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.468486071 CET44349848151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.471795082 CET49848443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.478971958 CET44349849151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.479015112 CET44349849151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.479140997 CET49849443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.481539965 CET49849443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.486243963 CET49848443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.524815083 CET44349848151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.529129982 CET44349848151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.565063953 CET44349849151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.596875906 CET44349848151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.596940994 CET49848443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:22.227452993 CET49836443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:22.227543116 CET49837443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:22.270051956 CET44349836151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:22.270070076 CET44349836151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:22.270199060 CET44349837151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:22.270200968 CET49836443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:22.270215034 CET44349837151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:22.270245075 CET49836443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:22.270353079 CET49837443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:22.270375967 CET49837443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.732741117 CET49850443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.733571053 CET49851443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.776443958 CET44349850151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.776463032 CET44349851151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.779063940 CET49851443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.779158115 CET49850443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.784132004 CET49850443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.787605047 CET49851443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.826817989 CET44349850151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.827033997 CET44349850151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.827505112 CET49850443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.830274105 CET44349851151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.830480099 CET44349851151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.831350088 CET49851443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.836772919 CET49850443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.840058088 CET49850443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.840491056 CET49850443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.842603922 CET49851443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.845093012 CET49851443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.882884026 CET44349850151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.882926941 CET44349850151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.884550095 CET49850443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.888025045 CET44349851151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.888071060 CET44349851151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.888259888 CET49851443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.893457890 CET49850443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.896331072 CET49851443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.925910950 CET44349850151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.936466932 CET44349850151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.985739946 CET44349851151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:29.007698059 CET44349850151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:29.008099079 CET49850443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:40.601923943 CET49838443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:40.602901936 CET49839443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:40.644527912 CET44349838151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:40.644548893 CET44349838151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:40.645436049 CET44349839151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:40.645458937 CET44349839151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:40.645497084 CET49838443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:40.645520926 CET49838443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:40.645529032 CET49839443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:40.645602942 CET49839443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.381424904 CET49852443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.381539106 CET49853443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.424336910 CET44349852151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.424359083 CET44349853151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.425692081 CET49852443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.425771952 CET49853443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.426291943 CET49852443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.426794052 CET49853443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.469175100 CET44349852151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.469492912 CET44349853151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.469511986 CET44349852151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.469652891 CET44349853151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.469660997 CET49852443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.470377922 CET49852443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.470423937 CET49853443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.470763922 CET49853443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.471523046 CET49852443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.471757889 CET49852443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.471858025 CET49853443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.514445066 CET44349852151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.514466047 CET44349852151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.514736891 CET49852443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.514775991 CET49852443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.515247107 CET44349853151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.515312910 CET44349853151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.515846014 CET49853443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.515996933 CET49853443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.557594061 CET44349852151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.601706982 CET44349853151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.638154984 CET44349852151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.639492989 CET49852443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.831126928 CET49854443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.832590103 CET49855443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.874021053 CET44349854151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.874150991 CET49854443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.875349045 CET44349855151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.876024008 CET49854443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.876077890 CET49855443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.877823114 CET49855443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.918814898 CET44349854151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.918858051 CET44349854151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.919086933 CET49854443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.920578003 CET44349855151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.920746088 CET44349855151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.921014071 CET49855443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.921634912 CET49854443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.922049999 CET49855443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.923175097 CET49855443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.923510075 CET49855443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.924134016 CET49854443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.965940952 CET44349855151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.965977907 CET44349855151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.966078043 CET49855443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.966206074 CET49855443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.966912985 CET44349854151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.966928005 CET44349854151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.966991901 CET49854443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.967122078 CET49854443192.168.2.7151.101.2.114
                                                                                                                                                                                                                              Jan 13, 2021 17:23:51.009092093 CET44349855151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:51.052129984 CET44349854151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:51.092104912 CET44349855151.101.2.114192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:51.092856884 CET49855443192.168.2.7151.101.2.114

                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Jan 13, 2021 17:12:29.267932892 CET5400853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:29.315774918 CET53540088.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:30.124650002 CET5945153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:30.172470093 CET53594518.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:30.927633047 CET5291453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:30.976074934 CET53529148.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:31.719090939 CET6456953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:31.769731045 CET53645698.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:33.035825968 CET5281653192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:33.083903074 CET53528168.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:34.208839893 CET5078153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:34.256767035 CET53507818.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:35.630685091 CET5423053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:35.685468912 CET53542308.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:39.466948986 CET5491153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:39.526215076 CET53549118.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:44.913568974 CET4995853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:44.978331089 CET53499588.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:44.996347904 CET5086053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:45.060333014 CET53508608.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.121298075 CET5045253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.179828882 CET5973053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.188518047 CET53504528.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.194423914 CET5931053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.240952015 CET53597308.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.250870943 CET53593108.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.563155890 CET5191953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.624499083 CET53519198.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.828454971 CET6429653192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.895534039 CET53642968.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.084125042 CET5668053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.140295982 CET53566808.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.756071091 CET5882053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.815071106 CET53588208.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:00.016071081 CET6098353192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:00.073657990 CET53609838.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:00.094352007 CET4924753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:00.167109013 CET53492478.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.137844086 CET5228653192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.194116116 CET53522868.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.406294107 CET5606453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.457519054 CET53560648.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.291893005 CET6374453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.348339081 CET53637448.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.483632088 CET6145753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.559372902 CET53614578.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:09.689866066 CET5836753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:09.737761021 CET53583678.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:12.722848892 CET6059953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:12.770749092 CET53605998.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.764333010 CET5957153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.825695992 CET53595718.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.892687082 CET5268953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.948853016 CET53526898.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:17.794634104 CET5029053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:17.842658997 CET53502908.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:17.916474104 CET6042753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:17.949301004 CET5620953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:17.972744942 CET53604278.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:18.000153065 CET53562098.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:18.098854065 CET5958253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:18.155055046 CET53595828.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:18.278024912 CET6094953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:18.326010942 CET53609498.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:19.512662888 CET5854253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:19.563443899 CET53585428.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:20.725733995 CET5917953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:20.773649931 CET53591798.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:22.047745943 CET6092753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:22.098541975 CET53609278.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.280459881 CET5785453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.298887968 CET6202653192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.331197023 CET53578548.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.355047941 CET53620268.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.489413023 CET5945353192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.545768976 CET53594538.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:25.734622955 CET6246853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:25.794295073 CET53624688.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:30.069164991 CET5256353192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:30.117086887 CET53525638.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.116720915 CET5256353192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.164906979 CET53525638.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.230117083 CET5472153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.277915955 CET53547218.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.813574076 CET6282653192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.873821020 CET53628268.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:32.119596004 CET5256353192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:32.167495012 CET53525638.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:32.246035099 CET5472153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:32.293857098 CET53547218.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:33.264520884 CET5472153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:33.320858955 CET53547218.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:34.135951042 CET5256353192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:34.192116022 CET53525638.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:35.001329899 CET6204653192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:35.057691097 CET53620468.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:35.338934898 CET5472153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:35.387132883 CET53547218.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:35.837819099 CET5122353192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:35.885766983 CET53512238.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.285835028 CET6390853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.343188047 CET53639088.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.499157906 CET4922653192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.539222956 CET6021253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.556909084 CET53492268.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.598540068 CET53602128.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:37.091053009 CET5886753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:37.147593975 CET53588678.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:37.289920092 CET5086453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:37.340589046 CET53508648.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:37.778994083 CET6150453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:37.835611105 CET53615048.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:38.151009083 CET5256353192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:38.199042082 CET53525638.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:38.292135954 CET5086453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:38.345280886 CET53508648.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:38.395380020 CET6023153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:38.443228006 CET53602318.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:39.125863075 CET5009553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:39.182302952 CET53500958.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:39.307374001 CET5086453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:39.355479956 CET5472153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:39.358345985 CET53508648.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:39.403479099 CET53547218.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:40.202702999 CET5965453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:40.250802994 CET53596548.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:41.191998005 CET5823353192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:41.256324053 CET53582338.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:41.325265884 CET5086453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:41.362818956 CET5682253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:41.376715899 CET53508648.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:41.413856983 CET53568228.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:41.892874956 CET6257253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:41.949059963 CET53625728.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:45.342485905 CET5086453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:45.394133091 CET53508648.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:45.669837952 CET5717953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:45.696700096 CET5612453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:45.727818966 CET53571798.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:45.744673967 CET53561248.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:46.730125904 CET5612453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:46.777937889 CET53561248.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:47.751391888 CET5612453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:47.807590008 CET53561248.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:49.761277914 CET5612453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:49.809282064 CET53561248.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:53.253699064 CET6228753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:53.301769018 CET53622878.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:53.778146982 CET5612453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:53.826222897 CET53561248.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:54.262408972 CET6228753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:54.310516119 CET53622878.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:55.278995037 CET6228753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:55.327119112 CET53622878.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:13:57.278788090 CET6228753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:13:57.326828957 CET53622878.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:01.293317080 CET6228753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:01.341694117 CET53622878.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.366148949 CET5464453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.423420906 CET53546448.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:06.197169065 CET5915953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:06.253722906 CET53591598.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:07.200234890 CET5915953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:07.248061895 CET53591598.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:07.928160906 CET5792453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:07.979054928 CET53579248.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:08.216279984 CET5915953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:08.264168024 CET53591598.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:09.849744081 CET5171253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:09.906021118 CET53517128.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:10.231772900 CET5915953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:10.279946089 CET53591598.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:14.232997894 CET5915953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:14.280945063 CET53591598.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.262289047 CET5886553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.319928885 CET53588658.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.443350077 CET6433753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.499589920 CET53643378.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:34.040074110 CET5040753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:34.087917089 CET53504078.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:35.030920982 CET5040753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:35.078850031 CET53504078.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:36.015551090 CET6107553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:36.048082113 CET5040753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:36.072379112 CET53610758.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:36.096133947 CET53504078.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:38.213455915 CET5040753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:38.261354923 CET53504078.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:42.203275919 CET5040753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:42.251154900 CET53504078.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:44.772461891 CET5495253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:44.829775095 CET53549528.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:44.993474007 CET5918653192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.054099083 CET53591868.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:55.588977098 CET5228053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:55.645266056 CET53522808.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:14:59.184478998 CET5179453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:14:59.233140945 CET53517948.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:00.188988924 CET5179453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:00.236947060 CET53517948.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:01.206062078 CET5179453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:01.253926992 CET53517948.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:03.212596893 CET5179453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:03.260612011 CET53517948.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.310703993 CET5081553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.369945049 CET53508158.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.496716022 CET5849853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.554322958 CET53584988.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:07.228636980 CET5179453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:07.276814938 CET53517948.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:12.290251017 CET5686253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:12.346611023 CET53568628.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:14.658312082 CET6180753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:14.706118107 CET53618078.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:15.669497013 CET6180753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:15.717295885 CET53618078.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:16.670344114 CET6180753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:16.718522072 CET53618078.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:18.685514927 CET6180753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:18.733999968 CET53618078.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.467470884 CET5200953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.527621031 CET53520098.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.642517090 CET5864853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.701216936 CET53586488.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:22.685409069 CET6180753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:22.741400003 CET53618078.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:28.335555077 CET5933753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:28.391515970 CET53593378.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:34.245183945 CET5926953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:34.293195963 CET53592698.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:35.249051094 CET5926953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:35.296900034 CET53592698.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:36.249114990 CET5926953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:36.296957970 CET53592698.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:38.264827013 CET5926953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:38.314589024 CET53592698.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:39.902803898 CET4980253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:39.959692001 CET53498028.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:42.265798092 CET5926953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:42.313801050 CET53592698.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.432291031 CET5070653192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.492456913 CET53507068.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.629893064 CET5515353192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.686491966 CET53551538.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:50.402404070 CET5974453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:50.450440884 CET53597448.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:51.406790972 CET5974453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:51.454792023 CET53597448.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:52.406462908 CET5974453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:52.454535007 CET53597448.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:54.407705069 CET5974453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:54.455666065 CET53597448.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:55.867657900 CET5998753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:55.927506924 CET53599878.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:15:58.408044100 CET5974453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:15:58.459556103 CET53597448.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:04.443051100 CET6127253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:04.501255989 CET53612728.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.437747002 CET5435253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.496892929 CET53543528.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.706588984 CET6069653192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.762800932 CET53606968.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:17.990720987 CET5913953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:18.047250986 CET53591398.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:18.380404949 CET5956553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:18.428894997 CET53595658.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:19.377768993 CET5956553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:19.426635981 CET53595658.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:20.378184080 CET5956553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:20.434509993 CET53595658.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:22.393799067 CET5956553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:22.441597939 CET53595658.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:26.409656048 CET5956553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:26.457895041 CET53595658.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.412493944 CET5639753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.475481987 CET53563978.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.727103949 CET5281853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.789107084 CET53528188.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.905210018 CET5423653192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.961432934 CET53542368.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:43.357242107 CET5469853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:43.408116102 CET53546988.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:44.348975897 CET5469853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:44.399666071 CET53546988.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:45.364032030 CET5469853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:45.414803982 CET53546988.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:47.379981995 CET5469853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:47.430883884 CET53546988.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:47.800601006 CET5846853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:47.857636929 CET53584688.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:51.382226944 CET5469853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:51.433078051 CET53546988.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.322012901 CET5829053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.378256083 CET53582908.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:09.665775061 CET5410253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:09.716722965 CET53541028.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:10.663099051 CET5410253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:10.713670969 CET53541028.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:11.684078932 CET5410253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:11.734678984 CET53541028.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:13.694859982 CET5410253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:13.745520115 CET53541028.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.591730118 CET5582253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.628504038 CET6456253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.652232885 CET53558228.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.684640884 CET53645628.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:16.682307959 CET6155753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:16.730210066 CET53615578.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:17.290776968 CET5437553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:17.354662895 CET53543758.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:17.710410118 CET5410253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:17.771687984 CET53541028.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:18.208266020 CET4982153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:18.264736891 CET53498218.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:18.799209118 CET5401253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:18.855518103 CET53540128.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:19.129528999 CET6368453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:19.185661077 CET53636848.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:29.332185984 CET6291253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:29.388371944 CET53629128.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.916066885 CET6080453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.975233078 CET53608048.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:42.912050009 CET6013953192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:42.960428953 CET5914053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:42.962847948 CET53601398.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.020473003 CET53591408.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:44.564837933 CET5090553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:44.612622023 CET53509058.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:45.572935104 CET5090553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:45.621340990 CET53509058.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:46.588128090 CET5090553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:46.639462948 CET53509058.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:48.605570078 CET5090553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:48.653537035 CET53509058.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:52.619848967 CET5090553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:52.667898893 CET53509058.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:17:53.006689072 CET5338153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:17:53.062808990 CET53533818.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.368546963 CET5439053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.427194118 CET53543908.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.885513067 CET6351453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.920348883 CET5057853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.936217070 CET53635148.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.977999926 CET53505788.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.871433973 CET6351453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:13.922101974 CET53635148.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:14.887797117 CET6351453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:14.938482046 CET53635148.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:16.928836107 CET6351453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:16.980000019 CET53635148.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:20.935838938 CET6351453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:20.986593962 CET53635148.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.160960913 CET6355453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.189620972 CET6387853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.222520113 CET53635548.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.246087074 CET53638788.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:35.446964025 CET5379253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:35.503354073 CET53537928.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.721879005 CET6528053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.778557062 CET53652808.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:54.131864071 CET5589053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:54.179816961 CET53558908.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:55.141710997 CET5589053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:55.189588070 CET53558908.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:56.150957108 CET5589053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:56.198832035 CET53558908.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.403964996 CET5708253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.464282990 CET53570828.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:18:58.156543016 CET5589053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:18:58.204360962 CET53558908.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:02.172302961 CET5589053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:19:02.220195055 CET53558908.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.211870909 CET6432853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.270394087 CET53643288.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:24.076797962 CET5440053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:19:24.124761105 CET53544008.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.362637997 CET5251453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.420161963 CET53525148.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.509989977 CET5310453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.570589066 CET53531048.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.249475956 CET5436753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.306061983 CET53543678.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:05.997036934 CET6420253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.056117058 CET53642028.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.222515106 CET6217153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.280327082 CET53621718.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.611901999 CET5067253192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.668453932 CET53506728.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.169017076 CET6356553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.226968050 CET53635658.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.441355944 CET6212153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.500370979 CET53621218.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.086901903 CET5933053192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.146945953 CET53593308.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.267435074 CET5137853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.324168921 CET53513788.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.618529081 CET5841853192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.678793907 CET53584188.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.581644058 CET6321153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.638159037 CET53632118.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.334384918 CET5751553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.390656948 CET53575158.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.468473911 CET5638153192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.525780916 CET53563818.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.375571012 CET5836753192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.433559895 CET53583678.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:15.999881029 CET5609653192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.058990955 CET53560968.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.764389992 CET6004453192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.820482969 CET53600448.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.382031918 CET6177553192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.438215017 CET53617758.8.8.8192.168.2.7
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.907036066 CET5081353192.168.2.78.8.8.8
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.964838982 CET53508138.8.8.8192.168.2.7

                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                                              Jan 13, 2021 17:12:44.913568974 CET192.168.2.78.8.8.80x3689Standard query (0)pipoffers.apnpartners.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:44.996347904 CET192.168.2.78.8.8.80x33bfStandard query (0)133.183.244.35.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.121298075 CET192.168.2.78.8.8.80xcd0fStandard query (0)pipoffers.apnpartners.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.179828882 CET192.168.2.78.8.8.80x7179Standard query (0)ak.pipoffers.apnpartners.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.194423914 CET192.168.2.78.8.8.80x7ee0Standard query (0)133.183.244.35.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.563155890 CET192.168.2.78.8.8.80xb557Standard query (0)pipoffers.apnpartners.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.828454971 CET192.168.2.78.8.8.80x49a6Standard query (0)errdocs.zwinky.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.084125042 CET192.168.2.78.8.8.80xc7aeStandard query (0)www.gamingwonderland.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:00.094352007 CET192.168.2.78.8.8.80x1049Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.137844086 CET192.168.2.78.8.8.80x3fc2Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.291893005 CET192.168.2.78.8.8.80xd188Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.483632088 CET192.168.2.78.8.8.80xbcbeStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.764333010 CET192.168.2.78.8.8.80x3bb6Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.892687082 CET192.168.2.78.8.8.80xc61bStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.298887968 CET192.168.2.78.8.8.80xcdb2Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.489413023 CET192.168.2.78.8.8.80xb2f6Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.813574076 CET192.168.2.78.8.8.80x1004Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.285835028 CET192.168.2.78.8.8.80xbe65Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.499157906 CET192.168.2.78.8.8.80xf07fStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.366148949 CET192.168.2.78.8.8.80xf246Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.262289047 CET192.168.2.78.8.8.80x3019Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.443350077 CET192.168.2.78.8.8.80x25b8Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:36.015551090 CET192.168.2.78.8.8.80xb703Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:44.772461891 CET192.168.2.78.8.8.80x4d17Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:44.993474007 CET192.168.2.78.8.8.80xe5d5Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:55.588977098 CET192.168.2.78.8.8.80xcf5aStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.310703993 CET192.168.2.78.8.8.80x6719Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.496716022 CET192.168.2.78.8.8.80x58b3Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:12.290251017 CET192.168.2.78.8.8.80x18f4Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.467470884 CET192.168.2.78.8.8.80x4467Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.642517090 CET192.168.2.78.8.8.80x6492Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:28.335555077 CET192.168.2.78.8.8.80x9f88Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:39.902803898 CET192.168.2.78.8.8.80x1df4Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.432291031 CET192.168.2.78.8.8.80x5a1dStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.629893064 CET192.168.2.78.8.8.80xa83Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:55.867657900 CET192.168.2.78.8.8.80x8c89Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:04.443051100 CET192.168.2.78.8.8.80x624eStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.437747002 CET192.168.2.78.8.8.80x42cbStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.706588984 CET192.168.2.78.8.8.80xb864Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:17.990720987 CET192.168.2.78.8.8.80x90d1Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.412493944 CET192.168.2.78.8.8.80x7a68Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.727103949 CET192.168.2.78.8.8.80xfb61Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.905210018 CET192.168.2.78.8.8.80xdf37Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:47.800601006 CET192.168.2.78.8.8.80x1866Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.322012901 CET192.168.2.78.8.8.80xd63eStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.591730118 CET192.168.2.78.8.8.80xa643Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.628504038 CET192.168.2.78.8.8.80x6c76Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:29.332185984 CET192.168.2.78.8.8.80xf09Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.916066885 CET192.168.2.78.8.8.80x247Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:42.912050009 CET192.168.2.78.8.8.80xfe2aStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:42.960428953 CET192.168.2.78.8.8.80x9dacStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:53.006689072 CET192.168.2.78.8.8.80x4049Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.368546963 CET192.168.2.78.8.8.80xc405Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.920348883 CET192.168.2.78.8.8.80x5454Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.160960913 CET192.168.2.78.8.8.80xda63Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.189620972 CET192.168.2.78.8.8.80xb87dStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:35.446964025 CET192.168.2.78.8.8.80xf734Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.721879005 CET192.168.2.78.8.8.80x7e4dStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.403964996 CET192.168.2.78.8.8.80x577aStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.211870909 CET192.168.2.78.8.8.80x3060Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.362637997 CET192.168.2.78.8.8.80xb517Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.509989977 CET192.168.2.78.8.8.80x2134Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.249475956 CET192.168.2.78.8.8.80xe390Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:05.997036934 CET192.168.2.78.8.8.80xa2a8Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.222515106 CET192.168.2.78.8.8.80x6c4fStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.611901999 CET192.168.2.78.8.8.80xef25Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.169017076 CET192.168.2.78.8.8.80x715Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.441355944 CET192.168.2.78.8.8.80x1130Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.086901903 CET192.168.2.78.8.8.80xef02Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.267435074 CET192.168.2.78.8.8.80xa8d9Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.618529081 CET192.168.2.78.8.8.80x15c6Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.581644058 CET192.168.2.78.8.8.80x49c2Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.334384918 CET192.168.2.78.8.8.80xe992Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.468473911 CET192.168.2.78.8.8.80xbba9Standard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.375571012 CET192.168.2.78.8.8.80xf36dStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:15.999881029 CET192.168.2.78.8.8.80x842aStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.764389992 CET192.168.2.78.8.8.80x232fStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.382031918 CET192.168.2.78.8.8.80xd96dStandard query (0)about.ask.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.907036066 CET192.168.2.78.8.8.80xa550Standard query (0)about.ask.comA (IP address)IN (0x0001)

                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                                              Jan 13, 2021 17:12:44.978331089 CET8.8.8.8192.168.2.70x3689No error (0)pipoffers.apnpartners.com35.244.183.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:45.060333014 CET8.8.8.8192.168.2.70x33bfNo error (0)133.183.244.35.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.188518047 CET8.8.8.8192.168.2.70xcd0fNo error (0)pipoffers.apnpartners.com35.244.183.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.240952015 CET8.8.8.8192.168.2.70x7179No error (0)ak.pipoffers.apnpartners.comslot-13805-es.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.250870943 CET8.8.8.8192.168.2.70x7ee0No error (0)133.183.244.35.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.624499083 CET8.8.8.8192.168.2.70xb557No error (0)pipoffers.apnpartners.com35.244.183.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.895534039 CET8.8.8.8192.168.2.70x49a6No error (0)errdocs.zwinky.comwww140.zwinky.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.895534039 CET8.8.8.8192.168.2.70x49a6No error (0)www140.zwinky.com34.102.244.163A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.140295982 CET8.8.8.8192.168.2.70xc7aeNo error (0)www.gamingwonderland.comgamingwonderland.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.140295982 CET8.8.8.8192.168.2.70xc7aeNo error (0)gamingwonderland.com35.244.253.184A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:00.167109013 CET8.8.8.8192.168.2.70x1049No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:00.167109013 CET8.8.8.8192.168.2.70x1049No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:00.167109013 CET8.8.8.8192.168.2.70x1049No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:00.167109013 CET8.8.8.8192.168.2.70x1049No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:00.167109013 CET8.8.8.8192.168.2.70x1049No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.194116116 CET8.8.8.8192.168.2.70x3fc2No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.194116116 CET8.8.8.8192.168.2.70x3fc2No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.194116116 CET8.8.8.8192.168.2.70x3fc2No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.194116116 CET8.8.8.8192.168.2.70x3fc2No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.194116116 CET8.8.8.8192.168.2.70x3fc2No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.348339081 CET8.8.8.8192.168.2.70xd188No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.348339081 CET8.8.8.8192.168.2.70xd188No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.348339081 CET8.8.8.8192.168.2.70xd188No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.348339081 CET8.8.8.8192.168.2.70xd188No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.348339081 CET8.8.8.8192.168.2.70xd188No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.559372902 CET8.8.8.8192.168.2.70xbcbeNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.559372902 CET8.8.8.8192.168.2.70xbcbeNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.559372902 CET8.8.8.8192.168.2.70xbcbeNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.559372902 CET8.8.8.8192.168.2.70xbcbeNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.559372902 CET8.8.8.8192.168.2.70xbcbeNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.825695992 CET8.8.8.8192.168.2.70x3bb6No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.825695992 CET8.8.8.8192.168.2.70x3bb6No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.825695992 CET8.8.8.8192.168.2.70x3bb6No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.825695992 CET8.8.8.8192.168.2.70x3bb6No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.825695992 CET8.8.8.8192.168.2.70x3bb6No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.948853016 CET8.8.8.8192.168.2.70xc61bNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.948853016 CET8.8.8.8192.168.2.70xc61bNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.948853016 CET8.8.8.8192.168.2.70xc61bNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.948853016 CET8.8.8.8192.168.2.70xc61bNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:15.948853016 CET8.8.8.8192.168.2.70xc61bNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.355047941 CET8.8.8.8192.168.2.70xcdb2No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.355047941 CET8.8.8.8192.168.2.70xcdb2No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.355047941 CET8.8.8.8192.168.2.70xcdb2No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.355047941 CET8.8.8.8192.168.2.70xcdb2No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.355047941 CET8.8.8.8192.168.2.70xcdb2No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.545768976 CET8.8.8.8192.168.2.70xb2f6No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.545768976 CET8.8.8.8192.168.2.70xb2f6No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.545768976 CET8.8.8.8192.168.2.70xb2f6No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.545768976 CET8.8.8.8192.168.2.70xb2f6No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.545768976 CET8.8.8.8192.168.2.70xb2f6No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.873821020 CET8.8.8.8192.168.2.70x1004No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.873821020 CET8.8.8.8192.168.2.70x1004No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.873821020 CET8.8.8.8192.168.2.70x1004No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.873821020 CET8.8.8.8192.168.2.70x1004No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:31.873821020 CET8.8.8.8192.168.2.70x1004No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.343188047 CET8.8.8.8192.168.2.70xbe65No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.343188047 CET8.8.8.8192.168.2.70xbe65No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.343188047 CET8.8.8.8192.168.2.70xbe65No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.343188047 CET8.8.8.8192.168.2.70xbe65No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.343188047 CET8.8.8.8192.168.2.70xbe65No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.556909084 CET8.8.8.8192.168.2.70xf07fNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.556909084 CET8.8.8.8192.168.2.70xf07fNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.556909084 CET8.8.8.8192.168.2.70xf07fNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.556909084 CET8.8.8.8192.168.2.70xf07fNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.556909084 CET8.8.8.8192.168.2.70xf07fNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.423420906 CET8.8.8.8192.168.2.70xf246No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.423420906 CET8.8.8.8192.168.2.70xf246No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.423420906 CET8.8.8.8192.168.2.70xf246No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.423420906 CET8.8.8.8192.168.2.70xf246No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.423420906 CET8.8.8.8192.168.2.70xf246No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.319928885 CET8.8.8.8192.168.2.70x3019No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.319928885 CET8.8.8.8192.168.2.70x3019No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.319928885 CET8.8.8.8192.168.2.70x3019No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.319928885 CET8.8.8.8192.168.2.70x3019No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.319928885 CET8.8.8.8192.168.2.70x3019No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.499589920 CET8.8.8.8192.168.2.70x25b8No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.499589920 CET8.8.8.8192.168.2.70x25b8No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.499589920 CET8.8.8.8192.168.2.70x25b8No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.499589920 CET8.8.8.8192.168.2.70x25b8No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.499589920 CET8.8.8.8192.168.2.70x25b8No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:36.072379112 CET8.8.8.8192.168.2.70xb703No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:36.072379112 CET8.8.8.8192.168.2.70xb703No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:36.072379112 CET8.8.8.8192.168.2.70xb703No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:36.072379112 CET8.8.8.8192.168.2.70xb703No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:36.072379112 CET8.8.8.8192.168.2.70xb703No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:44.829775095 CET8.8.8.8192.168.2.70x4d17No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:44.829775095 CET8.8.8.8192.168.2.70x4d17No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:44.829775095 CET8.8.8.8192.168.2.70x4d17No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:44.829775095 CET8.8.8.8192.168.2.70x4d17No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:44.829775095 CET8.8.8.8192.168.2.70x4d17No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.054099083 CET8.8.8.8192.168.2.70xe5d5No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.054099083 CET8.8.8.8192.168.2.70xe5d5No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.054099083 CET8.8.8.8192.168.2.70xe5d5No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.054099083 CET8.8.8.8192.168.2.70xe5d5No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.054099083 CET8.8.8.8192.168.2.70xe5d5No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:55.645266056 CET8.8.8.8192.168.2.70xcf5aNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:55.645266056 CET8.8.8.8192.168.2.70xcf5aNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:55.645266056 CET8.8.8.8192.168.2.70xcf5aNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:55.645266056 CET8.8.8.8192.168.2.70xcf5aNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:14:55.645266056 CET8.8.8.8192.168.2.70xcf5aNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.369945049 CET8.8.8.8192.168.2.70x6719No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.369945049 CET8.8.8.8192.168.2.70x6719No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.369945049 CET8.8.8.8192.168.2.70x6719No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.369945049 CET8.8.8.8192.168.2.70x6719No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.369945049 CET8.8.8.8192.168.2.70x6719No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.554322958 CET8.8.8.8192.168.2.70x58b3No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.554322958 CET8.8.8.8192.168.2.70x58b3No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.554322958 CET8.8.8.8192.168.2.70x58b3No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.554322958 CET8.8.8.8192.168.2.70x58b3No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.554322958 CET8.8.8.8192.168.2.70x58b3No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:12.346611023 CET8.8.8.8192.168.2.70x18f4No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:12.346611023 CET8.8.8.8192.168.2.70x18f4No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:12.346611023 CET8.8.8.8192.168.2.70x18f4No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:12.346611023 CET8.8.8.8192.168.2.70x18f4No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:12.346611023 CET8.8.8.8192.168.2.70x18f4No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.527621031 CET8.8.8.8192.168.2.70x4467No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.527621031 CET8.8.8.8192.168.2.70x4467No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.527621031 CET8.8.8.8192.168.2.70x4467No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.527621031 CET8.8.8.8192.168.2.70x4467No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.527621031 CET8.8.8.8192.168.2.70x4467No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.701216936 CET8.8.8.8192.168.2.70x6492No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.701216936 CET8.8.8.8192.168.2.70x6492No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.701216936 CET8.8.8.8192.168.2.70x6492No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.701216936 CET8.8.8.8192.168.2.70x6492No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.701216936 CET8.8.8.8192.168.2.70x6492No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:28.391515970 CET8.8.8.8192.168.2.70x9f88No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:28.391515970 CET8.8.8.8192.168.2.70x9f88No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:28.391515970 CET8.8.8.8192.168.2.70x9f88No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:28.391515970 CET8.8.8.8192.168.2.70x9f88No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:28.391515970 CET8.8.8.8192.168.2.70x9f88No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:39.959692001 CET8.8.8.8192.168.2.70x1df4No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:39.959692001 CET8.8.8.8192.168.2.70x1df4No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:39.959692001 CET8.8.8.8192.168.2.70x1df4No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:39.959692001 CET8.8.8.8192.168.2.70x1df4No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:39.959692001 CET8.8.8.8192.168.2.70x1df4No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.492456913 CET8.8.8.8192.168.2.70x5a1dNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.492456913 CET8.8.8.8192.168.2.70x5a1dNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.492456913 CET8.8.8.8192.168.2.70x5a1dNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.492456913 CET8.8.8.8192.168.2.70x5a1dNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.492456913 CET8.8.8.8192.168.2.70x5a1dNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.686491966 CET8.8.8.8192.168.2.70xa83No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.686491966 CET8.8.8.8192.168.2.70xa83No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.686491966 CET8.8.8.8192.168.2.70xa83No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.686491966 CET8.8.8.8192.168.2.70xa83No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.686491966 CET8.8.8.8192.168.2.70xa83No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:55.927506924 CET8.8.8.8192.168.2.70x8c89No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:55.927506924 CET8.8.8.8192.168.2.70x8c89No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:55.927506924 CET8.8.8.8192.168.2.70x8c89No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:55.927506924 CET8.8.8.8192.168.2.70x8c89No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:15:55.927506924 CET8.8.8.8192.168.2.70x8c89No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:04.501255989 CET8.8.8.8192.168.2.70x624eNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:04.501255989 CET8.8.8.8192.168.2.70x624eNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:04.501255989 CET8.8.8.8192.168.2.70x624eNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:04.501255989 CET8.8.8.8192.168.2.70x624eNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:04.501255989 CET8.8.8.8192.168.2.70x624eNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.496892929 CET8.8.8.8192.168.2.70x42cbNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.496892929 CET8.8.8.8192.168.2.70x42cbNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.496892929 CET8.8.8.8192.168.2.70x42cbNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.496892929 CET8.8.8.8192.168.2.70x42cbNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.496892929 CET8.8.8.8192.168.2.70x42cbNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.762800932 CET8.8.8.8192.168.2.70xb864No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.762800932 CET8.8.8.8192.168.2.70xb864No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.762800932 CET8.8.8.8192.168.2.70xb864No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.762800932 CET8.8.8.8192.168.2.70xb864No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.762800932 CET8.8.8.8192.168.2.70xb864No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:18.047250986 CET8.8.8.8192.168.2.70x90d1No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:18.047250986 CET8.8.8.8192.168.2.70x90d1No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:18.047250986 CET8.8.8.8192.168.2.70x90d1No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:18.047250986 CET8.8.8.8192.168.2.70x90d1No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:18.047250986 CET8.8.8.8192.168.2.70x90d1No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.475481987 CET8.8.8.8192.168.2.70x7a68No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.475481987 CET8.8.8.8192.168.2.70x7a68No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.475481987 CET8.8.8.8192.168.2.70x7a68No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.475481987 CET8.8.8.8192.168.2.70x7a68No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:30.475481987 CET8.8.8.8192.168.2.70x7a68No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.789107084 CET8.8.8.8192.168.2.70xfb61No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.789107084 CET8.8.8.8192.168.2.70xfb61No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.789107084 CET8.8.8.8192.168.2.70xfb61No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.789107084 CET8.8.8.8192.168.2.70xfb61No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.789107084 CET8.8.8.8192.168.2.70xfb61No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.961432934 CET8.8.8.8192.168.2.70xdf37No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.961432934 CET8.8.8.8192.168.2.70xdf37No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.961432934 CET8.8.8.8192.168.2.70xdf37No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.961432934 CET8.8.8.8192.168.2.70xdf37No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:39.961432934 CET8.8.8.8192.168.2.70xdf37No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:47.857636929 CET8.8.8.8192.168.2.70x1866No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:47.857636929 CET8.8.8.8192.168.2.70x1866No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:47.857636929 CET8.8.8.8192.168.2.70x1866No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:47.857636929 CET8.8.8.8192.168.2.70x1866No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:47.857636929 CET8.8.8.8192.168.2.70x1866No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.378256083 CET8.8.8.8192.168.2.70xd63eNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.378256083 CET8.8.8.8192.168.2.70xd63eNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.378256083 CET8.8.8.8192.168.2.70xd63eNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.378256083 CET8.8.8.8192.168.2.70xd63eNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:16:56.378256083 CET8.8.8.8192.168.2.70xd63eNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.652232885 CET8.8.8.8192.168.2.70xa643No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.652232885 CET8.8.8.8192.168.2.70xa643No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.652232885 CET8.8.8.8192.168.2.70xa643No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.652232885 CET8.8.8.8192.168.2.70xa643No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.652232885 CET8.8.8.8192.168.2.70xa643No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.684640884 CET8.8.8.8192.168.2.70x6c76No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.684640884 CET8.8.8.8192.168.2.70x6c76No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.684640884 CET8.8.8.8192.168.2.70x6c76No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.684640884 CET8.8.8.8192.168.2.70x6c76No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.684640884 CET8.8.8.8192.168.2.70x6c76No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:16.730210066 CET8.8.8.8192.168.2.70x7f05No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:29.388371944 CET8.8.8.8192.168.2.70xf09No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:29.388371944 CET8.8.8.8192.168.2.70xf09No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:29.388371944 CET8.8.8.8192.168.2.70xf09No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:29.388371944 CET8.8.8.8192.168.2.70xf09No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:29.388371944 CET8.8.8.8192.168.2.70xf09No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.975233078 CET8.8.8.8192.168.2.70x247No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.975233078 CET8.8.8.8192.168.2.70x247No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.975233078 CET8.8.8.8192.168.2.70x247No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.975233078 CET8.8.8.8192.168.2.70x247No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:37.975233078 CET8.8.8.8192.168.2.70x247No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:42.962847948 CET8.8.8.8192.168.2.70xfe2aNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:42.962847948 CET8.8.8.8192.168.2.70xfe2aNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:42.962847948 CET8.8.8.8192.168.2.70xfe2aNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:42.962847948 CET8.8.8.8192.168.2.70xfe2aNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:42.962847948 CET8.8.8.8192.168.2.70xfe2aNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.020473003 CET8.8.8.8192.168.2.70x9dacNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.020473003 CET8.8.8.8192.168.2.70x9dacNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.020473003 CET8.8.8.8192.168.2.70x9dacNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.020473003 CET8.8.8.8192.168.2.70x9dacNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.020473003 CET8.8.8.8192.168.2.70x9dacNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:53.062808990 CET8.8.8.8192.168.2.70x4049No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:53.062808990 CET8.8.8.8192.168.2.70x4049No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:53.062808990 CET8.8.8.8192.168.2.70x4049No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:53.062808990 CET8.8.8.8192.168.2.70x4049No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:17:53.062808990 CET8.8.8.8192.168.2.70x4049No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.427194118 CET8.8.8.8192.168.2.70xc405No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.427194118 CET8.8.8.8192.168.2.70xc405No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.427194118 CET8.8.8.8192.168.2.70xc405No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.427194118 CET8.8.8.8192.168.2.70xc405No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:03.427194118 CET8.8.8.8192.168.2.70xc405No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.977999926 CET8.8.8.8192.168.2.70x5454No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.977999926 CET8.8.8.8192.168.2.70x5454No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.977999926 CET8.8.8.8192.168.2.70x5454No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.977999926 CET8.8.8.8192.168.2.70x5454No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:12.977999926 CET8.8.8.8192.168.2.70x5454No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.222520113 CET8.8.8.8192.168.2.70xda63No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.222520113 CET8.8.8.8192.168.2.70xda63No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.222520113 CET8.8.8.8192.168.2.70xda63No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.222520113 CET8.8.8.8192.168.2.70xda63No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.222520113 CET8.8.8.8192.168.2.70xda63No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.246087074 CET8.8.8.8192.168.2.70xb87dNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.246087074 CET8.8.8.8192.168.2.70xb87dNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.246087074 CET8.8.8.8192.168.2.70xb87dNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.246087074 CET8.8.8.8192.168.2.70xb87dNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.246087074 CET8.8.8.8192.168.2.70xb87dNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:35.503354073 CET8.8.8.8192.168.2.70xf734No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:35.503354073 CET8.8.8.8192.168.2.70xf734No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:35.503354073 CET8.8.8.8192.168.2.70xf734No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:35.503354073 CET8.8.8.8192.168.2.70xf734No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:35.503354073 CET8.8.8.8192.168.2.70xf734No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.778557062 CET8.8.8.8192.168.2.70x7e4dNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.778557062 CET8.8.8.8192.168.2.70x7e4dNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.778557062 CET8.8.8.8192.168.2.70x7e4dNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.778557062 CET8.8.8.8192.168.2.70x7e4dNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:45.778557062 CET8.8.8.8192.168.2.70x7e4dNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.464282990 CET8.8.8.8192.168.2.70x577aNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.464282990 CET8.8.8.8192.168.2.70x577aNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.464282990 CET8.8.8.8192.168.2.70x577aNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.464282990 CET8.8.8.8192.168.2.70x577aNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:18:57.464282990 CET8.8.8.8192.168.2.70x577aNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.270394087 CET8.8.8.8192.168.2.70x3060No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.270394087 CET8.8.8.8192.168.2.70x3060No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.270394087 CET8.8.8.8192.168.2.70x3060No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.270394087 CET8.8.8.8192.168.2.70x3060No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:19.270394087 CET8.8.8.8192.168.2.70x3060No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.420161963 CET8.8.8.8192.168.2.70xb517No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.420161963 CET8.8.8.8192.168.2.70xb517No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.420161963 CET8.8.8.8192.168.2.70xb517No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.420161963 CET8.8.8.8192.168.2.70xb517No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:31.420161963 CET8.8.8.8192.168.2.70xb517No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.570589066 CET8.8.8.8192.168.2.70x2134No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.570589066 CET8.8.8.8192.168.2.70x2134No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.570589066 CET8.8.8.8192.168.2.70x2134No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.570589066 CET8.8.8.8192.168.2.70x2134No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:43.570589066 CET8.8.8.8192.168.2.70x2134No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.306061983 CET8.8.8.8192.168.2.70xe390No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.306061983 CET8.8.8.8192.168.2.70xe390No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.306061983 CET8.8.8.8192.168.2.70xe390No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.306061983 CET8.8.8.8192.168.2.70xe390No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:19:55.306061983 CET8.8.8.8192.168.2.70xe390No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.056117058 CET8.8.8.8192.168.2.70xa2a8No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.056117058 CET8.8.8.8192.168.2.70xa2a8No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.056117058 CET8.8.8.8192.168.2.70xa2a8No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.056117058 CET8.8.8.8192.168.2.70xa2a8No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:06.056117058 CET8.8.8.8192.168.2.70xa2a8No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.280327082 CET8.8.8.8192.168.2.70x6c4fNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.280327082 CET8.8.8.8192.168.2.70x6c4fNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.280327082 CET8.8.8.8192.168.2.70x6c4fNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.280327082 CET8.8.8.8192.168.2.70x6c4fNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:23.280327082 CET8.8.8.8192.168.2.70x6c4fNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.668453932 CET8.8.8.8192.168.2.70xef25No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.668453932 CET8.8.8.8192.168.2.70xef25No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.668453932 CET8.8.8.8192.168.2.70xef25No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.668453932 CET8.8.8.8192.168.2.70xef25No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:35.668453932 CET8.8.8.8192.168.2.70xef25No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.226968050 CET8.8.8.8192.168.2.70x715No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.226968050 CET8.8.8.8192.168.2.70x715No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.226968050 CET8.8.8.8192.168.2.70x715No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.226968050 CET8.8.8.8192.168.2.70x715No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:47.226968050 CET8.8.8.8192.168.2.70x715No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.500370979 CET8.8.8.8192.168.2.70x1130No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.500370979 CET8.8.8.8192.168.2.70x1130No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.500370979 CET8.8.8.8192.168.2.70x1130No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.500370979 CET8.8.8.8192.168.2.70x1130No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:20:59.500370979 CET8.8.8.8192.168.2.70x1130No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.146945953 CET8.8.8.8192.168.2.70xef02No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.146945953 CET8.8.8.8192.168.2.70xef02No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.146945953 CET8.8.8.8192.168.2.70xef02No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.146945953 CET8.8.8.8192.168.2.70xef02No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:13.146945953 CET8.8.8.8192.168.2.70xef02No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.324168921 CET8.8.8.8192.168.2.70xa8d9No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.324168921 CET8.8.8.8192.168.2.70xa8d9No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.324168921 CET8.8.8.8192.168.2.70xa8d9No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.324168921 CET8.8.8.8192.168.2.70xa8d9No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:32.324168921 CET8.8.8.8192.168.2.70xa8d9No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.678793907 CET8.8.8.8192.168.2.70x15c6No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.678793907 CET8.8.8.8192.168.2.70x15c6No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.678793907 CET8.8.8.8192.168.2.70x15c6No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.678793907 CET8.8.8.8192.168.2.70x15c6No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:21:50.678793907 CET8.8.8.8192.168.2.70x15c6No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.638159037 CET8.8.8.8192.168.2.70x49c2No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.638159037 CET8.8.8.8192.168.2.70x49c2No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.638159037 CET8.8.8.8192.168.2.70x49c2No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.638159037 CET8.8.8.8192.168.2.70x49c2No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:03.638159037 CET8.8.8.8192.168.2.70x49c2No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.390656948 CET8.8.8.8192.168.2.70xe992No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.390656948 CET8.8.8.8192.168.2.70xe992No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.390656948 CET8.8.8.8192.168.2.70xe992No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.390656948 CET8.8.8.8192.168.2.70xe992No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:16.390656948 CET8.8.8.8192.168.2.70xe992No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.525780916 CET8.8.8.8192.168.2.70xbba9No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.525780916 CET8.8.8.8192.168.2.70xbba9No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.525780916 CET8.8.8.8192.168.2.70xbba9No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.525780916 CET8.8.8.8192.168.2.70xbba9No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:22:35.525780916 CET8.8.8.8192.168.2.70xbba9No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.433559895 CET8.8.8.8192.168.2.70xf36dNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.433559895 CET8.8.8.8192.168.2.70xf36dNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.433559895 CET8.8.8.8192.168.2.70xf36dNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.433559895 CET8.8.8.8192.168.2.70xf36dNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:03.433559895 CET8.8.8.8192.168.2.70xf36dNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.058990955 CET8.8.8.8192.168.2.70x842aNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.058990955 CET8.8.8.8192.168.2.70x842aNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.058990955 CET8.8.8.8192.168.2.70x842aNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.058990955 CET8.8.8.8192.168.2.70x842aNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:16.058990955 CET8.8.8.8192.168.2.70x842aNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.820482969 CET8.8.8.8192.168.2.70x232fNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.820482969 CET8.8.8.8192.168.2.70x232fNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.820482969 CET8.8.8.8192.168.2.70x232fNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.820482969 CET8.8.8.8192.168.2.70x232fNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:28.820482969 CET8.8.8.8192.168.2.70x232fNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.438215017 CET8.8.8.8192.168.2.70xd96dNo error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.438215017 CET8.8.8.8192.168.2.70xd96dNo error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.438215017 CET8.8.8.8192.168.2.70xd96dNo error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.438215017 CET8.8.8.8192.168.2.70xd96dNo error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:43.438215017 CET8.8.8.8192.168.2.70xd96dNo error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.964838982 CET8.8.8.8192.168.2.70xa550No error (0)about.ask.comaskmedia.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.964838982 CET8.8.8.8192.168.2.70xa550No error (0)askmedia.map.fastly.net151.101.2.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.964838982 CET8.8.8.8192.168.2.70xa550No error (0)askmedia.map.fastly.net151.101.66.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.964838982 CET8.8.8.8192.168.2.70xa550No error (0)askmedia.map.fastly.net151.101.130.114A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Jan 13, 2021 17:23:50.964838982 CET8.8.8.8192.168.2.70xa550No error (0)askmedia.map.fastly.net151.101.194.114A (IP address)IN (0x0001)

                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                              • pipoffers.apnpartners.com
                                                                                                                                                                                                                              • errdocs.zwinky.com
                                                                                                                                                                                                                              • about.ask.com

                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              0192.168.2.74972735.244.183.13380C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.677556038 CET168OUTGET /PIP/Server.jhtml?partner_id=MP3R7&language=en&version=2.6.9.1 HTTP/1.1
                                                                                                                                                                                                                              User-Agent: APNPIP
                                                                                                                                                                                                                              Host: pipoffers.apnpartners.com
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.819226980 CET169INHTTP/1.1 302 Found
                                                                                                                                                                                                                              Date: Wed, 13 Jan 2021 16:12:46 GMT
                                                                                                                                                                                                                              Server: Apache
                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                              Location: http://errdocs.zwinky.com
                                                                                                                                                                                                                              Content-Length: 209
                                                                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 65 72 72 64 6f 63 73 2e 7a 77 69 6e 6b 79 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://errdocs.zwinky.com">here</a>.</p></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              1192.168.2.74972834.102.244.16380C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Jan 13, 2021 17:12:46.941307068 CET169OUTGET / HTTP/1.1
                                                                                                                                                                                                                              User-Agent: APNPIP
                                                                                                                                                                                                                              Host: errdocs.zwinky.com
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.072962046 CET170INHTTP/1.1 302 Found
                                                                                                                                                                                                                              Date: Wed, 13 Jan 2021 16:12:47 GMT
                                                                                                                                                                                                                              Server: Apache/2.4.6 (CentOS)
                                                                                                                                                                                                                              Location: https://www.gamingwonderland.com/
                                                                                                                                                                                                                              Content-Length: 217
                                                                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 61 6d 69 6e 67 77 6f 6e 64 65 72 6c 61 6e 64 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://www.gamingwonderland.com/">here</a>.</p></body></html>


                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              2192.168.2.749731151.101.2.11480C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.274238110 CET892OUTGET /en/docs/about/ask_eula.shtml HTTP/1.1
                                                                                                                                                                                                                              Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Host: about.ask.com
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.317915916 CET892INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                              Server: Varnish
                                                                                                                                                                                                                              Retry-After: 0
                                                                                                                                                                                                                              Location: https://about.ask.com/en/docs/about/ask_eula.shtml
                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                              Date: Wed, 13 Jan 2021 16:13:01 GMT
                                                                                                                                                                                                                              Via: 1.1 varnish
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              X-Served-By: cache-hhn4043-HHN
                                                                                                                                                                                                                              X-Cache: HIT
                                                                                                                                                                                                                              X-Cache-Hits: 0


                                                                                                                                                                                                                              HTTPS Packets

                                                                                                                                                                                                                              TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                                                              Jan 13, 2021 17:12:47.275599957 CET35.244.253.184443192.168.2.749729CN=www.gamingwonderland.com CN=GTS CA 1D2, O=Google Trust Services, C=USCN=GTS CA 1D2, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Dec 31 04:49:45 CET 2020 Thu Jun 15 02:00:42 CEST 2017Wed Mar 31 05:49:45 CEST 2021 Wed Dec 15 01:00:42 CET 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                                                                                                                                                                                                              CN=GTS CA 1D2, O=Google Trust Services, C=USCN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Jun 15 02:00:42 CEST 2017Wed Dec 15 01:00:42 CET 2021
                                                                                                                                                                                                                              Jan 13, 2021 17:13:01.458985090 CET151.101.2.114443192.168.2.749733CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707089901 CET151.101.2.114443192.168.2.749736CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:13:07.707443953 CET151.101.2.114443192.168.2.749737CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.099292994 CET151.101.2.114443192.168.2.749740CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:13:16.100337982 CET151.101.2.114443192.168.2.749741CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695117950 CET151.101.2.114443192.168.2.749751CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:13:23.695718050 CET151.101.2.114443192.168.2.749752CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.753243923 CET151.101.2.114443192.168.2.749758CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:13:36.760761976 CET151.101.2.114443192.168.2.749757CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:14:04.554743052 CET151.101.2.114443192.168.2.749772CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671499014 CET151.101.2.114443192.168.2.749777CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:14:29.671701908 CET151.101.2.114443192.168.2.749776CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.237003088 CET151.101.2.114443192.168.2.749778CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:14:45.238373041 CET151.101.2.114443192.168.2.749779CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.744833946 CET151.101.2.114443192.168.2.749781CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:15:04.744970083 CET151.101.2.114443192.168.2.749780CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.848932028 CET151.101.2.114443192.168.2.749782CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:15:20.849021912 CET151.101.2.114443192.168.2.749783CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.822882891 CET151.101.2.114443192.168.2.749784CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:15:48.823367119 CET151.101.2.114443192.168.2.749785CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.918549061 CET151.101.2.114443192.168.2.749787CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:16:13.921832085 CET151.101.2.114443192.168.2.749786CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.100301027 CET151.101.2.114443192.168.2.749790CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:16:40.101133108 CET151.101.2.114443192.168.2.749791CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820825100 CET151.101.2.114443192.168.2.749794CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:17:14.820924044 CET151.101.2.114443192.168.2.749795CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127480030 CET151.101.2.114443192.168.2.749803CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:17:43.127805948 CET151.101.2.114443192.168.2.749804CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378078938 CET151.101.2.114443192.168.2.749810CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025
                                                                                                                                                                                                                              Jan 13, 2021 17:18:24.378247976 CET151.101.2.114443192.168.2.749809CN=cdncert.askmediagroup.com, O="IAC Publishing, LLC", L=Oakland, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Dec 16 01:50:11 CET 2020 Wed Aug 19 02:00:00 CEST 2015Wed Apr 21 00:28:36 CEST 2021 Tue Aug 19 02:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                                                                                                                                              CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BECN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEWed Aug 19 02:00:00 CEST 2015Tue Aug 19 02:00:00 CEST 2025

                                                                                                                                                                                                                              Code Manipulations

                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                              Analysis Process: mp3rocket.exe PID: 6568 Parent PID: 5700

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:12:37
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\mp3rocket.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Users\user\Desktop\mp3rocket.exe'
                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                              File size:9763792 bytes
                                                                                                                                                                                                                              MD5 hash:A9FBD79C820E2878C052161AFE97D274
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:low

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: AskInstaller.exe PID: 6772 Parent PID: 6568

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:12:43
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:AskInstaller.exe -b -pid MP3R7 -di 120
                                                                                                                                                                                                                              Imagebase:0x1310000
                                                                                                                                                                                                                              File size:882888 bytes
                                                                                                                                                                                                                              MD5 hash:93B06056604F3227AB2E1392F250DF32
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                              • Detection: 3%, Metadefender, Browse
                                                                                                                                                                                                                              • Detection: 16%, ReversingLabs
                                                                                                                                                                                                                              Reputation:low

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: AskInstaller.exe PID: 6904 Parent PID: 6772

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:12:44
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp\AskInstaller.exe' -b -pid MP3R7 -di 120 -se
                                                                                                                                                                                                                              Imagebase:0x1310000
                                                                                                                                                                                                                              File size:882888 bytes
                                                                                                                                                                                                                              MD5 hash:93B06056604F3227AB2E1392F250DF32
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:low

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 6452 Parent PID: 6772

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:12:59
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' http://about.ask.com/en/docs/about/ask_eula.shtml
                                                                                                                                                                                                                              Imagebase:0x7ff772450000
                                                                                                                                                                                                                              File size:823560 bytes
                                                                                                                                                                                                                              MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 6040 Parent PID: 6452

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:12:59
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17410 /prefetch:2
                                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                                              File size:822536 bytes
                                                                                                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 5960 Parent PID: 6452

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:13:06
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17412 /prefetch:2
                                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                                              File size:822536 bytes
                                                                                                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 7084 Parent PID: 6452

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:13:14
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17414 /prefetch:2
                                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                                              File size:822536 bytes
                                                                                                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 6252 Parent PID: 6452

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:13:22
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17416 /prefetch:2
                                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                                              File size:822536 bytes
                                                                                                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 4740 Parent PID: 6452

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:13:35
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17420 /prefetch:2
                                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                                              File size:822536 bytes
                                                                                                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 5416 Parent PID: 6452

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:14:02
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17424 /prefetch:2
                                                                                                                                                                                                                              Imagebase:0x7ff7bb2c0000
                                                                                                                                                                                                                              File size:822536 bytes
                                                                                                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 6056 Parent PID: 6452

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:14:28
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17428 /prefetch:2
                                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                                              File size:822536 bytes
                                                                                                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 4112 Parent PID: 6452

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:14:43
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17432 /prefetch:2
                                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                                              File size:822536 bytes
                                                                                                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 1388 Parent PID: 6452

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:15:03
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17436 /prefetch:2
                                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                                              File size:822536 bytes
                                                                                                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 4496 Parent PID: 6452

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:15:19
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17440 /prefetch:2
                                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                                              File size:822536 bytes
                                                                                                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 5848 Parent PID: 6452

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:15:47
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17446 /prefetch:2
                                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                                              File size:822536 bytes
                                                                                                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 5944 Parent PID: 6452

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:16:12
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17452 /prefetch:2
                                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                                              File size:822536 bytes
                                                                                                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 5464 Parent PID: 6452

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:17:16:38
                                                                                                                                                                                                                              Start date:13/01/2021
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6452 CREDAT:17458 /prefetch:2
                                                                                                                                                                                                                              Imagebase:0xb0000
                                                                                                                                                                                                                              File size:822536 bytes
                                                                                                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                              Code Analysis

                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                Analysis Process: mp3rocket.exe PID: 6568 Parent PID: 5700 mp3rocket.exeCOMMON

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:21%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:11.5%
                                                                                                                                                                                                                                Signature Coverage:17.4%
                                                                                                                                                                                                                                Total number of Nodes:1675
                                                                                                                                                                                                                                Total number of Limit Nodes:49

                                                                                                                                                                                                                                Graph

                                                                                                                                                                                                                                execution_graph 5325 10001000 5332 100017fe 5325->5332 5327 10001017 5328 1000101b 5327->5328 5329 1000101e GlobalAlloc 5327->5329 5330 10001825 3 API calls 5328->5330 5329->5328 5331 1000102d 5330->5331 5333 10001561 3 API calls 5332->5333 5334 10001804 5333->5334 5335 1000180a 5334->5335 5336 10001816 GlobalFree 5334->5336 5335->5327 5336->5327 5337 405042 5338 405063 GetDlgItem GetDlgItem GetDlgItem 5337->5338 5339 4051ee 5337->5339 5383 403f4d SendMessageA 5338->5383 5341 4051f7 GetDlgItem CreateThread CloseHandle 5339->5341 5342 40521f 5339->5342 5341->5342 5344 40524a 5342->5344 5345 405236 ShowWindow ShowWindow 5342->5345 5346 40526c 5342->5346 5343 4050d4 5348 4050db GetClientRect GetSystemMetrics SendMessageA SendMessageA 5343->5348 5347 4052a8 5344->5347 5350 405281 ShowWindow 5344->5350 5351 40525b 5344->5351 5385 403f4d SendMessageA 5345->5385 5352 403f7f 8 API calls 5346->5352 5347->5346 5357 4052b3 SendMessageA 5347->5357 5355 40514a 5348->5355 5356 40512e SendMessageA SendMessageA 5348->5356 5353 4052a1 5350->5353 5354 405293 5350->5354 5358 403ef1 SendMessageA 5351->5358 5364 40527a 5352->5364 5360 403ef1 SendMessageA 5353->5360 5359 404f04 25 API calls 5354->5359 5361 40515d 5355->5361 5362 40514f SendMessageA 5355->5362 5356->5355 5363 4052cc CreatePopupMenu 5357->5363 5357->5364 5358->5346 5359->5353 5360->5347 5366 403f18 19 API calls 5361->5366 5362->5361 5365 405b88 18 API calls 5363->5365 5367 4052dc AppendMenuA 5365->5367 5368 40516d 5366->5368 5369 405302 5367->5369 5370 4052ef GetWindowRect 5367->5370 5371 405176 ShowWindow 5368->5371 5372 4051aa GetDlgItem SendMessageA 5368->5372 5374 40530b TrackPopupMenu 5369->5374 5370->5374 5375 405199 5371->5375 5376 40518c ShowWindow 5371->5376 5372->5364 5373 4051d1 SendMessageA SendMessageA 5372->5373 5373->5364 5374->5364 5377 405329 5374->5377 5384 403f4d SendMessageA 5375->5384 5376->5375 5379 405345 SendMessageA 5377->5379 5379->5379 5380 405362 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5379->5380 5381 405384 SendMessageA 5380->5381 5381->5381 5382 4053a5 GlobalUnlock SetClipboardData CloseClipboard 5381->5382 5382->5364 5383->5343 5384->5372 5385->5344 4461 403a45 4462 403b98 4461->4462 4463 403a5d 4461->4463 4465 403be9 4462->4465 4466 403ba9 GetDlgItem GetDlgItem 4462->4466 4463->4462 4464 403a69 4463->4464 4468 403a74 SetWindowPos 4464->4468 4469 403a87 4464->4469 4467 403c43 4465->4467 4475 401389 2 API calls 4465->4475 4470 403f18 19 API calls 4466->4470 4476 403b93 4467->4476 4535 403f64 4467->4535 4468->4469 4472 403aa4 4469->4472 4473 403a8c ShowWindow 4469->4473 4474 403bd3 KiUserCallbackDispatcher 4470->4474 4477 403ac6 4472->4477 4478 403aac DestroyWindow 4472->4478 4473->4472 4532 40140b 4474->4532 4482 403c1b 4475->4482 4480 403acb SetWindowLongA 4477->4480 4481 403adc 4477->4481 4483 403ea1 4478->4483 4480->4476 4484 403b53 4481->4484 4485 403ae8 GetDlgItem 4481->4485 4482->4467 4486 403c1f SendMessageA 4482->4486 4483->4476 4492 403ed2 ShowWindow 4483->4492 4491 403f7f 8 API calls 4484->4491 4489 403b18 4485->4489 4490 403afb SendMessageA IsWindowEnabled 4485->4490 4486->4476 4487 40140b 2 API calls 4498 403c55 4487->4498 4488 403ea3 DestroyWindow EndDialog 4488->4483 4494 403b25 4489->4494 4496 403b6c SendMessageA 4489->4496 4497 403b38 4489->4497 4504 403b1d 4489->4504 4490->4476 4490->4489 4491->4476 4492->4476 4493 405b88 18 API calls 4493->4498 4494->4496 4494->4504 4496->4484 4499 403b40 4497->4499 4500 403b55 4497->4500 4498->4476 4498->4487 4498->4488 4498->4493 4501 403f18 19 API calls 4498->4501 4505 403f18 19 API calls 4498->4505 4520 403de3 DestroyWindow 4498->4520 4503 40140b 2 API calls 4499->4503 4502 40140b 2 API calls 4500->4502 4501->4498 4502->4504 4503->4504 4504->4484 4529 403ef1 4504->4529 4506 403cd0 GetDlgItem 4505->4506 4507 403ce5 4506->4507 4508 403ced ShowWindow KiUserCallbackDispatcher 4506->4508 4507->4508 4538 403f3a EnableWindow 4508->4538 4510 403d17 EnableWindow 4513 403d2b 4510->4513 4511 403d30 GetSystemMenu EnableMenuItem SendMessageA 4512 403d60 SendMessageA 4511->4512 4511->4513 4512->4513 4513->4511 4539 403f4d SendMessageA 4513->4539 4540 405b66 lstrcpynA 4513->4540 4516 403d8e lstrlenA 4517 405b88 18 API calls 4516->4517 4518 403d9f SetWindowTextA 4517->4518 4541 401389 4518->4541 4520->4483 4521 403dfd CreateDialogParamA 4520->4521 4521->4483 4522 403e30 4521->4522 4523 403f18 19 API calls 4522->4523 4524 403e3b GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4523->4524 4525 401389 2 API calls 4524->4525 4526 403e81 4525->4526 4526->4476 4527 403e89 ShowWindow 4526->4527 4528 403f64 SendMessageA 4527->4528 4528->4483 4530 403ef8 4529->4530 4531 403efe SendMessageA 4529->4531 4530->4531 4531->4484 4533 401389 2 API calls 4532->4533 4534 401420 4533->4534 4534->4465 4536 403f7c 4535->4536 4537 403f6d SendMessageA 4535->4537 4536->4498 4537->4536 4538->4510 4539->4513 4540->4516 4543 401390 4541->4543 4542 4013fe 4542->4498 4543->4542 4544 4013cb MulDiv SendMessageA 4543->4544 4544->4543 5386 401645 5387 4029f6 18 API calls 5386->5387 5388 40164c 5387->5388 5389 4029f6 18 API calls 5388->5389 5390 401655 5389->5390 5391 4029f6 18 API calls 5390->5391 5392 40165e MoveFileA 5391->5392 5393 401671 5392->5393 5394 40166a 5392->5394 5395 405e61 2 API calls 5393->5395 5398 402169 5393->5398 5396 401423 25 API calls 5394->5396 5397 401680 5395->5397 5396->5398 5397->5398 5399 4058b4 38 API calls 5397->5399 5399->5394 5400 30c1000 5401 30c101c 5400->5401 5402 30c1007 SendMessageA 5400->5402 5402->5401 5403 30c1d01 5404 30c1fc2 2 API calls 5403->5404 5405 30c1d06 5404->5405 4747 401f51 4748 401f63 4747->4748 4749 402012 4747->4749 4750 4029f6 18 API calls 4748->4750 4752 401423 25 API calls 4749->4752 4751 401f6a 4750->4751 4753 4029f6 18 API calls 4751->4753 4757 402169 4752->4757 4754 401f73 4753->4754 4755 401f88 LoadLibraryExA 4754->4755 4756 401f7b GetModuleHandleA 4754->4756 4755->4749 4758 401f98 GetProcAddress 4755->4758 4756->4755 4756->4758 4759 401fe5 4758->4759 4760 401fa8 4758->4760 4761 404f04 25 API calls 4759->4761 4762 401fb0 4760->4762 4763 401fc7 4760->4763 4764 401fb8 4761->4764 4861 401423 4762->4861 4771 30c1c59 SendMessageA ShowWindow 4763->4771 4778 30c1759 4763->4778 4787 1000198f 4763->4787 4830 30c1855 GetProcessHeap HeapAlloc 4763->4830 4764->4757 4766 402006 FreeLibrary 4764->4766 4766->4757 4772 30c1c8d 4771->4772 4773 30c1cde SetWindowLongA 4771->4773 4774 30c1c94 KiUserCallbackDispatcher IsDialogMessageA 4772->4774 4777 30c1cdd 4772->4777 4773->4764 4774->4772 4775 30c1cb1 IsDialogMessageA 4774->4775 4775->4772 4776 30c1cc1 TranslateMessage DispatchMessageA 4775->4776 4776->4772 4777->4773 4779 30c178a 4778->4779 4864 30c1fc2 4779->4864 4781 30c179e GetDlgItem GetWindowRect MapWindowPoints CreateDialogParamA 4782 30c17df 4781->4782 4783 30c17eb SetWindowPos SetWindowLongA GetProcessHeap HeapAlloc 4781->4783 4867 30c1e27 4782->4867 4786 30c184e 4783->4786 4786->4764 4788 100019bf 4787->4788 4875 10001d3b 4788->4875 4790 100019c6 4791 10001adc 4790->4791 4792 100019d7 4790->4792 4793 100019de 4790->4793 4791->4764 4921 100023f6 4792->4921 4902 10002440 4793->4902 4798 10001a42 4802 10001a84 4798->4802 4803 10001a48 4798->4803 4799 10001a24 4934 100025fe 4799->4934 4800 100019f4 4805 100019fa 4800->4805 4810 10001a05 4800->4810 4801 10001a0d 4814 10001a03 4801->4814 4931 100014c7 4801->4931 4808 100025fe 14 API calls 4802->4808 4806 100018a1 3 API calls 4803->4806 4805->4814 4915 1000120c 4805->4915 4813 10001a5e 4806->4813 4815 10001a76 4808->4815 4925 100027cc 4810->4925 4818 100025fe 14 API calls 4813->4818 4814->4798 4814->4799 4819 10001a8b 4815->4819 4817 10001a0b 4817->4814 4818->4815 4821 10001acb 4819->4821 4960 100025c4 4819->4960 4821->4791 4824 10001ad5 GlobalFree 4821->4824 4824->4791 4827 10001ab7 4827->4821 4964 10001825 wsprintfA 4827->4964 4828 10001ab0 FreeLibrary 4828->4827 4831 30c189a 4830->4831 4832 30c188b 4830->4832 4834 30c1dd9 2 API calls 4831->4834 4833 30c1e27 2 API calls 4832->4833 4835 30c1895 4833->4835 4839 30c18a2 4834->4839 4837 30c1b1e 4835->4837 4836 30c18d7 4838 30c1e27 2 API calls 4836->4838 4837->4764 4840 30c18e1 GetProcessHeap 4838->4840 4839->4836 4996 30c1252 GetClientRect 4839->4996 4841 30c1b17 HeapFree 4840->4841 4841->4837 4843 30c18cb 4844 30c1dd9 2 API calls 4843->4844 4845 30c18d3 4844->4845 4845->4836 4846 30c18eb GetProcessHeap HeapReAlloc lstrcmpiA 4845->4846 4847 30c1946 lstrcmpiA 4846->4847 4849 30c192b 4846->4849 4848 30c196d lstrcmpiA 4847->4848 4847->4849 4848->4849 4850 30c1994 lstrcmpiA 4848->4850 4851 30c1a66 lstrcmpiA 4849->4851 4850->4849 4852 30c19bb lstrcmpiA 4850->4852 4853 30c1a77 CreateWindowExA SetPropA SendMessageA SendMessageA 4851->4853 4854 30c1a72 4851->4854 4852->4849 4855 30c19df lstrcmpiA 4852->4855 4856 30c1aeb SetWindowLongA 4853->4856 4857 30c1b06 GetProcessHeap 4853->4857 4854->4853 4855->4849 4858 30c1a03 lstrcmpiA 4855->4858 4856->4857 4857->4841 4858->4849 4859 30c1a27 lstrcmpiA 4858->4859 4859->4849 4862 404f04 25 API calls 4861->4862 4863 401431 4862->4863 4863->4764 4870 30c1dd9 4864->4870 4866 30c1fd9 4866->4781 4868 30c17e9 4867->4868 4869 30c1e30 GlobalAlloc lstrcpynA 4867->4869 4868->4786 4869->4868 4871 30c1e20 4870->4871 4872 30c1de3 4870->4872 4871->4866 4872->4871 4873 30c1e11 GlobalFree 4872->4873 4874 30c1dfd lstrcpynA 4872->4874 4873->4871 4874->4873 4967 10001541 GlobalAlloc 4875->4967 4877 10001d5c 4968 10001541 GlobalAlloc 4877->4968 4879 10001d67 4969 10001561 4879->4969 4881 10001f77 GlobalFree GlobalFree GlobalFree 4882 10001f94 4881->4882 4895 10001fde 4881->4895 4883 100022c0 4882->4883 4891 10001fa9 4882->4891 4882->4895 4885 100022d9 GetModuleHandleA 4883->4885 4883->4895 4884 10001e21 GlobalAlloc 4899 10001d6f 4884->4899 4887 100022ea LoadLibraryA 4885->4887 4888 100022fb GetProcAddress 4885->4888 4886 10001e95 GlobalFree 4886->4899 4887->4888 4887->4895 4890 1000231a lstrcatA GetProcAddress 4888->4890 4888->4895 4889 10001e70 lstrcpyA 4892 10001e7a lstrcpyA 4889->4892 4890->4895 4891->4895 4976 10001550 4891->4976 4892->4899 4894 10002267 lstrcpyA 4894->4899 4895->4790 4897 10001ed7 4897->4899 4974 1000187c GlobalSize GlobalAlloc 4897->4974 4898 1000212b GlobalFree 4898->4899 4899->4881 4899->4884 4899->4886 4899->4889 4899->4892 4899->4894 4899->4897 4899->4898 4901 10001550 2 API calls 4899->4901 4979 10001541 GlobalAlloc 4899->4979 4901->4899 4908 10002458 4902->4908 4903 10001561 3 API calls 4903->4908 4905 1000258d GlobalFree 4906 100019e4 4905->4906 4905->4908 4906->4800 4906->4801 4906->4814 4907 10001550 GlobalAlloc lstrcpyA 4907->4908 4908->4903 4908->4905 4908->4907 4909 10002515 GlobalAlloc MultiByteToWideChar 4908->4909 4910 100024f4 lstrlenA 4908->4910 4982 100015e5 4908->4982 4911 10002542 GlobalAlloc 4909->4911 4912 10002503 4909->4912 4910->4905 4910->4912 4913 10002559 GlobalFree 4911->4913 4912->4905 4987 1000276e 4912->4987 4913->4905 4917 1000121e 4915->4917 4916 100012c3 CreateMutexA 4918 100012e1 4916->4918 4917->4916 4919 100013d2 GetLastError 4918->4919 4920 100013dd 4918->4920 4919->4920 4920->4814 4922 10002406 4921->4922 4923 100019dd 4921->4923 4922->4923 4924 10002418 GlobalAlloc 4922->4924 4923->4793 4924->4922 4928 100027e9 4925->4928 4926 10002817 GlobalAlloc 4930 1000283a 4926->4930 4927 1000282a 4929 10002830 GlobalSize 4927->4929 4927->4930 4928->4926 4928->4927 4929->4930 4930->4817 4932 100014d2 4931->4932 4933 10001512 GlobalFree 4932->4933 4935 10002619 4934->4935 4937 10002706 lstrcpyA 4935->4937 4938 10002659 wsprintfA 4935->4938 4939 10002727 GlobalFree 4935->4939 4940 10002750 GlobalFree 4935->4940 4941 100026c6 lstrlenA 4935->4941 4943 100026dc lstrcpynA 4935->4943 4944 100026b0 WideCharToMultiByte 4935->4944 4945 1000266d GlobalAlloc 4935->4945 4946 1000159e 2 API calls 4935->4946 4990 10001541 GlobalAlloc 4935->4990 4991 1000160e 4935->4991 4937->4935 4938->4935 4939->4935 4940->4935 4942 10001a2a 4940->4942 4941->4935 4941->4943 4949 100018a1 4942->4949 4943->4935 4944->4935 4948 10002690 WideCharToMultiByte GlobalFree 4945->4948 4946->4935 4948->4935 4995 10001541 GlobalAlloc 4949->4995 4951 100018a7 4952 100018b4 lstrcpyA 4951->4952 4954 100018ce 4951->4954 4955 100018e8 4952->4955 4954->4955 4956 100018d3 wsprintfA 4954->4956 4957 1000159e 4955->4957 4956->4955 4958 100015e0 GlobalFree 4957->4958 4959 100015a7 GlobalAlloc lstrcpynA 4957->4959 4958->4819 4959->4958 4961 100025d2 4960->4961 4963 10001a97 4960->4963 4962 100025eb GlobalFree 4961->4962 4961->4963 4962->4961 4963->4827 4963->4828 4965 1000159e 2 API calls 4964->4965 4966 1000184f 4965->4966 4966->4821 4967->4877 4968->4879 4970 1000159a 4969->4970 4971 1000156b 4969->4971 4970->4899 4971->4970 4980 10001541 GlobalAlloc 4971->4980 4973 10001577 lstrcpyA GlobalFree 4973->4899 4975 1000189a 4974->4975 4975->4897 4981 10001541 GlobalAlloc 4976->4981 4978 10001559 lstrcpyA 4978->4895 4979->4899 4980->4973 4981->4978 4983 10001609 4982->4983 4984 100015ed 4982->4984 4983->4983 4984->4983 4985 10001550 2 API calls 4984->4985 4986 10001607 4985->4986 4986->4908 4988 100027c4 4987->4988 4989 1000277c VirtualAlloc 4987->4989 4988->4912 4989->4988 4990->4935 4992 10001617 4991->4992 4993 1000163c 4991->4993 4992->4993 4994 10001623 lstrcpyA 4992->4994 4993->4935 4994->4993 4995->4951 4997 30c1dd9 2 API calls 4996->4997 4998 30c1289 4997->4998 5012 30c12fa 4998->5012 5013 30c1329 lstrlenA CharPrevA 4998->5013 5001 30c1dd9 2 API calls 5002 30c12ad 5001->5002 5003 30c1329 4 API calls 5002->5003 5002->5012 5004 30c12c0 5003->5004 5005 30c1dd9 2 API calls 5004->5005 5006 30c12d2 5005->5006 5007 30c1329 4 API calls 5006->5007 5006->5012 5008 30c12e4 5007->5008 5009 30c1dd9 2 API calls 5008->5009 5010 30c12f6 5009->5010 5011 30c1329 4 API calls 5010->5011 5010->5012 5011->5012 5012->4843 5014 30c134d 5013->5014 5015 30c1369 5014->5015 5018 30c1354 MulDiv 5014->5018 5016 30c136e MapDialogRect 5015->5016 5019 30c129b 5015->5019 5016->5019 5018->5019 5019->5001 5406 404853 GetDlgItem GetDlgItem 5407 4048a7 7 API calls 5406->5407 5414 404ac4 5406->5414 5408 404940 SendMessageA 5407->5408 5409 40494d DeleteObject 5407->5409 5408->5409 5410 404958 5409->5410 5412 40498f 5410->5412 5413 405b88 18 API calls 5410->5413 5411 404bae 5416 404c5d 5411->5416 5421 404ab7 5411->5421 5426 404c07 SendMessageA 5411->5426 5415 403f18 19 API calls 5412->5415 5417 404971 SendMessageA SendMessageA 5413->5417 5414->5411 5440 404b38 5414->5440 5459 4047d3 SendMessageA 5414->5459 5420 4049a3 5415->5420 5418 404c72 5416->5418 5419 404c66 SendMessageA 5416->5419 5417->5410 5428 404c84 ImageList_Destroy 5418->5428 5429 404c8b 5418->5429 5435 404c9b 5418->5435 5419->5418 5425 403f18 19 API calls 5420->5425 5422 403f7f 8 API calls 5421->5422 5427 404e4d 5422->5427 5423 404ba0 SendMessageA 5423->5411 5441 4049b1 5425->5441 5426->5421 5431 404c1c SendMessageA 5426->5431 5428->5429 5433 404c94 GlobalFree 5429->5433 5429->5435 5430 404e01 5430->5421 5436 404e13 ShowWindow GetDlgItem ShowWindow 5430->5436 5432 404c2f 5431->5432 5444 404c40 SendMessageA 5432->5444 5433->5435 5434 404a85 GetWindowLongA SetWindowLongA 5437 404a9e 5434->5437 5435->5430 5443 40140b 2 API calls 5435->5443 5453 404ccd 5435->5453 5436->5421 5438 404aa4 ShowWindow 5437->5438 5439 404abc 5437->5439 5457 403f4d SendMessageA 5438->5457 5458 403f4d SendMessageA 5439->5458 5440->5411 5440->5423 5441->5434 5442 404a00 SendMessageA 5441->5442 5445 404a7f 5441->5445 5448 404a3c SendMessageA 5441->5448 5449 404a4d SendMessageA 5441->5449 5442->5441 5443->5453 5444->5416 5445->5434 5445->5437 5448->5441 5449->5441 5450 404dd7 InvalidateRect 5450->5430 5451 404ded 5450->5451 5464 4046f1 5451->5464 5452 404cfb SendMessageA 5456 404d11 5452->5456 5453->5452 5453->5456 5455 404d85 SendMessageA SendMessageA 5455->5456 5456->5450 5456->5455 5457->5421 5458->5414 5460 404832 SendMessageA 5459->5460 5461 4047f6 GetMessagePos ScreenToClient SendMessageA 5459->5461 5462 40482a 5460->5462 5461->5462 5463 40482f 5461->5463 5462->5440 5463->5460 5465 40470b 5464->5465 5466 405b88 18 API calls 5465->5466 5467 404740 5466->5467 5468 405b88 18 API calls 5467->5468 5469 40474b 5468->5469 5470 405b88 18 API calls 5469->5470 5471 40477c lstrlenA wsprintfA SetDlgItemTextA 5470->5471 5471->5430 5472 404e54 5473 404e62 5472->5473 5474 404e79 5472->5474 5475 404e68 5473->5475 5490 404ee2 5473->5490 5476 404e87 IsWindowVisible 5474->5476 5480 404e9e 5474->5480 5477 403f64 SendMessageA 5475->5477 5479 404e94 5476->5479 5476->5490 5481 404e72 5477->5481 5478 404ee8 CallWindowProcA 5478->5481 5482 4047d3 5 API calls 5479->5482 5480->5478 5491 405b66 lstrcpynA 5480->5491 5482->5480 5484 404ecd 5492 405ac4 wsprintfA 5484->5492 5486 404ed4 5487 40140b 2 API calls 5486->5487 5488 404edb 5487->5488 5493 405b66 lstrcpynA 5488->5493 5490->5478 5491->5484 5492->5486 5493->5490 5494 404356 5495 404394 5494->5495 5496 404387 5494->5496 5498 40439d GetDlgItem 5495->5498 5501 404400 5495->5501 5555 40540b GetDlgItemTextA 5496->5555 5500 4043b1 5498->5500 5499 40438e 5502 405dc8 5 API calls 5499->5502 5503 4043c5 SetWindowTextA 5500->5503 5506 4056ed 4 API calls 5500->5506 5508 405b88 18 API calls 5501->5508 5516 4044e4 5501->5516 5553 404670 5501->5553 5502->5495 5507 403f18 19 API calls 5503->5507 5505 403f7f 8 API calls 5510 404684 5505->5510 5514 4043bb 5506->5514 5511 4043e3 5507->5511 5512 404476 SHBrowseForFolderA 5508->5512 5509 404510 5513 40573a 18 API calls 5509->5513 5515 403f18 19 API calls 5511->5515 5512->5516 5517 40448e CoTaskMemFree 5512->5517 5518 404516 5513->5518 5514->5503 5521 405659 3 API calls 5514->5521 5519 4043f1 5515->5519 5516->5553 5557 40540b GetDlgItemTextA 5516->5557 5520 405659 3 API calls 5517->5520 5558 405b66 lstrcpynA 5518->5558 5556 403f4d SendMessageA 5519->5556 5523 40449b 5520->5523 5521->5503 5526 4044d2 SetDlgItemTextA 5523->5526 5530 405b88 18 API calls 5523->5530 5525 4043f9 5528 405e88 3 API calls 5525->5528 5526->5516 5527 40452d 5529 405e88 3 API calls 5527->5529 5528->5501 5537 404535 5529->5537 5531 4044ba lstrcmpiA 5530->5531 5531->5526 5534 4044cb lstrcatA 5531->5534 5532 40456f 5559 405b66 lstrcpynA 5532->5559 5534->5526 5535 404578 5536 4056ed 4 API calls 5535->5536 5538 40457e GetDiskFreeSpaceA 5536->5538 5537->5532 5541 4056a0 2 API calls 5537->5541 5542 4045c2 5537->5542 5540 4045a0 MulDiv 5538->5540 5538->5542 5540->5542 5541->5537 5543 40461f 5542->5543 5544 4046f1 21 API calls 5542->5544 5545 404642 5543->5545 5547 40140b 2 API calls 5543->5547 5546 404611 5544->5546 5560 403f3a EnableWindow 5545->5560 5548 404621 SetDlgItemTextA 5546->5548 5549 404616 5546->5549 5547->5545 5548->5543 5552 4046f1 21 API calls 5549->5552 5551 40465e 5551->5553 5554 4042eb SendMessageA 5551->5554 5552->5543 5553->5505 5554->5553 5555->5499 5556->5525 5557->5509 5558->5527 5559->5535 5560->5551 4258 404060 4259 404076 4258->4259 4265 404183 4258->4265 4287 403f18 4259->4287 4260 4041f2 4262 4042c6 4260->4262 4263 4041fc GetDlgItem 4260->4263 4296 403f7f 4262->4296 4269 404212 4263->4269 4270 404284 4263->4270 4264 4040cc 4267 403f18 19 API calls 4264->4267 4265->4260 4265->4262 4266 4041c7 GetDlgItem SendMessageA 4265->4266 4292 403f3a EnableWindow 4266->4292 4272 4040d9 CheckDlgButton 4267->4272 4269->4270 4274 404238 6 API calls 4269->4274 4270->4262 4275 404296 4270->4275 4290 403f3a EnableWindow 4272->4290 4273 4042c1 4274->4270 4278 40429c SendMessageA 4275->4278 4279 4042ad 4275->4279 4276 4041ed 4293 4042eb 4276->4293 4278->4279 4279->4273 4282 4042b3 SendMessageA 4279->4282 4281 4040f7 GetDlgItem 4291 403f4d SendMessageA 4281->4291 4282->4273 4284 40410d SendMessageA 4285 404134 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4284->4285 4286 40412b GetSysColor 4284->4286 4285->4273 4286->4285 4310 405b88 4287->4310 4290->4281 4291->4284 4292->4276 4294 4042f9 4293->4294 4295 4042fe SendMessageA 4293->4295 4294->4295 4295->4260 4297 403f97 GetWindowLongA 4296->4297 4307 404020 4296->4307 4298 403fa8 4297->4298 4297->4307 4299 403fb7 GetSysColor 4298->4299 4300 403fba 4298->4300 4299->4300 4301 403fc0 SetTextColor 4300->4301 4302 403fca SetBkMode 4300->4302 4301->4302 4303 403fe2 GetSysColor 4302->4303 4304 403fe8 4302->4304 4303->4304 4305 403ff9 4304->4305 4306 403fef SetBkColor 4304->4306 4305->4307 4308 404013 CreateBrushIndirect 4305->4308 4309 40400c DeleteObject 4305->4309 4306->4305 4307->4273 4308->4307 4309->4308 4325 405b95 4310->4325 4311 405daf 4312 403f23 SetDlgItemTextA 4311->4312 4344 405b66 lstrcpynA 4311->4344 4312->4264 4314 405c2d GetVersion 4314->4325 4315 405d86 lstrlenA 4315->4325 4316 405b88 10 API calls 4316->4315 4320 405ca5 GetSystemDirectoryA 4320->4325 4321 405cb8 GetWindowsDirectoryA 4321->4325 4323 405b88 10 API calls 4323->4325 4324 405d2f lstrcatA 4324->4325 4325->4311 4325->4314 4325->4315 4325->4316 4325->4320 4325->4321 4325->4323 4325->4324 4326 405cec SHGetSpecialFolderLocation 4325->4326 4328 405a4d RegOpenKeyExA 4325->4328 4333 405dc8 4325->4333 4342 405ac4 wsprintfA 4325->4342 4343 405b66 lstrcpynA 4325->4343 4326->4325 4327 405d04 SHGetPathFromIDListA CoTaskMemFree 4326->4327 4327->4325 4329 405a80 RegQueryValueExA 4328->4329 4330 405abe 4328->4330 4331 405aa1 RegCloseKey 4329->4331 4330->4325 4331->4330 4334 405dd4 4333->4334 4336 405e31 CharNextA 4334->4336 4338 405e3c 4334->4338 4340 405e1f CharNextA 4334->4340 4341 405e2c CharNextA 4334->4341 4345 405684 4334->4345 4335 405e40 CharPrevA 4335->4338 4336->4334 4336->4338 4338->4335 4339 405e5b 4338->4339 4339->4325 4340->4334 4341->4336 4342->4325 4343->4325 4344->4312 4346 40568a 4345->4346 4347 40569d 4346->4347 4348 405690 CharNextA 4346->4348 4347->4334 4348->4346 4545 402866 SendMessageA 4546 402880 InvalidateRect 4545->4546 4547 40288b 4545->4547 4546->4547 5573 402267 5574 4029f6 18 API calls 5573->5574 5575 402275 5574->5575 5576 4029f6 18 API calls 5575->5576 5577 40227e 5576->5577 5578 4029f6 18 API calls 5577->5578 5579 402288 GetPrivateProfileStringA 5578->5579 5587 401c6d 5588 4029d9 18 API calls 5587->5588 5589 401c73 IsWindow 5588->5589 5590 4019d6 5589->5590 5591 40366d 5592 403678 5591->5592 5593 40367f GlobalAlloc 5592->5593 5594 40367c 5592->5594 5593->5594 5595 30c1021 5596 30c1dd9 2 API calls 5595->5596 5597 30c1054 5596->5597 5598 30c10b4 5597->5598 5599 30c1dd9 2 API calls 5597->5599 5600 30c1e27 2 API calls 5598->5600 5602 30c1069 5599->5602 5601 30c10be 5600->5601 5602->5598 5603 30c106d SHBrowseForFolderA 5602->5603 5603->5598 5604 30c10c0 SHGetPathFromIDListA 5603->5604 5605 30c10d2 5604->5605 5606 30c1e27 2 API calls 5605->5606 5607 30c10e5 CoTaskMemFree 5606->5607 5607->5601 5608 30c1b23 CreateControl 5609 1000102f 5610 10001561 3 API calls 5609->5610 5612 1000104b 5610->5612 5611 100010b3 5612->5611 5613 100017fe 4 API calls 5612->5613 5614 10001068 5612->5614 5613->5614 5615 100017fe 4 API calls 5614->5615 5616 10001078 5615->5616 5617 10001088 5616->5617 5618 1000107f GlobalSize 5616->5618 5619 1000108c GlobalAlloc 5617->5619 5620 1000109d 5617->5620 5618->5617 5621 10001825 3 API calls 5619->5621 5622 100010a8 GlobalFree 5620->5622 5621->5620 5622->5611 4744 10002930 4745 10002940 VirtualProtect 4744->4745 4746 1000297b 4744->4746 4745->4746 5623 402172 5624 4029f6 18 API calls 5623->5624 5625 402178 5624->5625 5626 4029f6 18 API calls 5625->5626 5627 402181 5626->5627 5628 4029f6 18 API calls 5627->5628 5629 40218a 5628->5629 5630 405e61 2 API calls 5629->5630 5631 402193 5630->5631 5632 4021a4 lstrlenA lstrlenA 5631->5632 5633 402197 5631->5633 5635 404f04 25 API calls 5632->5635 5634 404f04 25 API calls 5633->5634 5636 40219f 5633->5636 5634->5636 5637 4021e0 SHFileOperationA 5635->5637 5637->5633 5637->5636 5638 30c1b3f 5639 30c1fc2 2 API calls 5638->5639 5640 30c1b45 IsWindow 5639->5640 5641 30c1b52 5640->5641 5646 30c13c6 GetPropA 5641->5646 5644 30c1b70 5645 30c1dd9 2 API calls 5645->5644 5647 30c13d9 5646->5647 5647->5644 5647->5645 5648 30c1c39 5651 30c1bf1 5648->5651 5652 30c1fc2 2 API calls 5651->5652 5653 30c1bf8 5652->5653 5654 30c1fc2 2 API calls 5653->5654 5655 30c1bff IsWindow 5654->5655 5656 30c1c0c 5655->5656 5657 30c1c12 5655->5657 5658 30c13c6 GetPropA 5656->5658 5658->5657 5659 40267c 5660 4029f6 18 API calls 5659->5660 5661 40268a 5660->5661 5662 4026a0 5661->5662 5663 4029f6 18 API calls 5661->5663 5664 40581e 2 API calls 5662->5664 5663->5662 5665 4026a6 5664->5665 5685 40583d GetFileAttributesA CreateFileA 5665->5685 5667 4026b3 5668 40275c 5667->5668 5669 4026bf GlobalAlloc 5667->5669 5672 402764 DeleteFileA 5668->5672 5673 402777 5668->5673 5670 402753 CloseHandle 5669->5670 5671 4026d8 5669->5671 5670->5668 5686 4031f1 SetFilePointer 5671->5686 5672->5673 5675 4026de 5676 4031bf ReadFile 5675->5676 5677 4026e7 GlobalAlloc 5676->5677 5678 4026f7 5677->5678 5679 40272b WriteFile GlobalFree 5677->5679 5681 402f18 48 API calls 5678->5681 5680 402f18 48 API calls 5679->5680 5682 402750 5680->5682 5684 402704 5681->5684 5682->5670 5683 402722 GlobalFree 5683->5679 5684->5683 5685->5667 5686->5675 5694 40277d 5695 4029d9 18 API calls 5694->5695 5696 402783 5695->5696 5697 4027a7 5696->5697 5698 4027be 5696->5698 5702 40265c 5696->5702 5699 4027ac 5697->5699 5707 4027bb 5697->5707 5700 4027d4 5698->5700 5701 4027c8 5698->5701 5708 405b66 lstrcpynA 5699->5708 5704 405b88 18 API calls 5700->5704 5703 4029d9 18 API calls 5701->5703 5703->5707 5704->5707 5707->5702 5709 405ac4 wsprintfA 5707->5709 5708->5702 5709->5702 5710 401000 5711 401037 BeginPaint GetClientRect 5710->5711 5712 40100c DefWindowProcA 5710->5712 5714 4010f3 5711->5714 5715 401179 5712->5715 5716 401073 CreateBrushIndirect FillRect DeleteObject 5714->5716 5717 4010fc 5714->5717 5716->5714 5718 401102 CreateFontIndirectA 5717->5718 5719 401167 EndPaint 5717->5719 5718->5719 5720 401112 6 API calls 5718->5720 5719->5715 5720->5719 4370 402303 4371 402309 4370->4371 4372 4029f6 18 API calls 4371->4372 4373 40231b 4372->4373 4374 4029f6 18 API calls 4373->4374 4375 402325 RegCreateKeyExA 4374->4375 4376 40234f 4375->4376 4377 40265c 4375->4377 4378 4029f6 18 API calls 4376->4378 4380 402367 4376->4380 4381 402360 lstrlenA 4378->4381 4379 402373 4383 40238e RegSetValueExA 4379->4383 4390 402f18 4379->4390 4380->4379 4387 4029d9 4380->4387 4381->4380 4384 4023a4 RegCloseKey 4383->4384 4384->4377 4388 405b88 18 API calls 4387->4388 4389 4029ed 4388->4389 4389->4379 4391 402f45 4390->4391 4392 402f29 SetFilePointer 4390->4392 4405 403043 GetTickCount 4391->4405 4392->4391 4395 402f56 ReadFile 4396 402f76 4395->4396 4404 403002 4395->4404 4397 403043 43 API calls 4396->4397 4396->4404 4398 402f8d 4397->4398 4399 403008 ReadFile 4398->4399 4400 402f9d 4398->4400 4398->4404 4399->4404 4402 402fb8 ReadFile 4400->4402 4403 402fd1 WriteFile 4400->4403 4400->4404 4402->4400 4402->4404 4403->4400 4403->4404 4404->4383 4406 403072 4405->4406 4407 4031ad 4405->4407 4418 4031f1 SetFilePointer 4406->4418 4408 402bd3 33 API calls 4407->4408 4414 402f4e 4408->4414 4410 40307d SetFilePointer 4416 4030a2 4410->4416 4414->4395 4414->4404 4415 403137 WriteFile 4415->4414 4415->4416 4416->4414 4416->4415 4417 40318e SetFilePointer 4416->4417 4419 4031bf ReadFile 4416->4419 4421 405f82 4416->4421 4428 402bd3 4416->4428 4417->4407 4418->4410 4420 4031e0 4419->4420 4420->4416 4422 405fa7 4421->4422 4423 405faf 4421->4423 4422->4416 4423->4422 4424 406036 GlobalFree 4423->4424 4425 40603f GlobalAlloc 4423->4425 4426 4060b6 GlobalAlloc 4423->4426 4427 4060ad GlobalFree 4423->4427 4424->4425 4425->4422 4425->4423 4426->4422 4426->4423 4427->4426 4429 402be1 4428->4429 4430 402bf9 4428->4430 4431 402bea DestroyWindow 4429->4431 4436 402bf1 4429->4436 4432 402c01 4430->4432 4433 402c09 GetTickCount 4430->4433 4431->4436 4443 405ec1 4432->4443 4435 402c17 4433->4435 4433->4436 4437 402c4c CreateDialogParamA ShowWindow 4435->4437 4438 402c1f 4435->4438 4436->4416 4437->4436 4438->4436 4447 402bb7 4438->4447 4440 402c2d wsprintfA 4450 404f04 4440->4450 4444 405ede PeekMessageA 4443->4444 4445 405ed4 DispatchMessageA 4444->4445 4446 405eee 4444->4446 4445->4444 4446->4436 4448 402bc6 4447->4448 4449 402bc8 MulDiv 4447->4449 4448->4449 4449->4440 4451 404f1f 4450->4451 4459 402c4a 4450->4459 4452 404f3c lstrlenA 4451->4452 4453 405b88 18 API calls 4451->4453 4454 404f65 4452->4454 4455 404f4a lstrlenA 4452->4455 4453->4452 4457 404f78 4454->4457 4458 404f6b SetWindowTextA 4454->4458 4456 404f5c lstrcatA 4455->4456 4455->4459 4456->4454 4457->4459 4460 404f7e SendMessageA SendMessageA SendMessageA 4457->4460 4458->4457 4459->4436 4460->4459 5721 402803 5722 4029d9 18 API calls 5721->5722 5723 402809 5722->5723 5724 40283a 5723->5724 5726 40265c 5723->5726 5727 402817 5723->5727 5725 405b88 18 API calls 5724->5725 5724->5726 5725->5726 5727->5726 5729 405ac4 wsprintfA 5727->5729 5729->5726 4548 401b06 4549 401b57 4548->4549 4551 401b13 4548->4551 4552 401b80 GlobalAlloc 4549->4552 4553 401b5b 4549->4553 4550 4021fb 4555 405b88 18 API calls 4550->4555 4551->4550 4558 401b2a 4551->4558 4554 405b88 18 API calls 4552->4554 4561 401b9b 4553->4561 4569 405b66 lstrcpynA 4553->4569 4554->4561 4557 402208 4555->4557 4557->4561 4570 405427 4557->4570 4567 405b66 lstrcpynA 4558->4567 4559 401b6d GlobalFree 4559->4561 4563 401b39 4568 405b66 lstrcpynA 4563->4568 4565 401b48 4574 405b66 lstrcpynA 4565->4574 4567->4563 4568->4565 4569->4559 4571 40543c 4570->4571 4572 405488 4571->4572 4573 405450 MessageBoxIndirectA 4571->4573 4572->4561 4573->4572 4574->4561 5733 402506 5734 4029d9 18 API calls 5733->5734 5737 402510 5734->5737 5735 402586 5736 402544 ReadFile 5736->5735 5736->5737 5737->5735 5737->5736 5738 402588 5737->5738 5739 402598 5737->5739 5742 405ac4 wsprintfA 5738->5742 5739->5735 5741 4025ae SetFilePointer 5739->5741 5741->5735 5742->5735 4589 40190d 4590 40190f 4589->4590 4591 4029f6 18 API calls 4590->4591 4592 401914 4591->4592 4595 40548b 4592->4595 4636 40573a 4595->4636 4598 4054a8 DeleteFileA 4603 40191d 4598->4603 4599 4054bf 4600 4055f4 4599->4600 4650 405b66 lstrcpynA 4599->4650 4600->4603 4685 405e61 FindFirstFileA 4600->4685 4602 4054e9 4604 4054fa 4602->4604 4605 4054ed lstrcatA 4602->4605 4655 4056a0 lstrlenA 4604->4655 4607 405500 4605->4607 4610 40550e lstrcatA 4607->4610 4611 405519 lstrlenA FindFirstFileA 4607->4611 4610->4611 4611->4600 4631 40553d 4611->4631 4613 405684 CharNextA 4613->4631 4615 40581e 2 API calls 4616 405629 RemoveDirectoryA 4615->4616 4617 405634 4616->4617 4618 40564b 4616->4618 4617->4603 4622 40563a 4617->4622 4619 404f04 25 API calls 4618->4619 4619->4603 4620 4055d3 FindNextFileA 4623 4055eb FindClose 4620->4623 4620->4631 4624 404f04 25 API calls 4622->4624 4623->4600 4625 405642 4624->4625 4627 4058b4 38 API calls 4625->4627 4628 405649 4627->4628 4628->4603 4630 40548b 59 API calls 4630->4631 4631->4613 4631->4620 4631->4630 4632 404f04 25 API calls 4631->4632 4635 4055b1 4631->4635 4651 405b66 lstrcpynA 4631->4651 4652 40581e GetFileAttributesA 4631->4652 4632->4620 4633 404f04 25 API calls 4633->4635 4635->4620 4635->4633 4659 4058b4 4635->4659 4691 405b66 lstrcpynA 4636->4691 4638 40574b 4692 4056ed CharNextA CharNextA 4638->4692 4641 40549f 4641->4598 4641->4599 4642 405dc8 5 API calls 4648 405761 4642->4648 4643 40578c lstrlenA 4644 405797 4643->4644 4643->4648 4645 405659 3 API calls 4644->4645 4647 40579c GetFileAttributesA 4645->4647 4646 405e61 2 API calls 4646->4648 4647->4641 4648->4641 4648->4643 4648->4646 4649 4056a0 2 API calls 4648->4649 4649->4643 4650->4602 4651->4631 4653 4055a0 DeleteFileA 4652->4653 4654 40582d SetFileAttributesA 4652->4654 4653->4631 4654->4653 4656 4056ad 4655->4656 4657 4056b2 CharPrevA 4656->4657 4658 4056be 4656->4658 4657->4656 4657->4658 4658->4607 4698 405e88 GetModuleHandleA 4659->4698 4662 40591c GetShortPathNameA 4664 405931 4662->4664 4665 405a11 4662->4665 4664->4665 4667 405939 wsprintfA 4664->4667 4665->4635 4666 405900 CloseHandle GetShortPathNameA 4666->4665 4669 405914 4666->4669 4668 405b88 18 API calls 4667->4668 4670 405961 4668->4670 4669->4662 4669->4665 4703 40583d GetFileAttributesA CreateFileA 4670->4703 4672 40596e 4672->4665 4673 40597d GetFileSize GlobalAlloc 4672->4673 4674 405a0a CloseHandle 4673->4674 4675 40599b ReadFile 4673->4675 4674->4665 4675->4674 4676 4059af 4675->4676 4676->4674 4704 4057b2 lstrlenA 4676->4704 4679 4059c4 4709 405b66 lstrcpynA 4679->4709 4680 405a1e 4681 4057b2 4 API calls 4680->4681 4683 4059d2 4681->4683 4684 4059e5 SetFilePointer WriteFile GlobalFree 4683->4684 4684->4674 4686 405619 4685->4686 4687 405e77 FindClose 4685->4687 4686->4603 4688 405659 lstrlenA CharPrevA 4686->4688 4687->4686 4689 405673 lstrcatA 4688->4689 4690 405623 4688->4690 4689->4690 4690->4615 4691->4638 4693 405707 4692->4693 4695 405713 4692->4695 4694 40570e CharNextA 4693->4694 4693->4695 4697 405730 4694->4697 4696 405684 CharNextA 4695->4696 4695->4697 4696->4695 4697->4641 4697->4642 4699 405ea4 LoadLibraryA 4698->4699 4700 405eaf GetProcAddress 4698->4700 4699->4700 4701 4058bf 4699->4701 4700->4701 4701->4662 4701->4665 4702 40583d GetFileAttributesA CreateFileA 4701->4702 4702->4666 4703->4672 4705 4057e8 lstrlenA 4704->4705 4706 4057f2 4705->4706 4707 4057c6 lstrcmpiA 4705->4707 4706->4679 4706->4680 4707->4706 4708 4057df CharNextA 4707->4708 4708->4705 4709->4683 5743 30c1c41 5744 30c1bf1 4 API calls 5743->5744 5745 30c1c48 5744->5745 5746 40430f 5747 404345 5746->5747 5748 40431f 5746->5748 5750 403f7f 8 API calls 5747->5750 5749 403f18 19 API calls 5748->5749 5751 40432c SetDlgItemTextA 5749->5751 5752 404351 5750->5752 5751->5747 5753 402615 5754 402618 5753->5754 5757 402630 5753->5757 5755 402625 FindNextFileA 5754->5755 5756 40266f 5755->5756 5755->5757 5759 405b66 lstrcpynA 5756->5759 5759->5757 5099 401e1b 5100 4029f6 18 API calls 5099->5100 5101 401e21 5100->5101 5102 404f04 25 API calls 5101->5102 5103 401e2b 5102->5103 5115 4053c6 CreateProcessA 5103->5115 5105 401e87 CloseHandle 5107 40265c 5105->5107 5106 401e50 WaitForSingleObject 5108 401e31 5106->5108 5109 401e5e GetExitCodeProcess 5106->5109 5108->5105 5108->5106 5108->5107 5110 405ec1 2 API calls 5108->5110 5111 401e70 5109->5111 5112 401e7b 5109->5112 5110->5106 5118 405ac4 wsprintfA 5111->5118 5112->5105 5114 401e79 5112->5114 5114->5105 5116 405401 5115->5116 5117 4053f5 CloseHandle 5115->5117 5116->5108 5117->5116 5118->5114 5767 401d1b GetDC GetDeviceCaps 5768 4029d9 18 API calls 5767->5768 5769 401d37 MulDiv 5768->5769 5770 4029d9 18 API calls 5769->5770 5771 401d4c 5770->5771 5772 405b88 18 API calls 5771->5772 5773 401d85 CreateFontIndirectA 5772->5773 5774 4024b8 5773->5774 5775 30c1c51 5778 30c1c26 5775->5778 5779 30c1fc2 2 API calls 5778->5779 5780 30c1c2b 5779->5780 5781 402020 5782 4029f6 18 API calls 5781->5782 5783 402027 5782->5783 5784 4029f6 18 API calls 5783->5784 5785 402031 5784->5785 5786 4029f6 18 API calls 5785->5786 5787 40203a 5786->5787 5788 4029f6 18 API calls 5787->5788 5789 402044 5788->5789 5790 4029f6 18 API calls 5789->5790 5792 40204e 5790->5792 5791 402062 CoCreateInstance 5794 402137 5791->5794 5797 402081 5791->5797 5792->5791 5793 4029f6 18 API calls 5792->5793 5793->5791 5795 401423 25 API calls 5794->5795 5796 402169 5794->5796 5795->5796 5797->5794 5798 402116 MultiByteToWideChar 5797->5798 5798->5794 4349 401721 4355 4029f6 4349->4355 4353 40172f 4354 40586c 2 API calls 4353->4354 4354->4353 4356 402a02 4355->4356 4357 405b88 18 API calls 4356->4357 4358 402a23 4357->4358 4359 401728 4358->4359 4360 405dc8 5 API calls 4358->4360 4361 40586c 4359->4361 4360->4359 4362 405877 GetTickCount GetTempFileNameA 4361->4362 4363 4058a3 4362->4363 4364 4058a7 4362->4364 4363->4362 4363->4364 4364->4353 5799 401922 5800 4029f6 18 API calls 5799->5800 5801 401929 lstrlenA 5800->5801 5802 4024b8 5801->5802 5803 402223 5804 40222b 5803->5804 5806 402231 5803->5806 5805 4029f6 18 API calls 5804->5805 5805->5806 5807 4029f6 18 API calls 5806->5807 5809 402241 5806->5809 5807->5809 5808 40224f 5810 4029f6 18 API calls 5808->5810 5809->5808 5811 4029f6 18 API calls 5809->5811 5812 402258 WritePrivateProfileStringA 5810->5812 5811->5808 5820 401a26 5821 4029d9 18 API calls 5820->5821 5822 401a2c 5821->5822 5823 4029d9 18 API calls 5822->5823 5824 4019d6 5823->5824 4575 402427 4585 402b00 4575->4585 4577 402431 4578 4029d9 18 API calls 4577->4578 4579 40243a 4578->4579 4580 40265c 4579->4580 4581 402451 RegEnumKeyA 4579->4581 4582 40245d RegEnumValueA 4579->4582 4583 402476 RegCloseKey 4581->4583 4582->4580 4582->4583 4583->4580 4586 4029f6 18 API calls 4585->4586 4587 402b19 4586->4587 4588 402b27 RegOpenKeyExA 4587->4588 4588->4577 5825 40402c lstrcpynA lstrlenA 5826 406131 5828 405fb5 5826->5828 5827 406920 5828->5827 5829 406036 GlobalFree 5828->5829 5830 40603f GlobalAlloc 5828->5830 5831 4060b6 GlobalAlloc 5828->5831 5832 4060ad GlobalFree 5828->5832 5829->5830 5830->5827 5830->5828 5831->5827 5831->5828 5832->5831 5039 401734 5040 4029f6 18 API calls 5039->5040 5041 40173b 5040->5041 5042 401761 5041->5042 5043 401759 5041->5043 5079 405b66 lstrcpynA 5042->5079 5078 405b66 lstrcpynA 5043->5078 5046 40175f 5050 405dc8 5 API calls 5046->5050 5047 40176c 5048 405659 3 API calls 5047->5048 5049 401772 lstrcatA 5048->5049 5049->5046 5052 40177e 5050->5052 5051 405e61 2 API calls 5051->5052 5052->5051 5053 40581e 2 API calls 5052->5053 5055 401795 CompareFileTime 5052->5055 5056 401859 5052->5056 5060 405b66 lstrcpynA 5052->5060 5064 405b88 18 API calls 5052->5064 5072 405427 MessageBoxIndirectA 5052->5072 5075 401830 5052->5075 5077 40583d GetFileAttributesA CreateFileA 5052->5077 5053->5052 5055->5052 5057 404f04 25 API calls 5056->5057 5058 401863 5057->5058 5061 402f18 48 API calls 5058->5061 5059 404f04 25 API calls 5066 401845 5059->5066 5060->5052 5062 401876 5061->5062 5063 40188a SetFileTime 5062->5063 5065 40189c FindCloseChangeNotification 5062->5065 5063->5065 5064->5052 5065->5066 5067 4018ad 5065->5067 5068 4018b2 5067->5068 5069 4018c5 5067->5069 5070 405b88 18 API calls 5068->5070 5071 405b88 18 API calls 5069->5071 5073 4018ba lstrcatA 5070->5073 5074 4018cd 5071->5074 5072->5052 5073->5074 5074->5066 5076 405427 MessageBoxIndirectA 5074->5076 5075->5059 5075->5066 5076->5066 5077->5052 5078->5046 5079->5047 5833 401634 5834 4029f6 18 API calls 5833->5834 5835 40163a 5834->5835 5836 405e61 2 API calls 5835->5836 5837 401640 5836->5837 5838 401934 5839 4029d9 18 API calls 5838->5839 5840 40193b 5839->5840 5841 4029d9 18 API calls 5840->5841 5842 401945 5841->5842 5843 4029f6 18 API calls 5842->5843 5844 40194e 5843->5844 5845 401961 lstrlenA 5844->5845 5846 40199c 5844->5846 5847 40196b 5845->5847 5847->5846 5851 405b66 lstrcpynA 5847->5851 5849 401985 5849->5846 5850 401992 lstrlenA 5849->5850 5850->5846 5851->5849 5859 402b3b 5860 402b63 5859->5860 5861 402b4a SetTimer 5859->5861 5862 402bb1 5860->5862 5863 402bb7 MulDiv 5860->5863 5861->5860 5864 402b71 wsprintfA SetWindowTextA SetDlgItemTextA 5863->5864 5864->5862 5119 40323c #17 SetErrorMode OleInitialize 5120 405e88 3 API calls 5119->5120 5121 40327f SHGetFileInfoA 5120->5121 5189 405b66 lstrcpynA 5121->5189 5123 4032aa GetCommandLineA 5190 405b66 lstrcpynA 5123->5190 5125 4032bc GetModuleHandleA 5126 4032d3 5125->5126 5127 405684 CharNextA 5126->5127 5128 4032e7 CharNextA 5127->5128 5133 4032f4 5128->5133 5129 40335d 5130 403370 GetTempPathA 5129->5130 5191 403208 5130->5191 5132 403386 5134 4033aa DeleteFileA 5132->5134 5135 40338a GetWindowsDirectoryA lstrcatA 5132->5135 5133->5129 5136 405684 CharNextA 5133->5136 5140 40335f 5133->5140 5199 402c72 GetTickCount GetModuleFileNameA 5134->5199 5137 403208 11 API calls 5135->5137 5136->5133 5139 4033a6 5137->5139 5139->5134 5143 403424 5139->5143 5283 405b66 lstrcpynA 5140->5283 5141 4033bb 5141->5143 5144 403414 5141->5144 5147 405684 CharNextA 5141->5147 5286 4035bd 5143->5286 5229 4036af 5144->5229 5151 4033d2 5147->5151 5149 403522 5153 4035a5 ExitProcess 5149->5153 5155 405e88 3 API calls 5149->5155 5150 40343d 5152 405427 MessageBoxIndirectA 5150->5152 5157 403453 lstrcatA lstrcmpiA 5151->5157 5158 4033ef 5151->5158 5154 40344b ExitProcess 5152->5154 5159 403531 5155->5159 5157->5143 5161 40346f CreateDirectoryA SetCurrentDirectoryA 5157->5161 5160 40573a 18 API calls 5158->5160 5162 405e88 3 API calls 5159->5162 5163 4033fa 5160->5163 5164 403491 5161->5164 5165 403486 5161->5165 5166 40353a 5162->5166 5163->5143 5284 405b66 lstrcpynA 5163->5284 5296 405b66 lstrcpynA 5164->5296 5295 405b66 lstrcpynA 5165->5295 5167 405e88 3 API calls 5166->5167 5170 403543 5167->5170 5172 403591 ExitWindowsEx 5170->5172 5177 403551 GetCurrentProcess 5170->5177 5172->5153 5176 40359e 5172->5176 5173 403409 5285 405b66 lstrcpynA 5173->5285 5175 405b88 18 API calls 5178 4034c1 DeleteFileA 5175->5178 5179 40140b 2 API calls 5176->5179 5181 403561 5177->5181 5180 4034ce CopyFileA 5178->5180 5186 40349f 5178->5186 5179->5153 5180->5186 5181->5172 5182 403516 5183 4058b4 38 API calls 5182->5183 5183->5143 5184 4058b4 38 API calls 5184->5186 5185 405b88 18 API calls 5185->5186 5186->5175 5186->5182 5186->5184 5186->5185 5187 4053c6 2 API calls 5186->5187 5188 403502 CloseHandle 5186->5188 5187->5186 5188->5186 5189->5123 5190->5125 5192 405dc8 5 API calls 5191->5192 5193 403214 5192->5193 5194 40321e 5193->5194 5195 405659 3 API calls 5193->5195 5194->5132 5196 403226 CreateDirectoryA 5195->5196 5197 40586c 2 API calls 5196->5197 5198 40323a 5197->5198 5198->5132 5297 40583d GetFileAttributesA CreateFileA 5199->5297 5201 402cb5 5228 402cc2 5201->5228 5298 405b66 lstrcpynA 5201->5298 5203 402cd8 5204 4056a0 2 API calls 5203->5204 5205 402cde 5204->5205 5299 405b66 lstrcpynA 5205->5299 5207 402ce9 GetFileSize 5208 402dea 5207->5208 5226 402d00 5207->5226 5209 402bd3 33 API calls 5208->5209 5210 402df1 5209->5210 5212 402e2d GlobalAlloc 5210->5212 5210->5228 5300 4031f1 SetFilePointer 5210->5300 5211 4031bf ReadFile 5211->5226 5215 402e44 5212->5215 5213 402e85 5216 402bd3 33 API calls 5213->5216 5220 40586c 2 API calls 5215->5220 5216->5228 5217 402e0e 5218 4031bf ReadFile 5217->5218 5221 402e19 5218->5221 5219 402bd3 33 API calls 5219->5226 5222 402e55 CreateFileA 5220->5222 5221->5212 5221->5228 5223 402e8f 5222->5223 5222->5228 5301 4031f1 SetFilePointer 5223->5301 5225 402e9d 5227 402f18 48 API calls 5225->5227 5226->5208 5226->5211 5226->5213 5226->5219 5226->5228 5227->5228 5228->5141 5230 405e88 3 API calls 5229->5230 5231 4036c3 5230->5231 5232 4036c9 5231->5232 5233 4036db 5231->5233 5311 405ac4 wsprintfA 5232->5311 5234 405a4d 3 API calls 5233->5234 5235 4036fc 5234->5235 5237 40371a lstrcatA 5235->5237 5239 405a4d 3 API calls 5235->5239 5238 4036d9 5237->5238 5302 403978 5238->5302 5239->5237 5242 40573a 18 API calls 5243 40374c 5242->5243 5244 4037d5 5243->5244 5247 405a4d 3 API calls 5243->5247 5245 40573a 18 API calls 5244->5245 5246 4037db 5245->5246 5249 4037eb LoadImageA 5246->5249 5250 405b88 18 API calls 5246->5250 5248 403778 5247->5248 5248->5244 5253 403794 lstrlenA 5248->5253 5256 405684 CharNextA 5248->5256 5251 403816 RegisterClassA 5249->5251 5252 40389f 5249->5252 5250->5249 5254 403852 SystemParametersInfoA CreateWindowExA 5251->5254 5280 4038a9 5251->5280 5255 40140b 2 API calls 5252->5255 5257 4037a2 lstrcmpiA 5253->5257 5258 4037c8 5253->5258 5254->5252 5261 4038a5 5255->5261 5259 403792 5256->5259 5257->5258 5260 4037b2 GetFileAttributesA 5257->5260 5262 405659 3 API calls 5258->5262 5259->5253 5263 4037be 5260->5263 5264 403978 19 API calls 5261->5264 5261->5280 5265 4037ce 5262->5265 5263->5258 5266 4056a0 2 API calls 5263->5266 5267 4038b6 5264->5267 5312 405b66 lstrcpynA 5265->5312 5266->5258 5269 4038c2 ShowWindow LoadLibraryA 5267->5269 5270 403945 5267->5270 5272 4038e1 LoadLibraryA 5269->5272 5273 4038e8 GetClassInfoA 5269->5273 5313 404fd6 OleInitialize 5270->5313 5272->5273 5274 403912 DialogBoxParamA 5273->5274 5275 4038fc GetClassInfoA RegisterClassA 5273->5275 5277 40140b 2 API calls 5274->5277 5275->5274 5276 40394b 5278 403967 5276->5278 5279 40394f 5276->5279 5277->5280 5281 40140b 2 API calls 5278->5281 5279->5280 5282 40140b 2 API calls 5279->5282 5280->5143 5281->5280 5282->5280 5283->5130 5284->5173 5285->5144 5287 4035d8 5286->5287 5288 4035ce CloseHandle 5286->5288 5289 4035e2 CloseHandle 5287->5289 5290 4035ec 5287->5290 5288->5287 5289->5290 5321 40361a 5290->5321 5293 40548b 68 API calls 5294 40342d OleUninitialize 5293->5294 5294->5149 5294->5150 5295->5164 5296->5186 5297->5201 5298->5203 5299->5207 5300->5217 5301->5225 5303 40398c 5302->5303 5320 405ac4 wsprintfA 5303->5320 5305 4039fd 5306 405b88 18 API calls 5305->5306 5307 403a09 SetWindowTextA 5306->5307 5308 40372a 5307->5308 5309 403a25 5307->5309 5308->5242 5309->5308 5310 405b88 18 API calls 5309->5310 5310->5309 5311->5238 5312->5244 5314 403f64 SendMessageA 5313->5314 5316 404ff9 5314->5316 5315 403f64 SendMessageA 5317 405032 OleUninitialize 5315->5317 5318 401389 2 API calls 5316->5318 5319 405020 5316->5319 5317->5276 5318->5316 5319->5315 5320->5305 5322 403628 5321->5322 5323 40362d FreeLibrary GlobalFree 5322->5323 5324 4035f1 5322->5324 5323->5323 5323->5324 5324->5293 5866 30c1b72 5867 30c1fc2 2 API calls 5866->5867 5868 30c1b78 IsWindow 5867->5868 5869 30c1b8b 5868->5869 5870 30c1b85 5868->5870 5872 30c1e27 2 API calls 5869->5872 5871 30c13c6 GetPropA 5870->5871 5871->5869 5873 30c1b9f 5872->5873 5874 40263e 5875 4029f6 18 API calls 5874->5875 5876 402645 FindFirstFileA 5875->5876 5877 402668 5876->5877 5881 402658 5876->5881 5879 40266f 5877->5879 5882 405ac4 wsprintfA 5877->5882 5883 405b66 lstrcpynA 5879->5883 5882->5879 5883->5881 4365 401cc1 GetDlgItem GetClientRect 4366 4029f6 18 API calls 4365->4366 4367 401cf1 LoadImageA SendMessageA 4366->4367 4368 40288b 4367->4368 4369 401d0f DeleteObject 4367->4369 4369->4368 5884 401dc1 5885 4029f6 18 API calls 5884->5885 5886 401dc7 5885->5886 5887 4029f6 18 API calls 5886->5887 5888 401dd0 5887->5888 5889 4029f6 18 API calls 5888->5889 5890 401dd9 5889->5890 5891 4029f6 18 API calls 5890->5891 5892 401de2 5891->5892 5893 401423 25 API calls 5892->5893 5894 401de9 ShellExecuteA 5893->5894 5895 401e16 5894->5895 5896 401ec5 5897 4029f6 18 API calls 5896->5897 5898 401ecc GetFileVersionInfoSizeA 5897->5898 5899 401eef GlobalAlloc 5898->5899 5900 401f45 5898->5900 5899->5900 5901 401f03 GetFileVersionInfoA 5899->5901 5901->5900 5902 401f14 VerQueryValueA 5901->5902 5902->5900 5903 401f2d 5902->5903 5907 405ac4 wsprintfA 5903->5907 5905 401f39 5908 405ac4 wsprintfA 5905->5908 5907->5905 5908->5900 5912 30c1480 5913 30c13c6 GetPropA 5912->5913 5914 30c148b 5913->5914 5915 30c14c6 5914->5915 5916 30c14ae CallWindowProcA 5914->5916 5917 30c1495 LoadCursorA SetCursor 5914->5917 5916->5915 5917->5915 5918 4025cc 5919 4025d3 5918->5919 5920 402838 5918->5920 5921 4029d9 18 API calls 5919->5921 5922 4025de 5921->5922 5923 4025e5 SetFilePointer 5922->5923 5923->5920 5924 4025f5 5923->5924 5926 405ac4 wsprintfA 5924->5926 5926->5920 5088 4014d6 5089 4029d9 18 API calls 5088->5089 5090 4014dc Sleep 5089->5090 5092 40288b 5090->5092 5934 4018d8 5935 40190f 5934->5935 5936 4029f6 18 API calls 5935->5936 5937 401914 5936->5937 5938 40548b 68 API calls 5937->5938 5939 40191d 5938->5939 5940 4018db 5941 4029f6 18 API calls 5940->5941 5942 4018e2 5941->5942 5943 405427 MessageBoxIndirectA 5942->5943 5944 4018eb 5943->5944 5945 100023a1 5946 10002406 5945->5946 5947 1000243c 5945->5947 5946->5947 5948 10002418 GlobalAlloc 5946->5948 5948->5946 5949 401ae5 5950 4029f6 18 API calls 5949->5950 5951 401aec 5950->5951 5952 4029d9 18 API calls 5951->5952 5953 401af5 wsprintfA 5952->5953 5954 40288b 5953->5954 5955 4019e6 5956 4029f6 18 API calls 5955->5956 5957 4019ef ExpandEnvironmentStringsA 5956->5957 5958 401a03 5957->5958 5960 401a16 5957->5960 5959 401a08 lstrcmpA 5958->5959 5958->5960 5959->5960 5968 4014f0 SetForegroundWindow 5969 40288b 5968->5969 5970 4021f4 5971 4021fb 5970->5971 5973 40220e 5970->5973 5972 405b88 18 API calls 5971->5972 5974 402208 5972->5974 5974->5973 5975 405427 MessageBoxIndirectA 5974->5975 5975->5973 5976 100010b7 5977 100017fe 4 API calls 5976->5977 5978 100010ce GlobalFree 5977->5978 5979 30c1bb4 5980 30c1fc2 2 API calls 5979->5980 5981 30c1bba 5980->5981 5982 30c1fc2 2 API calls 5981->5982 5983 30c1bc1 5982->5983 5984 30c1bdc 5983->5984 5985 30c1bc9 SetTimer 5983->5985 5985->5984 5986 4016fa 5987 4029f6 18 API calls 5986->5987 5988 401701 SearchPathA 5987->5988 5989 40171c 5988->5989 5990 4025fb 5991 402602 5990->5991 5992 40288b 5990->5992 5993 402608 FindClose 5991->5993 5993->5992 5994 4014fe 5995 401506 5994->5995 5997 401519 5994->5997 5996 4029d9 18 API calls 5995->5996 5996->5997 5998 30c14ca 5999 30c1722 5998->5999 6000 30c14e2 5998->6000 6004 30c172e RemovePropA 5999->6004 6016 30c1549 5999->6016 6001 30c15d7 6000->6001 6002 30c14f7 6000->6002 6015 30c15de 6000->6015 6008 30c13c6 GetPropA 6001->6008 6005 30c14fe 6002->6005 6006 30c1533 GetDlgItem 6002->6006 6003 30c13c6 GetPropA 6007 30c1636 6003->6007 6004->6004 6004->6016 6011 30c151b SendMessageA 6005->6011 6005->6016 6009 30c13c6 GetPropA 6006->6009 6010 30c163e GetWindowTextA DrawTextA 6007->6010 6007->6016 6008->6015 6009->6016 6013 30c1691 6010->6013 6011->6016 6012 30c16f8 6012->6016 6019 30c1710 DrawFocusRect 6012->6019 6013->6012 6014 30c16c5 GetWindowLongA 6013->6014 6017 30c16d4 SetTextColor 6014->6017 6018 30c16e2 DrawTextA 6014->6018 6015->6003 6015->6016 6017->6018 6018->6012 6019->6016 6020 401c8a 6021 4029d9 18 API calls 6020->6021 6022 401c91 6021->6022 6023 4029d9 18 API calls 6022->6023 6024 401c99 GetDlgItem 6023->6024 6025 4024b8 6024->6025 6026 40468b 6027 4046b7 6026->6027 6028 40469b 6026->6028 6030 4046ea 6027->6030 6031 4046bd SHGetPathFromIDListA 6027->6031 6037 40540b GetDlgItemTextA 6028->6037 6033 4046d4 SendMessageA 6031->6033 6034 4046cd 6031->6034 6032 4046a8 SendMessageA 6032->6027 6033->6030 6035 40140b 2 API calls 6034->6035 6035->6033 6037->6032 6038 401490 6039 404f04 25 API calls 6038->6039 6040 401497 6039->6040 6041 30c1bde 6042 30c1fc2 2 API calls 6041->6042 6043 30c1be3 KillTimer 6042->6043 5080 401d95 5081 4029d9 18 API calls 5080->5081 5082 401d9b 5081->5082 5083 4029d9 18 API calls 5082->5083 5084 401da4 5083->5084 5085 401db6 EnableWindow 5084->5085 5086 401dab ShowWindow 5084->5086 5087 40288b 5085->5087 5086->5087 6044 401e95 6045 4029f6 18 API calls 6044->6045 6046 401e9c 6045->6046 6047 405e61 2 API calls 6046->6047 6048 401ea2 6047->6048 6050 401eb4 6048->6050 6051 405ac4 wsprintfA 6048->6051 6051->6050 6052 401595 6053 4029f6 18 API calls 6052->6053 6054 40159c SetFileAttributesA 6053->6054 6055 4015ae 6054->6055 6056 100010d6 6057 10001104 6056->6057 6058 10001561 3 API calls 6057->6058 6059 10001114 6058->6059 6060 100011ba GlobalFree 6059->6060 6061 100015e5 2 API calls 6059->6061 6062 10001561 3 API calls 6059->6062 6063 100011b9 6059->6063 6064 100011e0 GlobalFree 6059->6064 6065 1000159e 2 API calls 6059->6065 6066 1000114b GlobalAlloc 6059->6066 6067 1000160e lstrcpyA 6059->6067 6068 100011a7 GlobalFree 6059->6068 6061->6059 6062->6059 6063->6060 6064->6059 6065->6068 6066->6059 6067->6059 6068->6059 6069 401696 6070 4029f6 18 API calls 6069->6070 6071 40169c GetFullPathNameA 6070->6071 6072 4016b3 6071->6072 6078 4016d4 6071->6078 6074 405e61 2 API calls 6072->6074 6072->6078 6073 4016e8 GetShortPathNameA 6075 40288b 6073->6075 6076 4016c4 6074->6076 6076->6078 6079 405b66 lstrcpynA 6076->6079 6078->6073 6078->6075 6079->6078 6080 40249c 6081 4029f6 18 API calls 6080->6081 6082 4024a3 6081->6082 6085 40583d GetFileAttributesA CreateFileA 6082->6085 6084 4024af 6085->6084 6086 10001adf 6087 10001561 3 API calls 6086->6087 6088 10001b05 6087->6088 6089 10001561 3 API calls 6088->6089 6090 10001b0d 6089->6090 6091 10001561 3 API calls 6090->6091 6094 10001b4a __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 6090->6094 6092 10001b2f 6091->6092 6093 10001b38 GlobalFree 6092->6093 6093->6094 6095 1000159e 2 API calls 6094->6095 6096 10001cc1 GlobalFree GlobalFree 6095->6096 6097 30c10ef 6098 30c1dd9 2 API calls 6097->6098 6099 30c1151 6098->6099 6100 30c1dd9 2 API calls 6099->6100 6101 30c1158 6100->6101 6102 30c1dd9 2 API calls 6101->6102 6103 30c115f lstrcmpiA GetFileAttributesA 6102->6103 6104 30c1185 6103->6104 6105 30c11a7 6103->6105 6104->6105 6106 30c1189 lstrcpyA 6104->6106 6107 30c11bc 6105->6107 6108 30c11b0 lstrcpyA 6105->6108 6106->6105 6109 30c11de GetCurrentDirectoryA 6107->6109 6110 30c11d2 CharNextA 6107->6110 6108->6107 6111 30c11fd GetSaveFileNameA 6109->6111 6112 30c1205 GetOpenFileNameA 6109->6112 6110->6107 6113 30c1207 6111->6113 6112->6113 6114 30c120b CommDlgExtendedError 6113->6114 6119 30c1231 6113->6119 6115 30c1218 6114->6115 6114->6119 6117 30c122f GetOpenFileNameA 6115->6117 6118 30c1227 GetSaveFileNameA 6115->6118 6116 30c1e27 2 API calls 6120 30c1246 SetCurrentDirectoryA 6116->6120 6117->6119 6118->6119 6119->6116 6121 401ca5 6122 4029d9 18 API calls 6121->6122 6123 401cb5 SetWindowLongA 6122->6123 6124 40288b 6123->6124 6125 4022a7 6126 4022d7 6125->6126 6127 4022ac 6125->6127 6129 4029f6 18 API calls 6126->6129 6128 402b00 19 API calls 6127->6128 6130 4022b3 6128->6130 6131 4022de 6129->6131 6132 4029f6 18 API calls 6130->6132 6135 4022f4 6130->6135 6136 402a36 RegOpenKeyExA 6131->6136 6133 4022c4 RegDeleteValueA RegCloseKey 6132->6133 6133->6135 6139 402a61 6136->6139 6145 402aad 6136->6145 6137 402a87 RegEnumKeyA 6138 402a99 RegCloseKey 6137->6138 6137->6139 6141 405e88 3 API calls 6138->6141 6139->6137 6139->6138 6140 402abe RegCloseKey 6139->6140 6142 402a36 3 API calls 6139->6142 6140->6145 6143 402aa9 6141->6143 6142->6139 6144 402ad9 RegDeleteKeyA 6143->6144 6143->6145 6144->6145 6145->6135 6146 100013e7 6147 100013ff 6146->6147 6148 1000187c 2 API calls 6147->6148 6149 1000141a 6148->6149 6150 100018ec 6151 1000191b 6150->6151 6152 10001d3b 20 API calls 6151->6152 6153 10001922 6152->6153 6154 10001935 6153->6154 6155 10001929 6153->6155 6157 1000195c 6154->6157 6158 1000193f 6154->6158 6156 1000159e 2 API calls 6155->6156 6161 10001933 6156->6161 6159 10001962 6157->6159 6160 10001986 6157->6160 6162 10001825 3 API calls 6158->6162 6163 100018a1 3 API calls 6159->6163 6164 10001825 3 API calls 6160->6164 6165 10001944 6162->6165 6166 10001967 6163->6166 6164->6161 6167 100018a1 3 API calls 6165->6167 6168 1000159e 2 API calls 6166->6168 6169 1000194a 6167->6169 6170 1000196d GlobalFree 6168->6170 6171 1000159e 2 API calls 6169->6171 6170->6161 6172 10001981 GlobalFree 6170->6172 6173 10001950 GlobalFree 6171->6173 6172->6161 6173->6161 4710 401bad 4711 4029d9 18 API calls 4710->4711 4712 401bb4 4711->4712 4713 4029d9 18 API calls 4712->4713 4714 401bbe 4713->4714 4715 401bce 4714->4715 4716 4029f6 18 API calls 4714->4716 4717 401bde 4715->4717 4720 4029f6 18 API calls 4715->4720 4716->4715 4718 401be9 4717->4718 4719 401c2d 4717->4719 4721 4029d9 18 API calls 4718->4721 4722 4029f6 18 API calls 4719->4722 4720->4717 4723 401bee 4721->4723 4724 401c32 4722->4724 4725 4029d9 18 API calls 4723->4725 4726 4029f6 18 API calls 4724->4726 4727 401bf7 4725->4727 4728 401c3b FindWindowExA 4726->4728 4729 401c1d SendMessageA 4727->4729 4730 401bff SendMessageTimeoutA 4727->4730 4731 401c59 4728->4731 4729->4731 4730->4731 4732 4023af 4733 402b00 19 API calls 4732->4733 4734 4023b9 4733->4734 4735 4029f6 18 API calls 4734->4735 4736 4023c2 4735->4736 4737 4023cc RegQueryValueExA 4736->4737 4740 40265c 4736->4740 4738 4023ec 4737->4738 4741 4023f2 RegCloseKey 4737->4741 4738->4741 4743 405ac4 wsprintfA 4738->4743 4741->4740 4743->4741 5020 4015b3 5021 4029f6 18 API calls 5020->5021 5022 4015ba 5021->5022 5023 4056ed 4 API calls 5022->5023 5024 4015c2 5023->5024 5025 40160a 5024->5025 5026 405684 CharNextA 5024->5026 5027 40162d 5025->5027 5028 40160f 5025->5028 5029 4015d0 CreateDirectoryA 5026->5029 5033 401423 25 API calls 5027->5033 5030 401423 25 API calls 5028->5030 5029->5024 5031 4015e5 GetLastError 5029->5031 5032 401616 5030->5032 5031->5024 5034 4015f2 GetFileAttributesA 5031->5034 5038 405b66 lstrcpynA 5032->5038 5037 402169 5033->5037 5034->5024 5036 401621 SetCurrentDirectoryA 5036->5037 5038->5036 6174 4019b5 6175 4029f6 18 API calls 6174->6175 6176 4019bc 6175->6176 6177 4029f6 18 API calls 6176->6177 6178 4019c5 6177->6178 6179 4019cc lstrcmpiA 6178->6179 6180 4019de lstrcmpA 6178->6180 6181 4019d2 6179->6181 6180->6181 5093 30c13fb 5094 30c1428 CallWindowProcA 5093->5094 5095 30c1409 5093->5095 5096 30c1424 5094->5096 5097 30c1448 5094->5097 5095->5094 5095->5096 5097->5096 5098 30c144c DestroyWindow GetProcessHeap HeapFree 5097->5098 5098->5096 6182 4014b7 6183 4014bd 6182->6183 6184 401389 2 API calls 6183->6184 6185 4014c5 6184->6185 6186 4024be 6187 4024c3 6186->6187 6188 4024d4 6186->6188 6189 4029d9 18 API calls 6187->6189 6190 4029f6 18 API calls 6188->6190 6192 4024ca 6189->6192 6191 4024db lstrlenA 6190->6191 6191->6192 6193 4024fa WriteFile 6192->6193 6194 40265c 6192->6194 6193->6194

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 0040323C, Relevance: 72.0, APIs: 23, Strings: 18, Instructions: 270filestringcomCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 0 40323c-4032d1 #17 SetErrorMode OleInitialize call 405e88 SHGetFileInfoA call 405b66 GetCommandLineA call 405b66 GetModuleHandleA 7 4032d3-4032d8 0->7 8 4032dd-4032f2 call 405684 CharNextA 0->8 7->8 11 403357-40335b 8->11 12 4032f4-4032f7 11->12 13 40335d 11->13 14 4032f9-4032fd 12->14 15 4032ff-403307 12->15 16 403370-403388 GetTempPathA call 403208 13->16 14->14 14->15 17 403309-40330a 15->17 18 40330f-403312 15->18 25 4033aa-4033c1 DeleteFileA call 402c72 16->25 26 40338a-4033a8 GetWindowsDirectoryA lstrcatA call 403208 16->26 17->18 20 403314-403318 18->20 21 403347-403354 call 405684 18->21 23 403328-40332e 20->23 24 40331a-403323 20->24 21->11 38 403356 21->38 30 403330-403339 23->30 31 40333e-403345 23->31 24->23 28 403325 24->28 40 403428-403437 call 4035bd OleUninitialize 25->40 41 4033c3-4033c9 25->41 26->25 26->40 28->23 30->31 35 40333b 30->35 31->21 36 40335f-40336b call 405b66 31->36 35->31 36->16 38->11 48 403522-403528 40->48 49 40343d-40344d call 405427 ExitProcess 40->49 42 403418-40341f call 4036af 41->42 43 4033cb-4033d4 call 405684 41->43 50 403424 42->50 55 4033df-4033e1 43->55 53 4035a5-4035ad 48->53 54 40352a-403547 call 405e88 * 3 48->54 50->40 60 4035b3-4035b7 ExitProcess 53->60 61 4035af 53->61 80 403591-40359c ExitWindowsEx 54->80 81 403549-40354b 54->81 56 4033e3-4033ed 55->56 57 4033d6-4033dc 55->57 62 403453-40346d lstrcatA lstrcmpiA 56->62 63 4033ef-4033fc call 40573a 56->63 57->56 65 4033de 57->65 61->60 62->40 67 40346f-403484 CreateDirectoryA SetCurrentDirectoryA 62->67 63->40 74 4033fe-403414 call 405b66 * 2 63->74 65->55 70 403491-4034ab call 405b66 67->70 71 403486-40348c call 405b66 67->71 83 4034b0-4034cc call 405b88 DeleteFileA 70->83 71->70 74->42 80->53 87 40359e-4035a0 call 40140b 80->87 81->80 84 40354d-40354f 81->84 92 40350d-403514 83->92 93 4034ce-4034de CopyFileA 83->93 84->80 88 403551-403563 GetCurrentProcess 84->88 87->53 88->80 97 403565-403587 88->97 92->83 95 403516-40351d call 4058b4 92->95 93->92 96 4034e0-403500 call 4058b4 call 405b88 call 4053c6 93->96 95->40 96->92 107 403502-403509 CloseHandle 96->107 97->80 107->92
                                                                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                                                                			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v396;
				int _v400;
				int _v404;
				CHAR* _v408;
				intOrPtr _v412;
				int _v416;
				intOrPtr _v420;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				int _t56;
				signed int _t60;
				intOrPtr _t71;
				intOrPtr _t77;
				void* _t79;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				intOrPtr _t113;
				char _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f58 = _t34;
				 *0x423ea4 = E00405E88(8);
				SHGetFileInfoA(0x41f458, 0,  &_v360, 0x160, 0); // executed
				E00405B66("MP3 Rocket 6.2.4 Setup", "NSIS Error");
				_t39 = GetCommandLineA();
				_t96 = "\"C:\\Users\\frontdesk\\Desktop\\mp3rocket.exe\" ";
				E00405B66(_t96, _t39);
				 *0x423ea0 = GetModuleHandleA(0);
				_t42 = _t96;
				if("\"C:\\Users\\frontdesk\\Desktop\\mp3rocket.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E00405684(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t91 =  *_t44;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E00405684(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								_t45 = _t44 + 2;
								__eflags = _t44 + 2;
								E00405B66("C:\\Program Files (x86)\\MP3 Rocket", _t45);
								L20:
								_t105 = "C:\\Users\\FRONTD~1\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105);
								_t48 = E00403208(_t109);
								_t110 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C72(_t111, _t99); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										E004035BD();
										__imp__OleUninitialize();
										if(_v408 == 0) {
											__eflags =  *0x423f34; // 0x0
											if(__eflags != 0) {
												_t106 = E00405E88(3);
												_t100 = E00405E88(4);
												_t55 = E00405E88(5);
												__eflags = _t106;
												_t97 = _t55;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t60 =  *_t106(GetCurrentProcess(), 0x28,  &_v396);
															__eflags = _t60;
															if(_t60 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v400);
																_v416 = 1;
																_v404 = 2;
																 *_t97(_v420, 0,  &_v416, 0, 0, 0);
															}
														}
													}
												}
												_t56 = ExitWindowsEx(2, 0);
												__eflags = _t56;
												if(_t56 == 0) {
													E0040140B(9);
												}
											}
											_t52 =  *0x423f4c; // 0xffffffff
											__eflags = _t52 - 0xffffffff;
											if(_t52 != 0xffffffff) {
												_v400 = _t52;
											}
											ExitProcess(_v400);
										}
										E00405427(_v408, 0x200010);
										ExitProcess(2);
									}
									_t113 =  *0x423ebc; // 0x0
									if(_t113 == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v400 = E004036AF();
										goto L32;
									}
									_t103 = E00405684(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v408 = "Error launching installer";
									if(_t103 < _t96) {
										lstrcatA(_t105, "~nsu.tmp");
										_t101 = "C:\\Users\\frontdesk\\Desktop";
										if(lstrcmpiA(_t105, "C:\\Users\\frontdesk\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 = "C:\\Program Files (x86)\\MP3 Rocket"; // 0x43
										if(_t120 == 0) {
											E00405B66("C:\\Program Files (x86)\\MP3 Rocket", _t101);
										}
										E00405B66(0x424000, _v396);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											_t71 =  *0x423eb0; // 0x5405b0
											E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)(_t71 + 0x120)));
											DeleteFileA(0x41f058);
											if(_v416 != 0 && CopyFileA("C:\\Users\\frontdesk\\Desktop\\mp3rocket.exe", 0x41f058, 1) != 0) {
												_push(0);
												_push(0x41f058);
												E004058B4();
												_t77 =  *0x423eb0; // 0x5405b0
												E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)(_t77 + 0x124)));
												_t79 = E004053C6(0x41f058);
												if(_t79 != 0) {
													CloseHandle(_t79);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E004058B4();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E0040573A(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E00405B66("C:\\Program Files (x86)\\MP3 Rocket", _t104);
									E00405B66("C:\\Users\\FRONTD~1\\AppData\\Local\\Temp\\nsc308D.tmp", _t104);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								lstrcatA(_t105, "\\Temp");
								_t89 = E00403208(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}









































                                                                                                                                                                                                                                0x00403248
                                                                                                                                                                                                                                0x0040324c
                                                                                                                                                                                                                                0x00403254
                                                                                                                                                                                                                                0x00403256
                                                                                                                                                                                                                                0x0040325b
                                                                                                                                                                                                                                0x00403266
                                                                                                                                                                                                                                0x0040326d
                                                                                                                                                                                                                                0x00403275
                                                                                                                                                                                                                                0x0040327f
                                                                                                                                                                                                                                0x00403295
                                                                                                                                                                                                                                0x004032a5
                                                                                                                                                                                                                                0x004032aa
                                                                                                                                                                                                                                0x004032b0
                                                                                                                                                                                                                                0x004032b7
                                                                                                                                                                                                                                0x004032ca
                                                                                                                                                                                                                                0x004032cf
                                                                                                                                                                                                                                0x004032d1
                                                                                                                                                                                                                                0x004032d3
                                                                                                                                                                                                                                0x004032d8
                                                                                                                                                                                                                                0x004032d8
                                                                                                                                                                                                                                0x004032e8
                                                                                                                                                                                                                                0x004032ee
                                                                                                                                                                                                                                0x00403357
                                                                                                                                                                                                                                0x00403357
                                                                                                                                                                                                                                0x00403359
                                                                                                                                                                                                                                0x0040335b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004032f4
                                                                                                                                                                                                                                0x004032f7
                                                                                                                                                                                                                                0x004032ff
                                                                                                                                                                                                                                0x004032ff
                                                                                                                                                                                                                                0x00403302
                                                                                                                                                                                                                                0x00403307
                                                                                                                                                                                                                                0x00403309
                                                                                                                                                                                                                                0x00403309
                                                                                                                                                                                                                                0x0040330a
                                                                                                                                                                                                                                0x0040330a
                                                                                                                                                                                                                                0x0040330f
                                                                                                                                                                                                                                0x00403312
                                                                                                                                                                                                                                0x00403347
                                                                                                                                                                                                                                0x0040334c
                                                                                                                                                                                                                                0x00403351
                                                                                                                                                                                                                                0x00403354
                                                                                                                                                                                                                                0x00403356
                                                                                                                                                                                                                                0x00403356
                                                                                                                                                                                                                                0x00403356
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403314
                                                                                                                                                                                                                                0x00403314
                                                                                                                                                                                                                                0x00403315
                                                                                                                                                                                                                                0x00403318
                                                                                                                                                                                                                                0x00403320
                                                                                                                                                                                                                                0x00403323
                                                                                                                                                                                                                                0x00403325
                                                                                                                                                                                                                                0x00403325
                                                                                                                                                                                                                                0x00403325
                                                                                                                                                                                                                                0x00403323
                                                                                                                                                                                                                                0x00403328
                                                                                                                                                                                                                                0x0040332e
                                                                                                                                                                                                                                0x00403336
                                                                                                                                                                                                                                0x00403339
                                                                                                                                                                                                                                0x0040333b
                                                                                                                                                                                                                                0x0040333b
                                                                                                                                                                                                                                0x0040333b
                                                                                                                                                                                                                                0x00403339
                                                                                                                                                                                                                                0x0040333e
                                                                                                                                                                                                                                0x00403345
                                                                                                                                                                                                                                0x0040335f
                                                                                                                                                                                                                                0x00403362
                                                                                                                                                                                                                                0x00403362
                                                                                                                                                                                                                                0x0040336b
                                                                                                                                                                                                                                0x00403370
                                                                                                                                                                                                                                0x00403370
                                                                                                                                                                                                                                0x0040337b
                                                                                                                                                                                                                                0x00403381
                                                                                                                                                                                                                                0x00403386
                                                                                                                                                                                                                                0x00403388
                                                                                                                                                                                                                                0x004033aa
                                                                                                                                                                                                                                0x004033af
                                                                                                                                                                                                                                0x004033b6
                                                                                                                                                                                                                                0x004033bd
                                                                                                                                                                                                                                0x004033c1
                                                                                                                                                                                                                                0x00403428
                                                                                                                                                                                                                                0x00403428
                                                                                                                                                                                                                                0x0040342d
                                                                                                                                                                                                                                0x00403437
                                                                                                                                                                                                                                0x00403522
                                                                                                                                                                                                                                0x00403528
                                                                                                                                                                                                                                0x00403533
                                                                                                                                                                                                                                0x0040353c
                                                                                                                                                                                                                                0x0040353e
                                                                                                                                                                                                                                0x00403543
                                                                                                                                                                                                                                0x00403545
                                                                                                                                                                                                                                0x00403547
                                                                                                                                                                                                                                0x00403549
                                                                                                                                                                                                                                0x0040354b
                                                                                                                                                                                                                                0x0040354d
                                                                                                                                                                                                                                0x0040354f
                                                                                                                                                                                                                                0x0040355f
                                                                                                                                                                                                                                0x00403561
                                                                                                                                                                                                                                0x00403563
                                                                                                                                                                                                                                0x00403570
                                                                                                                                                                                                                                0x0040357f
                                                                                                                                                                                                                                0x00403587
                                                                                                                                                                                                                                0x0040358f
                                                                                                                                                                                                                                0x0040358f
                                                                                                                                                                                                                                0x00403563
                                                                                                                                                                                                                                0x0040354f
                                                                                                                                                                                                                                0x0040354b
                                                                                                                                                                                                                                0x00403594
                                                                                                                                                                                                                                0x0040359a
                                                                                                                                                                                                                                0x0040359c
                                                                                                                                                                                                                                0x004035a0
                                                                                                                                                                                                                                0x004035a0
                                                                                                                                                                                                                                0x0040359c
                                                                                                                                                                                                                                0x004035a5
                                                                                                                                                                                                                                0x004035aa
                                                                                                                                                                                                                                0x004035ad
                                                                                                                                                                                                                                0x004035af
                                                                                                                                                                                                                                0x004035af
                                                                                                                                                                                                                                0x004035b7
                                                                                                                                                                                                                                0x004035b7
                                                                                                                                                                                                                                0x00403446
                                                                                                                                                                                                                                0x0040344d
                                                                                                                                                                                                                                0x0040344d
                                                                                                                                                                                                                                0x004033c3
                                                                                                                                                                                                                                0x004033c9
                                                                                                                                                                                                                                0x00403418
                                                                                                                                                                                                                                0x00403418
                                                                                                                                                                                                                                0x00403424
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403424
                                                                                                                                                                                                                                0x004033d2
                                                                                                                                                                                                                                0x004033df
                                                                                                                                                                                                                                0x004033d6
                                                                                                                                                                                                                                0x004033dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004033de
                                                                                                                                                                                                                                0x004033de
                                                                                                                                                                                                                                0x004033de
                                                                                                                                                                                                                                0x004033e3
                                                                                                                                                                                                                                0x004033e5
                                                                                                                                                                                                                                0x004033ed
                                                                                                                                                                                                                                0x00403459
                                                                                                                                                                                                                                0x0040345e
                                                                                                                                                                                                                                0x0040346d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403471
                                                                                                                                                                                                                                0x00403478
                                                                                                                                                                                                                                0x0040347e
                                                                                                                                                                                                                                0x00403484
                                                                                                                                                                                                                                0x0040348c
                                                                                                                                                                                                                                0x0040348c
                                                                                                                                                                                                                                0x0040349a
                                                                                                                                                                                                                                0x004034a1
                                                                                                                                                                                                                                0x004034aa
                                                                                                                                                                                                                                0x004034b0
                                                                                                                                                                                                                                0x004034b0
                                                                                                                                                                                                                                0x004034bc
                                                                                                                                                                                                                                0x004034c2
                                                                                                                                                                                                                                0x004034cc
                                                                                                                                                                                                                                0x004034e0
                                                                                                                                                                                                                                0x004034e1
                                                                                                                                                                                                                                0x004034e2
                                                                                                                                                                                                                                0x004034e7
                                                                                                                                                                                                                                0x004034f3
                                                                                                                                                                                                                                0x004034f9
                                                                                                                                                                                                                                0x00403500
                                                                                                                                                                                                                                0x00403503
                                                                                                                                                                                                                                0x00403509
                                                                                                                                                                                                                                0x00403509
                                                                                                                                                                                                                                0x00403500
                                                                                                                                                                                                                                0x0040350d
                                                                                                                                                                                                                                0x00403513
                                                                                                                                                                                                                                0x00403513
                                                                                                                                                                                                                                0x00403516
                                                                                                                                                                                                                                0x00403517
                                                                                                                                                                                                                                0x00403518
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403518
                                                                                                                                                                                                                                0x004033ef
                                                                                                                                                                                                                                0x004033f1
                                                                                                                                                                                                                                0x004033fc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403404
                                                                                                                                                                                                                                0x0040340f
                                                                                                                                                                                                                                0x00403414
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403414
                                                                                                                                                                                                                                0x00403390
                                                                                                                                                                                                                                0x0040339c
                                                                                                                                                                                                                                0x004033a1
                                                                                                                                                                                                                                0x004033a6
                                                                                                                                                                                                                                0x004033a8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004033a8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403345
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004032f9
                                                                                                                                                                                                                                0x004032f9
                                                                                                                                                                                                                                0x004032f9
                                                                                                                                                                                                                                0x004032fa
                                                                                                                                                                                                                                0x004032fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004032f9
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • #17.COMCTL32 ref: 0040325B
                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 00403266
                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 0040326D
                                                                                                                                                                                                                                  • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                                                                                                                  • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                                                                                                                  • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                                                                                                                                • SHGetFileInfoA.SHELL32(0041F458,00000000,?,00000160,00000000,00000008), ref: 00403295
                                                                                                                                                                                                                                  • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,MP3 Rocket 6.2.4 Setup,NSIS Error), ref: 00405B73
                                                                                                                                                                                                                                • GetCommandLineA.KERNEL32(MP3 Rocket 6.2.4 Setup,NSIS Error), ref: 004032AA
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\mp3rocket.exe" ,00000000), ref: 004032BD
                                                                                                                                                                                                                                • CharNextA.USER32(00000000,"C:\Users\user\Desktop\mp3rocket.exe" ,00000020), ref: 004032E8
                                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000400,C:\Users\user~1\AppData\Local\Temp\,00000000,00000020), ref: 0040337B
                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,000003FB), ref: 00403390
                                                                                                                                                                                                                                • lstrcatA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,\Temp), ref: 0040339C
                                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(1033), ref: 004033AF
                                                                                                                                                                                                                                • OleUninitialize.OLE32(00000000), ref: 0040342D
                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 0040344D
                                                                                                                                                                                                                                • lstrcatA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\mp3rocket.exe" ,00000000,00000000), ref: 00403459
                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user~1\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\mp3rocket.exe" ,00000000,00000000), ref: 00403465
                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00403471
                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\), ref: 00403478
                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(0041F058,0041F058,?,00424000,?), ref: 004034C2
                                                                                                                                                                                                                                • CopyFileA.KERNEL32 ref: 004034D6
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,0041F058,0041F058,?,0041F058,00000000), ref: 00403503
                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403558
                                                                                                                                                                                                                                • ExitWindowsEx.USER32 ref: 00403594
                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 004035B7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\mp3rocket.exe" $1033$C:\Program Files (x86)\MP3 Rocket$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp$C:\Users\user\Desktop$C:\Users\user\Desktop\mp3rocket.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$MP3 Rocket 6.2.4 Setup$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                • API String ID: 2278157092-2058992408
                                                                                                                                                                                                                                • Opcode ID: 12a15860763ed27b157ca737a9af8f9ad945b33dd426c8faa94cb20c8ad7d4db
                                                                                                                                                                                                                                • Instruction ID: d9df3101e86bd055252ea398e1a167ecdf9755d8b7b18b8fa076e16bcd865dbe
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12a15860763ed27b157ca737a9af8f9ad945b33dd426c8faa94cb20c8ad7d4db
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E191D231A087417EE7216F609D49B2B7EACEB01306F44457BF941B61E2C77CAE058B6E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040548B, Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 439 40548b-4054a6 call 40573a 442 4054a8-4054ba DeleteFileA 439->442 443 4054bf-4054c9 439->443 444 405653-405656 442->444 445 4054cb-4054cd 443->445 446 4054dd-4054eb call 405b66 443->446 447 4054d3-4054d7 445->447 448 4055fe-405604 445->448 454 4054fa-4054fb call 4056a0 446->454 455 4054ed-4054f8 lstrcatA 446->455 447->446 447->448 448->444 450 405606-405609 448->450 452 405613-40561b call 405e61 450->452 453 40560b-405611 450->453 452->444 462 40561d-405632 call 405659 call 40581e RemoveDirectoryA 452->462 453->444 457 405500-405503 454->457 455->457 460 405505-40550c 457->460 461 40550e-405514 lstrcatA 457->461 460->461 463 405519-405537 lstrlenA FindFirstFileA 460->463 461->463 478 405634-405638 462->478 479 40564b-40564e call 404f04 462->479 464 4055f4-4055f8 463->464 465 40553d-405554 call 405684 463->465 464->448 469 4055fa 464->469 472 405556-40555a 465->472 473 40555f-405562 465->473 469->448 472->473 475 40555c 472->475 476 405564-405569 473->476 477 405575-405583 call 405b66 473->477 475->473 481 4055d3-4055e5 FindNextFileA 476->481 482 40556b-40556d 476->482 489 405585-40558d 477->489 490 40559a-4055a9 call 40581e DeleteFileA 477->490 478->453 484 40563a-405649 call 404f04 call 4058b4 478->484 479->444 481->465 487 4055eb-4055ee FindClose 481->487 482->477 485 40556f-405573 482->485 484->444 485->477 485->481 487->464 489->481 493 40558f-405598 call 40548b 489->493 498 4055cb-4055ce call 404f04 490->498 499 4055ab-4055af 490->499 493->481 498->481 501 4055b1-4055c1 call 404f04 call 4058b4 499->501 502 4055c3-4055c9 499->502 501->481 502->481
                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                			E0040548B(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040573A(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f28 =  *0x423f28 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B66(0x4214a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056A0(_t72);
					} else {
						lstrcatA(0x4214a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]); // executed
						_t37 = FindFirstFileA(0x4214a8,  &_v332); // executed
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405684( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B66(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040581E(_t72);
									_t52 = DeleteFileA(_t72); // executed
									__eflags = _t52;
									if(_t52 != 0) {
										E00404F04(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404F04(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E004058B4();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040548B(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a8 - 0x5c;
					if( *0x4214a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E61(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405659(_t72);
							E0040581E(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404F04(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404F04(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E004058B4();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                                                                                                                                                                0x00405496
                                                                                                                                                                                                                                0x0040549a
                                                                                                                                                                                                                                0x004054a3
                                                                                                                                                                                                                                0x004054a6
                                                                                                                                                                                                                                0x004054a9
                                                                                                                                                                                                                                0x004054b1
                                                                                                                                                                                                                                0x004054b3
                                                                                                                                                                                                                                0x004054b4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004054b4
                                                                                                                                                                                                                                0x004054c3
                                                                                                                                                                                                                                0x004054c3
                                                                                                                                                                                                                                0x004054c6
                                                                                                                                                                                                                                0x004054c9
                                                                                                                                                                                                                                0x004054dd
                                                                                                                                                                                                                                0x004054e4
                                                                                                                                                                                                                                0x004054e9
                                                                                                                                                                                                                                0x004054eb
                                                                                                                                                                                                                                0x004054fb
                                                                                                                                                                                                                                0x004054ed
                                                                                                                                                                                                                                0x004054f3
                                                                                                                                                                                                                                0x004054f3
                                                                                                                                                                                                                                0x00405500
                                                                                                                                                                                                                                0x00405503
                                                                                                                                                                                                                                0x0040550e
                                                                                                                                                                                                                                0x00405514
                                                                                                                                                                                                                                0x00405519
                                                                                                                                                                                                                                0x00405529
                                                                                                                                                                                                                                0x0040552b
                                                                                                                                                                                                                                0x00405531
                                                                                                                                                                                                                                0x00405534
                                                                                                                                                                                                                                0x00405537
                                                                                                                                                                                                                                0x004055f4
                                                                                                                                                                                                                                0x004055f4
                                                                                                                                                                                                                                0x004055f8
                                                                                                                                                                                                                                0x004055fa
                                                                                                                                                                                                                                0x004055fa
                                                                                                                                                                                                                                0x004055fa
                                                                                                                                                                                                                                0x004055fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040553d
                                                                                                                                                                                                                                0x0040553d
                                                                                                                                                                                                                                0x00405546
                                                                                                                                                                                                                                0x0040554c
                                                                                                                                                                                                                                0x00405551
                                                                                                                                                                                                                                0x00405554
                                                                                                                                                                                                                                0x00405556
                                                                                                                                                                                                                                0x0040555a
                                                                                                                                                                                                                                0x0040555c
                                                                                                                                                                                                                                0x0040555c
                                                                                                                                                                                                                                0x0040555a
                                                                                                                                                                                                                                0x0040555f
                                                                                                                                                                                                                                0x00405562
                                                                                                                                                                                                                                0x00405575
                                                                                                                                                                                                                                0x00405577
                                                                                                                                                                                                                                0x0040557c
                                                                                                                                                                                                                                0x00405583
                                                                                                                                                                                                                                0x0040559b
                                                                                                                                                                                                                                0x004055a1
                                                                                                                                                                                                                                0x004055a7
                                                                                                                                                                                                                                0x004055a9
                                                                                                                                                                                                                                0x004055ce
                                                                                                                                                                                                                                0x004055ab
                                                                                                                                                                                                                                0x004055ab
                                                                                                                                                                                                                                0x004055af
                                                                                                                                                                                                                                0x004055c3
                                                                                                                                                                                                                                0x004055b1
                                                                                                                                                                                                                                0x004055b4
                                                                                                                                                                                                                                0x004055b9
                                                                                                                                                                                                                                0x004055bb
                                                                                                                                                                                                                                0x004055bc
                                                                                                                                                                                                                                0x004055bc
                                                                                                                                                                                                                                0x004055af
                                                                                                                                                                                                                                0x00405585
                                                                                                                                                                                                                                0x0040558b
                                                                                                                                                                                                                                0x0040558d
                                                                                                                                                                                                                                0x00405593
                                                                                                                                                                                                                                0x00405593
                                                                                                                                                                                                                                0x0040558d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405583
                                                                                                                                                                                                                                0x00405564
                                                                                                                                                                                                                                0x00405567
                                                                                                                                                                                                                                0x00405569
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040556b
                                                                                                                                                                                                                                0x0040556d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040556f
                                                                                                                                                                                                                                0x00405573
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004055d3
                                                                                                                                                                                                                                0x004055dd
                                                                                                                                                                                                                                0x004055e3
                                                                                                                                                                                                                                0x004055e3
                                                                                                                                                                                                                                0x004055ee
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004055ee
                                                                                                                                                                                                                                0x00405505
                                                                                                                                                                                                                                0x0040550c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004054cb
                                                                                                                                                                                                                                0x004054cb
                                                                                                                                                                                                                                0x004054cd
                                                                                                                                                                                                                                0x004055fe
                                                                                                                                                                                                                                0x00405601
                                                                                                                                                                                                                                0x00405604
                                                                                                                                                                                                                                0x00405656
                                                                                                                                                                                                                                0x00405656
                                                                                                                                                                                                                                0x00405656
                                                                                                                                                                                                                                0x00405606
                                                                                                                                                                                                                                0x00405609
                                                                                                                                                                                                                                0x00405614
                                                                                                                                                                                                                                0x00405619
                                                                                                                                                                                                                                0x0040561b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040561e
                                                                                                                                                                                                                                0x00405624
                                                                                                                                                                                                                                0x0040562a
                                                                                                                                                                                                                                0x00405630
                                                                                                                                                                                                                                0x00405632
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040564e
                                                                                                                                                                                                                                0x00405634
                                                                                                                                                                                                                                0x00405638
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040563d
                                                                                                                                                                                                                                0x00405642
                                                                                                                                                                                                                                0x00405643
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405644
                                                                                                                                                                                                                                0x0040560b
                                                                                                                                                                                                                                0x0040560b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040560b
                                                                                                                                                                                                                                0x004054d3
                                                                                                                                                                                                                                0x004054d7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004054d7

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\mp3rocket.exe" ,76D7F560), ref: 004054A9
                                                                                                                                                                                                                                • lstrcatA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,\*.*,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,?,00000000,?,"C:\Users\user\Desktop\mp3rocket.exe" ,76D7F560), ref: 004054F3
                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,?,00000000,?,"C:\Users\user\Desktop\mp3rocket.exe" ,76D7F560), ref: 00405514
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,?,00000000,?,"C:\Users\user\Desktop\mp3rocket.exe" ,76D7F560), ref: 0040551A
                                                                                                                                                                                                                                • FindFirstFileA.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,?,?,?,00409010,?,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,?,00000000,?,"C:\Users\user\Desktop\mp3rocket.exe" ,76D7F560), ref: 0040552B
                                                                                                                                                                                                                                • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 004055DD
                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 004055EE
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\mp3rocket.exe" $C:\Users\user~1\AppData\Local\Temp\$C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp$\*.*
                                                                                                                                                                                                                                • API String ID: 2035342205-2296937589
                                                                                                                                                                                                                                • Opcode ID: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                                                                                                                                                                • Instruction ID: bc429f5d1e1b14784ce7e3564347ec6ed469848bfd5577fff983359c073685a4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0351F331904A447ADB216B218C45BBF3B79CF42728F54847BF905711E2CB3C5A82DE6E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405B88, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 687 405b88-405b93 688 405b95-405ba4 687->688 689 405ba6-405bc3 687->689 688->689 690 405da5-405da9 689->690 691 405bc9-405bd0 689->691 692 405bd5-405bdf 690->692 693 405daf-405db9 690->693 691->690 692->693 694 405be5-405bec 692->694 695 405dc4-405dc5 693->695 696 405dbb-405dbf call 405b66 693->696 697 405bf2-405c27 694->697 698 405d98 694->698 696->695 700 405d42-405d45 697->700 701 405c2d-405c38 GetVersion 697->701 702 405da2-405da4 698->702 703 405d9a-405da0 698->703 706 405d75-405d78 700->706 707 405d47-405d4a 700->707 704 405c52 701->704 705 405c3a-405c3e 701->705 702->690 703->690 713 405c59-405c60 704->713 705->704 710 405c40-405c44 705->710 708 405d86-405d96 lstrlenA 706->708 709 405d7a-405d81 call 405b88 706->709 711 405d5a-405d66 call 405b66 707->711 712 405d4c-405d58 call 405ac4 707->712 708->690 709->708 710->704 715 405c46-405c4a 710->715 722 405d6b-405d71 711->722 712->722 717 405c62-405c64 713->717 718 405c65-405c67 713->718 715->704 723 405c4c-405c50 715->723 717->718 720 405ca0-405ca3 718->720 721 405c69-405c84 call 405a4d 718->721 727 405cb3-405cb6 720->727 728 405ca5-405cb1 GetSystemDirectoryA 720->728 729 405c89-405c8c 721->729 722->708 726 405d73 722->726 723->713 730 405d3a-405d40 call 405dc8 726->730 732 405d20-405d22 727->732 733 405cb8-405cc6 GetWindowsDirectoryA 727->733 731 405d24-405d27 728->731 734 405c92-405c9b call 405b88 729->734 735 405d29-405d2d 729->735 730->708 731->730 731->735 732->731 736 405cc8-405cd2 732->736 733->732 734->731 735->730 739 405d2f-405d35 lstrcatA 735->739 741 405cd4-405cd7 736->741 742 405cec-405d02 SHGetSpecialFolderLocation 736->742 739->730 741->742 746 405cd9-405cea 741->746 743 405d04-405d1b SHGetPathFromIDListA CoTaskMemFree 742->743 744 405d1d 742->744 743->731 743->744 744->732 746->731 746->742
                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                			E00405B88(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42367c; // 0x559062
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423ed8; // 0x54e3c0
				_t74 = _t73 + _t36;
				_t37 = 0x422e40;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405B88(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x424000;
							E00405B66(_t86, (_t95 << 0xa) + 0x424000);
						} else {
							E00405AC4(_t86,  *0x423ea8);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DC8(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423ea4; // 0x73b41340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423ed8;
							E00405A4D(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423ed8, _t86, _t69 & 0x00000040); // executed
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405B88(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B66(_a4, _t37);
			}






























                                                                                                                                                                                                                                0x00405b88
                                                                                                                                                                                                                                0x00405b88
                                                                                                                                                                                                                                0x00405b88
                                                                                                                                                                                                                                0x00405b8e
                                                                                                                                                                                                                                0x00405b93
                                                                                                                                                                                                                                0x00405b95
                                                                                                                                                                                                                                0x00405ba4
                                                                                                                                                                                                                                0x00405ba4
                                                                                                                                                                                                                                0x00405ba6
                                                                                                                                                                                                                                0x00405baf
                                                                                                                                                                                                                                0x00405bb1
                                                                                                                                                                                                                                0x00405bb6
                                                                                                                                                                                                                                0x00405bb9
                                                                                                                                                                                                                                0x00405bba
                                                                                                                                                                                                                                0x00405bc1
                                                                                                                                                                                                                                0x00405bc3
                                                                                                                                                                                                                                0x00405bc9
                                                                                                                                                                                                                                0x00405bcc
                                                                                                                                                                                                                                0x00405bcc
                                                                                                                                                                                                                                0x00405da5
                                                                                                                                                                                                                                0x00405da5
                                                                                                                                                                                                                                0x00405da9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405bd9
                                                                                                                                                                                                                                0x00405bdf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405be5
                                                                                                                                                                                                                                0x00405be6
                                                                                                                                                                                                                                0x00405be9
                                                                                                                                                                                                                                0x00405bec
                                                                                                                                                                                                                                0x00405d98
                                                                                                                                                                                                                                0x00405da2
                                                                                                                                                                                                                                0x00405da4
                                                                                                                                                                                                                                0x00405da4
                                                                                                                                                                                                                                0x00405d9a
                                                                                                                                                                                                                                0x00405d9c
                                                                                                                                                                                                                                0x00405d9e
                                                                                                                                                                                                                                0x00405d9f
                                                                                                                                                                                                                                0x00405d9f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405d98
                                                                                                                                                                                                                                0x00405bf2
                                                                                                                                                                                                                                0x00405bf6
                                                                                                                                                                                                                                0x00405c06
                                                                                                                                                                                                                                0x00405c0a
                                                                                                                                                                                                                                0x00405c11
                                                                                                                                                                                                                                0x00405c14
                                                                                                                                                                                                                                0x00405c18
                                                                                                                                                                                                                                0x00405c1e
                                                                                                                                                                                                                                0x00405c21
                                                                                                                                                                                                                                0x00405c24
                                                                                                                                                                                                                                0x00405c27
                                                                                                                                                                                                                                0x00405d42
                                                                                                                                                                                                                                0x00405d45
                                                                                                                                                                                                                                0x00405d75
                                                                                                                                                                                                                                0x00405d78
                                                                                                                                                                                                                                0x00405d7d
                                                                                                                                                                                                                                0x00405d81
                                                                                                                                                                                                                                0x00405d81
                                                                                                                                                                                                                                0x00405d86
                                                                                                                                                                                                                                0x00405d87
                                                                                                                                                                                                                                0x00405d8c
                                                                                                                                                                                                                                0x00405d8f
                                                                                                                                                                                                                                0x00405d91
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405d91
                                                                                                                                                                                                                                0x00405d47
                                                                                                                                                                                                                                0x00405d4a
                                                                                                                                                                                                                                0x00405d5f
                                                                                                                                                                                                                                0x00405d66
                                                                                                                                                                                                                                0x00405d4c
                                                                                                                                                                                                                                0x00405d53
                                                                                                                                                                                                                                0x00405d53
                                                                                                                                                                                                                                0x00405d6e
                                                                                                                                                                                                                                0x00405d71
                                                                                                                                                                                                                                0x00405d3a
                                                                                                                                                                                                                                0x00405d3b
                                                                                                                                                                                                                                0x00405d3b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405d71
                                                                                                                                                                                                                                0x00405c2f
                                                                                                                                                                                                                                0x00405c30
                                                                                                                                                                                                                                0x00405c36
                                                                                                                                                                                                                                0x00405c38
                                                                                                                                                                                                                                0x00405c52
                                                                                                                                                                                                                                0x00405c52
                                                                                                                                                                                                                                0x00405c59
                                                                                                                                                                                                                                0x00405c59
                                                                                                                                                                                                                                0x00405c60
                                                                                                                                                                                                                                0x00405c64
                                                                                                                                                                                                                                0x00405c64
                                                                                                                                                                                                                                0x00405c65
                                                                                                                                                                                                                                0x00405c67
                                                                                                                                                                                                                                0x00405ca0
                                                                                                                                                                                                                                0x00405ca3
                                                                                                                                                                                                                                0x00405cb3
                                                                                                                                                                                                                                0x00405cb6
                                                                                                                                                                                                                                0x00405cbe
                                                                                                                                                                                                                                0x00405cc4
                                                                                                                                                                                                                                0x00405cc4
                                                                                                                                                                                                                                0x00405d20
                                                                                                                                                                                                                                0x00405d20
                                                                                                                                                                                                                                0x00405d22
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405cc8
                                                                                                                                                                                                                                0x00405ccf
                                                                                                                                                                                                                                0x00405cd0
                                                                                                                                                                                                                                0x00405cd2
                                                                                                                                                                                                                                0x00405cec
                                                                                                                                                                                                                                0x00405cfa
                                                                                                                                                                                                                                0x00405d00
                                                                                                                                                                                                                                0x00405d02
                                                                                                                                                                                                                                0x00405d1d
                                                                                                                                                                                                                                0x00405d1d
                                                                                                                                                                                                                                0x00405d1d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405d1d
                                                                                                                                                                                                                                0x00405d08
                                                                                                                                                                                                                                0x00405d13
                                                                                                                                                                                                                                0x00405d19
                                                                                                                                                                                                                                0x00405d1b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405d1b
                                                                                                                                                                                                                                0x00405cd4
                                                                                                                                                                                                                                0x00405cd7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405ce6
                                                                                                                                                                                                                                0x00405ce8
                                                                                                                                                                                                                                0x00405cea
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405cea
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405d20
                                                                                                                                                                                                                                0x00405cab
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405c69
                                                                                                                                                                                                                                0x00405c6e
                                                                                                                                                                                                                                0x00405c84
                                                                                                                                                                                                                                0x00405c89
                                                                                                                                                                                                                                0x00405c8c
                                                                                                                                                                                                                                0x00405d29
                                                                                                                                                                                                                                0x00405d29
                                                                                                                                                                                                                                0x00405d2d
                                                                                                                                                                                                                                0x00405d35
                                                                                                                                                                                                                                0x00405d35
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405d2d
                                                                                                                                                                                                                                0x00405c96
                                                                                                                                                                                                                                0x00405d24
                                                                                                                                                                                                                                0x00405d24
                                                                                                                                                                                                                                0x00405d27
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405d27
                                                                                                                                                                                                                                0x00405c67
                                                                                                                                                                                                                                0x00405c3a
                                                                                                                                                                                                                                0x00405c3e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405c40
                                                                                                                                                                                                                                0x00405c44
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405c46
                                                                                                                                                                                                                                0x00405c4a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405c4c
                                                                                                                                                                                                                                0x00405c4c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405c4c
                                                                                                                                                                                                                                0x00405c4a
                                                                                                                                                                                                                                0x00405daf
                                                                                                                                                                                                                                0x00405db9
                                                                                                                                                                                                                                0x00405dc5
                                                                                                                                                                                                                                0x00405dc5
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetVersion.KERNEL32(00000000,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405C30
                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00405CAB
                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(100,00000400), ref: 00405CBE
                                                                                                                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405CFA
                                                                                                                                                                                                                                • SHGetPathFromIDListA.SHELL32(00000000,100), ref: 00405D08
                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00405D13
                                                                                                                                                                                                                                • lstrcatA.KERNEL32(100,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D35
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(100,00000000,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405D87
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                                                                • String ID: 100$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                • API String ID: 900638850-3409563628
                                                                                                                                                                                                                                • Opcode ID: ec1cfc953701c68b2a4bf792a6f5f2f7cf4c63635bb1673da603afab52f17940
                                                                                                                                                                                                                                • Instruction ID: 2bb53c71d9fe9ef1e56bc14ab20fd8486271744d1d3ead2cb2ad614034e11287
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec1cfc953701c68b2a4bf792a6f5f2f7cf4c63635bb1673da603afab52f17940
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7510131A04A04AAEF205F64DC88B7B3BA4DF55324F14823BE911B62D0D33C59829E4E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 030C1759, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 77memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                			E030C1759(void* __eflags, struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagPOINT _v20;
				struct HWND__* _t24;
				void* _t28;
				int _t33;
				void* _t34;
				intOrPtr _t35;
				struct HWND__* _t38;

				 *0x30c50dc = _a8;
				_t35 = _a20;
				 *0x30c50e0 = _a16;
				 *0x30c50e4 = _a12;
				 *((intOrPtr*)(_t35 + 0xc))( *0x30c50a4, E030C1852, _t34);
				_t38 = _a4;
				 *0x30c50a0 = _t35;
				 *0x30c50c4 = _t38;
				GetWindowRect(GetDlgItem(_t38, E030C1FC2(__eflags)),  &_v20);
				MapWindowPoints(0, _t38,  &_v20, 2);
				_t24 = CreateDialogParamA( *0x30c50a4, 1, _t38, E030C14CA, 0); // executed
				 *0x30c50c0 = _t24;
				if(_t24 != 0) {
					_t33 = _v12 - _v20.x;
					__eflags = _t33;
					SetWindowPos(_t24, 0, _v20, _v20.y, _t33, _v8 - _v20.y, 0x14);
					 *0x30c50c8 = SetWindowLongA(_t38, 4, E030C13FB);
					 *0x30c50cc = 0;
					 *0x30c50d4 = 0;
					_t28 = HeapAlloc(GetProcessHeap(), 8, 0);
					_push( *0x30c50c0);
					 *0x30c50d8 = _t28;
					 *0x30c50d0 = 0;
					L030C2016();
				} else {
					_t28 = E030C1E27("error");
				}
				return _t28;
			}












                                                                                                                                                                                                                                0x030c1763
                                                                                                                                                                                                                                0x030c176c
                                                                                                                                                                                                                                0x030c1774
                                                                                                                                                                                                                                0x030c1782
                                                                                                                                                                                                                                0x030c1787
                                                                                                                                                                                                                                0x030c178a
                                                                                                                                                                                                                                0x030c178d
                                                                                                                                                                                                                                0x030c1793
                                                                                                                                                                                                                                0x030c17ab
                                                                                                                                                                                                                                0x030c17bb
                                                                                                                                                                                                                                0x030c17d0
                                                                                                                                                                                                                                0x030c17d8
                                                                                                                                                                                                                                0x030c17dd
                                                                                                                                                                                                                                0x030c17f7
                                                                                                                                                                                                                                0x030c17f7
                                                                                                                                                                                                                                0x030c1803
                                                                                                                                                                                                                                0x030c181a
                                                                                                                                                                                                                                0x030c181f
                                                                                                                                                                                                                                0x030c1825
                                                                                                                                                                                                                                0x030c1832
                                                                                                                                                                                                                                0x030c1838
                                                                                                                                                                                                                                0x030c183e
                                                                                                                                                                                                                                0x030c1843
                                                                                                                                                                                                                                0x030c1849
                                                                                                                                                                                                                                0x030c17df
                                                                                                                                                                                                                                0x030c17e4
                                                                                                                                                                                                                                0x030c17e4
                                                                                                                                                                                                                                0x030c1851

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 030C17A0
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 030C17AB
                                                                                                                                                                                                                                • MapWindowPoints.USER32 ref: 030C17BB
                                                                                                                                                                                                                                • CreateDialogParamA.USER32(00000001,?,030C14CA,00000000), ref: 030C17D0
                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000014), ref: 030C1803
                                                                                                                                                                                                                                • SetWindowLongA.USER32(?,00000004,030C13FB), ref: 030C1811
                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 030C182B
                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 030C1832
                                                                                                                                                                                                                                  • Part of subcall function 030C1E27: GlobalAlloc.KERNEL32(00000040,?,?,030C10BE,error,?,00000104), ref: 030C1E3C
                                                                                                                                                                                                                                  • Part of subcall function 030C1E27: lstrcpynA.KERNEL32(00000004,?,?,030C10BE,error,?,00000104), ref: 030C1E52
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1675900869.00000000030C1000.00000020.00020000.sdmp, Offset: 030C0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675875391.00000000030C0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675927376.00000000030C3000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675953768.00000000030C4000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675968346.00000000030C7000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_30c0000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$AllocHeap$CreateDialogGlobalItemLongParamPointsProcessRectlstrcpyn
                                                                                                                                                                                                                                • String ID: error
                                                                                                                                                                                                                                • API String ID: 1928716940-1574812785
                                                                                                                                                                                                                                • Opcode ID: eb7f034c4d8551a5fed471b4ec6cdb3fe3f8b35178c44f3394ae5ae2ad247a50
                                                                                                                                                                                                                                • Instruction ID: dacae091f0f8110297523383a8e8d9332260e426325754ce789ef43778af97af
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb7f034c4d8551a5fed471b4ec6cdb3fe3f8b35178c44f3394ae5ae2ad247a50
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17214D7A932204AFCB00FFA6EC59DAE7BB8FB4A300B20454DF215D7149C7786400CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00406131, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                                                                			E00406131() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406131
                                                                                                                                                                                                                                0x00406131
                                                                                                                                                                                                                                0x00406136
                                                                                                                                                                                                                                0x004061ad
                                                                                                                                                                                                                                0x004061b4
                                                                                                                                                                                                                                0x004061be
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a6
                                                                                                                                                                                                                                0x004067ac
                                                                                                                                                                                                                                0x004067b2
                                                                                                                                                                                                                                0x004067cc
                                                                                                                                                                                                                                0x004067cf
                                                                                                                                                                                                                                0x004067d5
                                                                                                                                                                                                                                0x004067e0
                                                                                                                                                                                                                                0x004067e2
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067c3
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067ec
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004067ee
                                                                                                                                                                                                                                0x004067ee
                                                                                                                                                                                                                                0x004067f2
                                                                                                                                                                                                                                0x004069a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069a1
                                                                                                                                                                                                                                0x004067fe
                                                                                                                                                                                                                                0x00406805
                                                                                                                                                                                                                                0x0040680d
                                                                                                                                                                                                                                0x00406810
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406810
                                                                                                                                                                                                                                0x00406138
                                                                                                                                                                                                                                0x00406138
                                                                                                                                                                                                                                0x0040613c
                                                                                                                                                                                                                                0x00406144
                                                                                                                                                                                                                                0x00406147
                                                                                                                                                                                                                                0x00406149
                                                                                                                                                                                                                                0x0040614c
                                                                                                                                                                                                                                0x0040614e
                                                                                                                                                                                                                                0x00406153
                                                                                                                                                                                                                                0x00406156
                                                                                                                                                                                                                                0x0040615d
                                                                                                                                                                                                                                0x00406164
                                                                                                                                                                                                                                0x00406167
                                                                                                                                                                                                                                0x00406172
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406181
                                                                                                                                                                                                                                0x0040619f
                                                                                                                                                                                                                                0x004061a1
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406377
                                                                                                                                                                                                                                0x0040637a
                                                                                                                                                                                                                                0x0040637d
                                                                                                                                                                                                                                0x00406380
                                                                                                                                                                                                                                0x00406383
                                                                                                                                                                                                                                0x00406386
                                                                                                                                                                                                                                0x00406389
                                                                                                                                                                                                                                0x0040638c
                                                                                                                                                                                                                                0x00406392
                                                                                                                                                                                                                                0x004063aa
                                                                                                                                                                                                                                0x004063ad
                                                                                                                                                                                                                                0x004063b0
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b6
                                                                                                                                                                                                                                0x004063bc
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x0040639c
                                                                                                                                                                                                                                0x004063a1
                                                                                                                                                                                                                                0x004063a3
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063c6
                                                                                                                                                                                                                                0x004063c9
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x00406372
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x0040634b
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00406351
                                                                                                                                                                                                                                0x00406354
                                                                                                                                                                                                                                0x00406357
                                                                                                                                                                                                                                0x0040635b
                                                                                                                                                                                                                                0x0040635e
                                                                                                                                                                                                                                0x00406364
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406369
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406369
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406186
                                                                                                                                                                                                                                0x0040618c
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x00406191
                                                                                                                                                                                                                                0x00406194
                                                                                                                                                                                                                                0x00406196
                                                                                                                                                                                                                                0x00406197
                                                                                                                                                                                                                                0x0040619a
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x0040620b
                                                                                                                                                                                                                                0x0040620e
                                                                                                                                                                                                                                0x00406211
                                                                                                                                                                                                                                0x00406214
                                                                                                                                                                                                                                0x00406217
                                                                                                                                                                                                                                0x00406218
                                                                                                                                                                                                                                0x0040621b
                                                                                                                                                                                                                                0x0040621d
                                                                                                                                                                                                                                0x00406223
                                                                                                                                                                                                                                0x00406226
                                                                                                                                                                                                                                0x00406229
                                                                                                                                                                                                                                0x0040622c
                                                                                                                                                                                                                                0x0040622f
                                                                                                                                                                                                                                0x00406235
                                                                                                                                                                                                                                0x00406251
                                                                                                                                                                                                                                0x00406254
                                                                                                                                                                                                                                0x00406257
                                                                                                                                                                                                                                0x0040625a
                                                                                                                                                                                                                                0x00406261
                                                                                                                                                                                                                                0x00406267
                                                                                                                                                                                                                                0x0040626b
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x0040623b
                                                                                                                                                                                                                                0x00406243
                                                                                                                                                                                                                                0x00406248
                                                                                                                                                                                                                                0x0040624a
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x00406275
                                                                                                                                                                                                                                0x00406278
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061f5
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062ae
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004062b0
                                                                                                                                                                                                                                0x004062b3
                                                                                                                                                                                                                                0x004062b6
                                                                                                                                                                                                                                0x004062b9
                                                                                                                                                                                                                                0x004062bc
                                                                                                                                                                                                                                0x004062bf
                                                                                                                                                                                                                                0x004062c2
                                                                                                                                                                                                                                0x004062c5
                                                                                                                                                                                                                                0x004062c8
                                                                                                                                                                                                                                0x004062ce
                                                                                                                                                                                                                                0x004062e6
                                                                                                                                                                                                                                0x004062e9
                                                                                                                                                                                                                                0x004062ec
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062f2
                                                                                                                                                                                                                                0x004062f8
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d8
                                                                                                                                                                                                                                0x004062dd
                                                                                                                                                                                                                                0x004062df
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x00406302
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406287
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x0040628d
                                                                                                                                                                                                                                0x00406290
                                                                                                                                                                                                                                0x00406293
                                                                                                                                                                                                                                0x00406297
                                                                                                                                                                                                                                0x0040629a
                                                                                                                                                                                                                                0x004062a0
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a5
                                                                                                                                                                                                                                0x004062a5
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x0040631a
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00406320
                                                                                                                                                                                                                                0x00406323
                                                                                                                                                                                                                                0x00406326
                                                                                                                                                                                                                                0x00406329
                                                                                                                                                                                                                                0x0040632c
                                                                                                                                                                                                                                0x0040632f
                                                                                                                                                                                                                                0x00406332
                                                                                                                                                                                                                                0x00406334
                                                                                                                                                                                                                                0x00406337
                                                                                                                                                                                                                                0x0040633a
                                                                                                                                                                                                                                0x0040633d
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00406201
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ce
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x004069b7
                                                                                                                                                                                                                                0x004069bf
                                                                                                                                                                                                                                0x004069c6
                                                                                                                                                                                                                                0x004069c8
                                                                                                                                                                                                                                0x004069cf
                                                                                                                                                                                                                                0x004069d3
                                                                                                                                                                                                                                0x004069d3
                                                                                                                                                                                                                                0x004061d4
                                                                                                                                                                                                                                0x004061d7
                                                                                                                                                                                                                                0x004061da
                                                                                                                                                                                                                                0x004061de
                                                                                                                                                                                                                                0x004061e1
                                                                                                                                                                                                                                0x004061e7
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061ec
                                                                                                                                                                                                                                0x00406278
                                                                                                                                                                                                                                0x00406181
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fcf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fd8
                                                                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                                                                0x00405fde
                                                                                                                                                                                                                                0x00405fe2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fe8
                                                                                                                                                                                                                                0x00405feb
                                                                                                                                                                                                                                0x00405fed
                                                                                                                                                                                                                                0x00405fee
                                                                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                                                                0x00405ff3
                                                                                                                                                                                                                                0x00405ff4
                                                                                                                                                                                                                                0x00405ff6
                                                                                                                                                                                                                                0x00405ff9
                                                                                                                                                                                                                                0x00405ffe
                                                                                                                                                                                                                                0x00406003
                                                                                                                                                                                                                                0x0040600c
                                                                                                                                                                                                                                0x0040601f
                                                                                                                                                                                                                                0x00406022
                                                                                                                                                                                                                                0x0040602e
                                                                                                                                                                                                                                0x00406056
                                                                                                                                                                                                                                0x00406058
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x0040606a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605d
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x00406034
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406042
                                                                                                                                                                                                                                0x0040604a
                                                                                                                                                                                                                                0x0040604d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406074
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x0040607d
                                                                                                                                                                                                                                0x0040608d
                                                                                                                                                                                                                                0x00406090
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406096
                                                                                                                                                                                                                                0x0040609a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040609c
                                                                                                                                                                                                                                0x004060a2
                                                                                                                                                                                                                                0x004060cc
                                                                                                                                                                                                                                0x004060d2
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x004060a8
                                                                                                                                                                                                                                0x004060ab
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060bb
                                                                                                                                                                                                                                0x004060c3
                                                                                                                                                                                                                                0x004060c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040610b
                                                                                                                                                                                                                                0x00406111
                                                                                                                                                                                                                                0x00406114
                                                                                                                                                                                                                                0x00406121
                                                                                                                                                                                                                                0x00406129
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e4
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x004060f0
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fe
                                                                                                                                                                                                                                0x00406101
                                                                                                                                                                                                                                0x00406104
                                                                                                                                                                                                                                0x00406109
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063d0
                                                                                                                                                                                                                                0x004063d4
                                                                                                                                                                                                                                0x004063f2
                                                                                                                                                                                                                                0x004063f5
                                                                                                                                                                                                                                0x004063fc
                                                                                                                                                                                                                                0x004063ff
                                                                                                                                                                                                                                0x00406402
                                                                                                                                                                                                                                0x00406405
                                                                                                                                                                                                                                0x00406408
                                                                                                                                                                                                                                0x0040640b
                                                                                                                                                                                                                                0x0040640d
                                                                                                                                                                                                                                0x00406414
                                                                                                                                                                                                                                0x00406415
                                                                                                                                                                                                                                0x00406417
                                                                                                                                                                                                                                0x0040641a
                                                                                                                                                                                                                                0x0040641d
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x004063d6
                                                                                                                                                                                                                                0x004063d9
                                                                                                                                                                                                                                0x004063dc
                                                                                                                                                                                                                                0x004063e6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040643a
                                                                                                                                                                                                                                0x0040643e
                                                                                                                                                                                                                                0x00406461
                                                                                                                                                                                                                                0x00406464
                                                                                                                                                                                                                                0x00406467
                                                                                                                                                                                                                                0x00406471
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406443
                                                                                                                                                                                                                                0x00406446
                                                                                                                                                                                                                                0x00406449
                                                                                                                                                                                                                                0x00406456
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040647d
                                                                                                                                                                                                                                0x00406481
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406487
                                                                                                                                                                                                                                0x0040648b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406491
                                                                                                                                                                                                                                0x00406493
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x0040649a
                                                                                                                                                                                                                                0x0040649e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064ee
                                                                                                                                                                                                                                0x004064f2
                                                                                                                                                                                                                                0x004064f9
                                                                                                                                                                                                                                0x004064fc
                                                                                                                                                                                                                                0x004064ff
                                                                                                                                                                                                                                0x00406509
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406509
                                                                                                                                                                                                                                0x004064f4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406515
                                                                                                                                                                                                                                0x00406519
                                                                                                                                                                                                                                0x00406520
                                                                                                                                                                                                                                0x00406523
                                                                                                                                                                                                                                0x00406526
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x00406529
                                                                                                                                                                                                                                0x0040652c
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x00406532
                                                                                                                                                                                                                                0x00406535
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x0040653b
                                                                                                                                                                                                                                0x00406542
                                                                                                                                                                                                                                0x00406547
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d9
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x004065df
                                                                                                                                                                                                                                0x004065e2
                                                                                                                                                                                                                                0x004065e5
                                                                                                                                                                                                                                0x004065e9
                                                                                                                                                                                                                                0x004065ec
                                                                                                                                                                                                                                0x004065f2
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f7
                                                                                                                                                                                                                                0x004065fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x0040665c
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00406662
                                                                                                                                                                                                                                0x00406665
                                                                                                                                                                                                                                0x00406668
                                                                                                                                                                                                                                0x0040666c
                                                                                                                                                                                                                                0x0040666f
                                                                                                                                                                                                                                0x00406675
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x0040667a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x0040642b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406767
                                                                                                                                                                                                                                0x0040676b
                                                                                                                                                                                                                                0x0040678d
                                                                                                                                                                                                                                0x00406790
                                                                                                                                                                                                                                0x0040679a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679a
                                                                                                                                                                                                                                0x0040676d
                                                                                                                                                                                                                                0x00406770
                                                                                                                                                                                                                                0x00406774
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x0040677a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406824
                                                                                                                                                                                                                                0x00406828
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x0040684d
                                                                                                                                                                                                                                0x00406854
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x0040682a
                                                                                                                                                                                                                                0x0040682d
                                                                                                                                                                                                                                0x00406830
                                                                                                                                                                                                                                0x00406833
                                                                                                                                                                                                                                0x0040683a
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x00406781
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406915
                                                                                                                                                                                                                                0x00406918
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040654f
                                                                                                                                                                                                                                0x00406551
                                                                                                                                                                                                                                0x00406558
                                                                                                                                                                                                                                0x00406559
                                                                                                                                                                                                                                0x0040655b
                                                                                                                                                                                                                                0x0040655e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406566
                                                                                                                                                                                                                                0x00406569
                                                                                                                                                                                                                                0x0040656c
                                                                                                                                                                                                                                0x0040656e
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406571
                                                                                                                                                                                                                                0x00406574
                                                                                                                                                                                                                                0x0040657b
                                                                                                                                                                                                                                0x0040657e
                                                                                                                                                                                                                                0x0040658c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406865
                                                                                                                                                                                                                                0x0040686c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406875
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x0040687b
                                                                                                                                                                                                                                0x0040687e
                                                                                                                                                                                                                                0x00406881
                                                                                                                                                                                                                                0x00406885
                                                                                                                                                                                                                                0x00406888
                                                                                                                                                                                                                                0x0040688e
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406893
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x0040689d
                                                                                                                                                                                                                                0x004068fd
                                                                                                                                                                                                                                0x00406900
                                                                                                                                                                                                                                0x00406905
                                                                                                                                                                                                                                0x00406906
                                                                                                                                                                                                                                0x00406908
                                                                                                                                                                                                                                0x0040690a
                                                                                                                                                                                                                                0x0040690d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040690d
                                                                                                                                                                                                                                0x0040689f
                                                                                                                                                                                                                                0x004068a5
                                                                                                                                                                                                                                0x004068a8
                                                                                                                                                                                                                                0x004068ab
                                                                                                                                                                                                                                0x004068ae
                                                                                                                                                                                                                                0x004068b1
                                                                                                                                                                                                                                0x004068b4
                                                                                                                                                                                                                                0x004068b7
                                                                                                                                                                                                                                0x004068ba
                                                                                                                                                                                                                                0x004068bd
                                                                                                                                                                                                                                0x004068c0
                                                                                                                                                                                                                                0x004068d9
                                                                                                                                                                                                                                0x004068dc
                                                                                                                                                                                                                                0x004068df
                                                                                                                                                                                                                                0x004068e2
                                                                                                                                                                                                                                0x004068e6
                                                                                                                                                                                                                                0x004068e8
                                                                                                                                                                                                                                0x004068e8
                                                                                                                                                                                                                                0x004068e9
                                                                                                                                                                                                                                0x004068ec
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068ca
                                                                                                                                                                                                                                0x004068cf
                                                                                                                                                                                                                                0x004068d1
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068ef
                                                                                                                                                                                                                                0x004068f6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406594
                                                                                                                                                                                                                                0x00406597
                                                                                                                                                                                                                                0x004065cd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406703
                                                                                                                                                                                                                                0x00406705
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x0040670b
                                                                                                                                                                                                                                0x0040670e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406714
                                                                                                                                                                                                                                0x00406718
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00406599
                                                                                                                                                                                                                                0x0040659b
                                                                                                                                                                                                                                0x0040659d
                                                                                                                                                                                                                                0x0040659f
                                                                                                                                                                                                                                0x004065a2
                                                                                                                                                                                                                                0x004065a3
                                                                                                                                                                                                                                0x004065a5
                                                                                                                                                                                                                                0x004065a7
                                                                                                                                                                                                                                0x004065aa
                                                                                                                                                                                                                                0x004065ad
                                                                                                                                                                                                                                0x004065c3
                                                                                                                                                                                                                                0x004065c8
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406604
                                                                                                                                                                                                                                0x00406630
                                                                                                                                                                                                                                0x00406632
                                                                                                                                                                                                                                0x00406639
                                                                                                                                                                                                                                0x0040663c
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406646
                                                                                                                                                                                                                                0x00406649
                                                                                                                                                                                                                                0x00406650
                                                                                                                                                                                                                                0x00406653
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406683
                                                                                                                                                                                                                                0x00406686
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00406688
                                                                                                                                                                                                                                0x0040668e
                                                                                                                                                                                                                                0x00406691
                                                                                                                                                                                                                                0x00406694
                                                                                                                                                                                                                                0x00406697
                                                                                                                                                                                                                                0x0040669a
                                                                                                                                                                                                                                0x0040669d
                                                                                                                                                                                                                                0x004066a0
                                                                                                                                                                                                                                0x004066a3
                                                                                                                                                                                                                                0x004066a6
                                                                                                                                                                                                                                0x004066a9
                                                                                                                                                                                                                                0x004066c2
                                                                                                                                                                                                                                0x004066c4
                                                                                                                                                                                                                                0x004066c7
                                                                                                                                                                                                                                0x004066c8
                                                                                                                                                                                                                                0x004066cb
                                                                                                                                                                                                                                0x004066cd
                                                                                                                                                                                                                                0x004066d0
                                                                                                                                                                                                                                0x004066d2
                                                                                                                                                                                                                                0x004066d4
                                                                                                                                                                                                                                0x004066d7
                                                                                                                                                                                                                                0x004066d9
                                                                                                                                                                                                                                0x004066dc
                                                                                                                                                                                                                                0x004066e0
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e3
                                                                                                                                                                                                                                0x004066e6
                                                                                                                                                                                                                                0x004066e9
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066b3
                                                                                                                                                                                                                                0x004066b8
                                                                                                                                                                                                                                0x004066ba
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066ec
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x00406606
                                                                                                                                                                                                                                0x00406609
                                                                                                                                                                                                                                0x0040660b
                                                                                                                                                                                                                                0x0040660e
                                                                                                                                                                                                                                0x00406611
                                                                                                                                                                                                                                0x00406614
                                                                                                                                                                                                                                0x00406616
                                                                                                                                                                                                                                0x00406619
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x00406622
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065af
                                                                                                                                                                                                                                0x004065b2
                                                                                                                                                                                                                                0x004065b4
                                                                                                                                                                                                                                0x004065b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a5
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x004064ab
                                                                                                                                                                                                                                0x004064ae
                                                                                                                                                                                                                                0x004064b1
                                                                                                                                                                                                                                0x004064b4
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b9
                                                                                                                                                                                                                                0x004064bc
                                                                                                                                                                                                                                0x004064bf
                                                                                                                                                                                                                                0x004064c2
                                                                                                                                                                                                                                0x004064c5
                                                                                                                                                                                                                                0x004064c8
                                                                                                                                                                                                                                0x004064c9
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064ce
                                                                                                                                                                                                                                0x004064d1
                                                                                                                                                                                                                                0x004064d4
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064da
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x00406722
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406728
                                                                                                                                                                                                                                0x0040672b
                                                                                                                                                                                                                                0x0040672e
                                                                                                                                                                                                                                0x00406731
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406736
                                                                                                                                                                                                                                0x00406739
                                                                                                                                                                                                                                0x0040673c
                                                                                                                                                                                                                                0x0040673f
                                                                                                                                                                                                                                0x00406742
                                                                                                                                                                                                                                0x00406745
                                                                                                                                                                                                                                0x00406746
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x0040674b
                                                                                                                                                                                                                                0x0040674e
                                                                                                                                                                                                                                0x00406751
                                                                                                                                                                                                                                0x00406754
                                                                                                                                                                                                                                0x00406757
                                                                                                                                                                                                                                0x0040675b
                                                                                                                                                                                                                                0x0040675d
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406762
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406762
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00406995
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4

                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                                                                                                                                                • Instruction ID: 7fe690cacb8e5da35aefc448adc87e2f65dc6f56ff44dc44b78e187fa59068bd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70F16871D00229CBDF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405E61, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00405E61(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224f0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224f0;
			}




                                                                                                                                                                                                                                0x00405e6c
                                                                                                                                                                                                                                0x00405e75
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405e82
                                                                                                                                                                                                                                0x00405e78
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindFirstFileA.KERNELBASE(?,004224F0,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,0040577D,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,00000000,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,?,?,76D7F560,0040549F,?,"C:\Users\user\Desktop\mp3rocket.exe" ,76D7F560), ref: 00405E6C
                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00405E78
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp, xrefs: 00405E61
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp
                                                                                                                                                                                                                                • API String ID: 2295610775-3177201956
                                                                                                                                                                                                                                • Opcode ID: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                                                                                                                                                • Instruction ID: f2fe444ddfa45285d6a9eb51d657c4c39712a0d2250b7f8498e11f87d01b5aa3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26D012359495206FC7001738AD0C85B7A58EF553347508B32F969F62E0C7B4AD51DAED
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405E88, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00405E88(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409220);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409224));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                                                                                                                                                                0x00405e90
                                                                                                                                                                                                                                0x00405e93
                                                                                                                                                                                                                                0x00405e9a
                                                                                                                                                                                                                                0x00405ea2
                                                                                                                                                                                                                                0x00405eaf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405eb6
                                                                                                                                                                                                                                0x00405ea5
                                                                                                                                                                                                                                0x00405ead
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405ebe

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 310444273-0
                                                                                                                                                                                                                                • Opcode ID: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                                                                                                                                                • Instruction ID: 91087f9554edebef2dfdad95906e97f440013226b38390424b9c6ad62026e406
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0FE08C32A08511BBD3115B30ED0896B77A8EA89B41304083EF959F6290D734EC119BFA
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403A45, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 108 403a45-403a57 109 403b98-403ba7 108->109 110 403a5d-403a63 108->110 112 403bf6-403c0b 109->112 113 403ba9-403be4 GetDlgItem * 2 call 403f18 KiUserCallbackDispatcher call 40140b 109->113 110->109 111 403a69-403a72 110->111 116 403a74-403a81 SetWindowPos 111->116 117 403a87-403a8a 111->117 114 403c4b-403c50 call 403f64 112->114 115 403c0d-403c10 112->115 138 403be9-403bf1 113->138 127 403c55-403c70 114->127 119 403c12-403c1d call 401389 115->119 120 403c43-403c45 115->120 116->117 122 403aa4-403aaa 117->122 123 403a8c-403a9e ShowWindow 117->123 119->120 141 403c1f-403c3e SendMessageA 119->141 120->114 126 403ee5 120->126 128 403ac6-403ac9 122->128 129 403aac-403ac1 DestroyWindow 122->129 123->122 136 403ee7-403eee 126->136 134 403c72-403c74 call 40140b 127->134 135 403c79-403c7f 127->135 131 403acb-403ad7 SetWindowLongA 128->131 132 403adc-403ae2 128->132 137 403ec2-403ec8 129->137 131->136 139 403b85-403b93 call 403f7f 132->139 140 403ae8-403af9 GetDlgItem 132->140 134->135 144 403ea3-403ebc DestroyWindow EndDialog 135->144 145 403c85-403c90 135->145 137->126 142 403eca-403ed0 137->142 138->112 139->136 146 403b18-403b1b 140->146 147 403afb-403b12 SendMessageA IsWindowEnabled 140->147 141->136 142->126 149 403ed2-403edb ShowWindow 142->149 144->137 145->144 150 403c96-403ce3 call 405b88 call 403f18 * 3 GetDlgItem 145->150 151 403b20-403b23 146->151 152 403b1d-403b1e 146->152 147->126 147->146 149->126 178 403ce5-403cea 150->178 179 403ced-403d29 ShowWindow KiUserCallbackDispatcher call 403f3a EnableWindow 150->179 157 403b31-403b36 151->157 158 403b25-403b2b 151->158 156 403b4e call 403ef1 152->156 164 403b53 156->164 161 403b6c-403b7f SendMessageA 157->161 163 403b38-403b3e 157->163 158->161 162 403b2d-403b2f 158->162 161->139 162->156 166 403b40-403b46 call 40140b 163->166 167 403b55-403b5e call 40140b 163->167 164->139 176 403b4c 166->176 167->139 175 403b60-403b6a 167->175 175->176 176->156 178->179 182 403d2b-403d2c 179->182 183 403d2e 179->183 184 403d30-403d5e GetSystemMenu EnableMenuItem SendMessageA 182->184 183->184 185 403d60-403d71 SendMessageA 184->185 186 403d73 184->186 187 403d79-403db2 call 403f4d call 405b66 lstrlenA call 405b88 SetWindowTextA call 401389 185->187 186->187 187->127 196 403db8-403dba 187->196 196->127 197 403dc0-403dc4 196->197 198 403de3-403df7 DestroyWindow 197->198 199 403dc6-403dcc 197->199 198->137 201 403dfd-403e2a CreateDialogParamA 198->201 199->126 200 403dd2-403dd8 199->200 200->127 203 403dde 200->203 201->137 202 403e30-403e87 call 403f18 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 201->202 202->126 208 403e89-403e9c ShowWindow call 403f64 202->208 203->126 210 403ea1 208->210 210->137
                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                			E00403A45(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t141;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420484 = _t35;
					if(_t115 == 0x110) {
						 *0x423ea8 = _t125;
						 *0x420498 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f460 = _t91;
						E00403F18(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423688); // executed
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420484 = 1;
					}
					_t122 =  *0x4091c4; // 0x2
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ec0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403F64(0x40b);
						while(1) {
							_t37 =  *0x420484;
							 *0x4091c4 =  *0x4091c4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091c4; // 0x2
							__eflags = _t39 -  *0x423ec4; // 0x7
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423ec4; // 0x7
							__eflags =  *0x4091c4 - _t44; // 0x2
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405B88(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403F18(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f2c - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008); // executed
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100); // executed
							E00403F3A(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f460, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f2c - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420498);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f460);
							}
							E00403F4D();
							E00405B66(0x4204a0, "MP3 Rocket 6.2.4 Setup");
							E00405B88(0x4204a0, _t125, _t130,  &(0x4204a0[lstrlenA(0x4204a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x4204a0); // executed
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423678); // executed
									 *0x41fc70 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423ea0,  *_t130 +  *0x423680 & 0x0000ffff, _t125,  *(0x4091c8 +  *(_t130 + 4) * 4), _t130); // executed
									__eflags = _t73 - _t133;
									 *0x423678 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403F18(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423678, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42366c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423678, 8); // executed
									E00403F64(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t133; // 0x1
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423678);
						 *0x423ea8 = _t133;
						EndDialog(_t125,  *0x41f868);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420478, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420478,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403F7F(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f868 = 1;
											L21:
											_push(0x78);
											L22:
											E00403EF1();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f868 = _t127;
										goto L21;
									}
									__eflags =  *0x4091c4 - _t133; // 0x2
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423678); // executed
						 *0x423678 = _a12;
						L58:
						_t141 =  *0x4214a0 - _t133; // 0x1
						if(_t141 == 0) {
							_t142 =  *0x423678 - _t133; // 0x20402
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa); // executed
								 *0x4214a0 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}

































                                                                                                                                                                                                                                0x00403a4e
                                                                                                                                                                                                                                0x00403a57
                                                                                                                                                                                                                                0x00403b98
                                                                                                                                                                                                                                0x00403b9c
                                                                                                                                                                                                                                0x00403ba0
                                                                                                                                                                                                                                0x00403ba2
                                                                                                                                                                                                                                0x00403ba7
                                                                                                                                                                                                                                0x00403bb2
                                                                                                                                                                                                                                0x00403bbd
                                                                                                                                                                                                                                0x00403bc2
                                                                                                                                                                                                                                0x00403bc4
                                                                                                                                                                                                                                0x00403bc6
                                                                                                                                                                                                                                0x00403bc9
                                                                                                                                                                                                                                0x00403bce
                                                                                                                                                                                                                                0x00403bdc
                                                                                                                                                                                                                                0x00403be9
                                                                                                                                                                                                                                0x00403bf0
                                                                                                                                                                                                                                0x00403bf0
                                                                                                                                                                                                                                0x00403bf1
                                                                                                                                                                                                                                0x00403bf1
                                                                                                                                                                                                                                0x00403bf6
                                                                                                                                                                                                                                0x00403bfc
                                                                                                                                                                                                                                0x00403c03
                                                                                                                                                                                                                                0x00403c09
                                                                                                                                                                                                                                0x00403c0b
                                                                                                                                                                                                                                0x00403c4b
                                                                                                                                                                                                                                0x00403c50
                                                                                                                                                                                                                                0x00403c55
                                                                                                                                                                                                                                0x00403c55
                                                                                                                                                                                                                                0x00403c5a
                                                                                                                                                                                                                                0x00403c63
                                                                                                                                                                                                                                0x00403c65
                                                                                                                                                                                                                                0x00403c6a
                                                                                                                                                                                                                                0x00403c70
                                                                                                                                                                                                                                0x00403c74
                                                                                                                                                                                                                                0x00403c74
                                                                                                                                                                                                                                0x00403c79
                                                                                                                                                                                                                                0x00403c7f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403c85
                                                                                                                                                                                                                                0x00403c8a
                                                                                                                                                                                                                                0x00403c90
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403c99
                                                                                                                                                                                                                                0x00403ca1
                                                                                                                                                                                                                                0x00403ca6
                                                                                                                                                                                                                                0x00403ca9
                                                                                                                                                                                                                                0x00403caf
                                                                                                                                                                                                                                0x00403cb4
                                                                                                                                                                                                                                0x00403cb7
                                                                                                                                                                                                                                0x00403cbd
                                                                                                                                                                                                                                0x00403cc2
                                                                                                                                                                                                                                0x00403cc5
                                                                                                                                                                                                                                0x00403ccb
                                                                                                                                                                                                                                0x00403cd3
                                                                                                                                                                                                                                0x00403cd9
                                                                                                                                                                                                                                0x00403cdf
                                                                                                                                                                                                                                0x00403ce3
                                                                                                                                                                                                                                0x00403cea
                                                                                                                                                                                                                                0x00403cea
                                                                                                                                                                                                                                0x00403cea
                                                                                                                                                                                                                                0x00403cf4
                                                                                                                                                                                                                                0x00403d06
                                                                                                                                                                                                                                0x00403d12
                                                                                                                                                                                                                                0x00403d17
                                                                                                                                                                                                                                0x00403d21
                                                                                                                                                                                                                                0x00403d27
                                                                                                                                                                                                                                0x00403d29
                                                                                                                                                                                                                                0x00403d2e
                                                                                                                                                                                                                                0x00403d2b
                                                                                                                                                                                                                                0x00403d2b
                                                                                                                                                                                                                                0x00403d2b
                                                                                                                                                                                                                                0x00403d3e
                                                                                                                                                                                                                                0x00403d56
                                                                                                                                                                                                                                0x00403d58
                                                                                                                                                                                                                                0x00403d5e
                                                                                                                                                                                                                                0x00403d73
                                                                                                                                                                                                                                0x00403d60
                                                                                                                                                                                                                                0x00403d69
                                                                                                                                                                                                                                0x00403d6b
                                                                                                                                                                                                                                0x00403d6b
                                                                                                                                                                                                                                0x00403d79
                                                                                                                                                                                                                                0x00403d89
                                                                                                                                                                                                                                0x00403d9a
                                                                                                                                                                                                                                0x00403da1
                                                                                                                                                                                                                                0x00403da7
                                                                                                                                                                                                                                0x00403dab
                                                                                                                                                                                                                                0x00403db0
                                                                                                                                                                                                                                0x00403db2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403db8
                                                                                                                                                                                                                                0x00403db8
                                                                                                                                                                                                                                0x00403dba
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403dc0
                                                                                                                                                                                                                                0x00403dc4
                                                                                                                                                                                                                                0x00403de9
                                                                                                                                                                                                                                0x00403def
                                                                                                                                                                                                                                0x00403df5
                                                                                                                                                                                                                                0x00403df7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403e1d
                                                                                                                                                                                                                                0x00403e23
                                                                                                                                                                                                                                0x00403e25
                                                                                                                                                                                                                                0x00403e2a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403e30
                                                                                                                                                                                                                                0x00403e33
                                                                                                                                                                                                                                0x00403e36
                                                                                                                                                                                                                                0x00403e4d
                                                                                                                                                                                                                                0x00403e59
                                                                                                                                                                                                                                0x00403e72
                                                                                                                                                                                                                                0x00403e78
                                                                                                                                                                                                                                0x00403e7c
                                                                                                                                                                                                                                0x00403e81
                                                                                                                                                                                                                                0x00403e87
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403e91
                                                                                                                                                                                                                                0x00403e9c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403e9c
                                                                                                                                                                                                                                0x00403dc6
                                                                                                                                                                                                                                0x00403dcc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403dd2
                                                                                                                                                                                                                                0x00403dd8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403dde
                                                                                                                                                                                                                                0x00403db2
                                                                                                                                                                                                                                0x00403ea9
                                                                                                                                                                                                                                0x00403eb5
                                                                                                                                                                                                                                0x00403ebc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403c0d
                                                                                                                                                                                                                                0x00403c0d
                                                                                                                                                                                                                                0x00403c10
                                                                                                                                                                                                                                0x00403c43
                                                                                                                                                                                                                                0x00403c43
                                                                                                                                                                                                                                0x00403c45
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403c45
                                                                                                                                                                                                                                0x00403c12
                                                                                                                                                                                                                                0x00403c16
                                                                                                                                                                                                                                0x00403c1b
                                                                                                                                                                                                                                0x00403c1d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403c2d
                                                                                                                                                                                                                                0x00403c35
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403c3b
                                                                                                                                                                                                                                0x00403a69
                                                                                                                                                                                                                                0x00403a69
                                                                                                                                                                                                                                0x00403a6d
                                                                                                                                                                                                                                0x00403a72
                                                                                                                                                                                                                                0x00403a81
                                                                                                                                                                                                                                0x00403a81
                                                                                                                                                                                                                                0x00403a8a
                                                                                                                                                                                                                                0x00403a93
                                                                                                                                                                                                                                0x00403a9e
                                                                                                                                                                                                                                0x00403a9e
                                                                                                                                                                                                                                0x00403aaa
                                                                                                                                                                                                                                0x00403ac6
                                                                                                                                                                                                                                0x00403ac9
                                                                                                                                                                                                                                0x00403adc
                                                                                                                                                                                                                                0x00403ae2
                                                                                                                                                                                                                                0x00403b85
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403b8e
                                                                                                                                                                                                                                0x00403ae8
                                                                                                                                                                                                                                0x00403af5
                                                                                                                                                                                                                                0x00403af7
                                                                                                                                                                                                                                0x00403af9
                                                                                                                                                                                                                                0x00403b18
                                                                                                                                                                                                                                0x00403b18
                                                                                                                                                                                                                                0x00403b1b
                                                                                                                                                                                                                                0x00403b20
                                                                                                                                                                                                                                0x00403b23
                                                                                                                                                                                                                                0x00403b33
                                                                                                                                                                                                                                0x00403b34
                                                                                                                                                                                                                                0x00403b36
                                                                                                                                                                                                                                0x00403b6c
                                                                                                                                                                                                                                0x00403b7f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403b7f
                                                                                                                                                                                                                                0x00403b38
                                                                                                                                                                                                                                0x00403b3e
                                                                                                                                                                                                                                0x00403b57
                                                                                                                                                                                                                                0x00403b5c
                                                                                                                                                                                                                                0x00403b5e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403b60
                                                                                                                                                                                                                                0x00403b4c
                                                                                                                                                                                                                                0x00403b4c
                                                                                                                                                                                                                                0x00403b4e
                                                                                                                                                                                                                                0x00403b4e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403b4e
                                                                                                                                                                                                                                0x00403b41
                                                                                                                                                                                                                                0x00403b46
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403b46
                                                                                                                                                                                                                                0x00403b25
                                                                                                                                                                                                                                0x00403b2b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403b2d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403b2d
                                                                                                                                                                                                                                0x00403b1d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403b1d
                                                                                                                                                                                                                                0x00403b03
                                                                                                                                                                                                                                0x00403b0a
                                                                                                                                                                                                                                0x00403b10
                                                                                                                                                                                                                                0x00403b12
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403b12
                                                                                                                                                                                                                                0x00403ace
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403aac
                                                                                                                                                                                                                                0x00403ab2
                                                                                                                                                                                                                                0x00403abc
                                                                                                                                                                                                                                0x00403ec2
                                                                                                                                                                                                                                0x00403ec2
                                                                                                                                                                                                                                0x00403ec8
                                                                                                                                                                                                                                0x00403eca
                                                                                                                                                                                                                                0x00403ed0
                                                                                                                                                                                                                                0x00403ed5
                                                                                                                                                                                                                                0x00403edb
                                                                                                                                                                                                                                0x00403edb
                                                                                                                                                                                                                                0x00403ed0
                                                                                                                                                                                                                                0x00403ee5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403ee5
                                                                                                                                                                                                                                0x00403aaa

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A81
                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00403A9E
                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 00403AB2
                                                                                                                                                                                                                                • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403ACE
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 00403AEF
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 00403B03
                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00403B0A
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 00403BB8
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 00403BC2
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403BDC
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 00403C2D
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 00403CD3
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00403CF4
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403D06
                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 00403D21
                                                                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D37
                                                                                                                                                                                                                                • EnableMenuItem.USER32 ref: 00403D3E
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 00403D56
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 00403D69
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(004204A0,?,004204A0,MP3 Rocket 6.2.4 Setup), ref: 00403D92
                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,004204A0), ref: 00403DA1
                                                                                                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00403ED5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                                                                                                                                                                                                • String ID: MP3 Rocket 6.2.4 Setup
                                                                                                                                                                                                                                • API String ID: 3906175533-2590845374
                                                                                                                                                                                                                                • Opcode ID: 0ca44dad19ebef12785e3fca4310d205a7ec76f049bba6dd02c4170e1792f308
                                                                                                                                                                                                                                • Instruction ID: 1b558320748e03173a152966608fa9e4bba3452d5179f8dde3fdb5243a6fbb8a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ca44dad19ebef12785e3fca4310d205a7ec76f049bba6dd02c4170e1792f308
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21C18071A04204BBDB216F21ED45E2B3E7DEB4970AF40053EF541B12E1C739AA42DB6E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 030C1855, Relevance: 54.5, APIs: 21, Strings: 10, Instructions: 215memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E030C1855() {
				signed int _v8;
				long _v12;
				long _v16;
				int _v20;
				int _v24;
				int _v28;
				int _v32;
				CHAR* _v36;
				void* _v40;
				CHAR* _v44;
				int _t64;
				void* _t66;
				int _t73;
				signed int _t74;
				signed int _t75;
				int _t79;
				int _t80;
				int _t81;
				int _t82;
				int _t83;
				int _t84;
				int _t85;
				int _t86;
				void* _t87;
				int _t92;
				struct HWND__* _t95;
				void* _t100;
				CHAR* _t110;
				struct HWND__* _t111;
				signed int _t118;

				_t110 = HeapAlloc(GetProcessHeap(), 8,  *0x30c50dc +  *0x30c50dc);
				_t113 =  *0x30c50dc + _t110;
				_v44 = _t110;
				_v36 =  *0x30c50dc + _t110;
				if(_t110 == 0) {
					return E030C1E27("error");
				}
				_t64 = E030C1DD9(_t110, 0);
				__eflags = _t64;
				if(__eflags != 0) {
					L4:
					E030C1E27("error");
					_push(_t110);
					_push(0);
					_t66 = GetProcessHeap();
					goto L27;
				} else {
					L030C1FEC();
					_v12 = _t64;
					L030C1FEC();
					_v16 = _t64;
					E030C1252(__eflags,  &_v32,  &_v28,  &_v24,  &_v20);
					_t73 = E030C1DD9(_t113, 0);
					__eflags = _t73;
					if(_t73 == 0) {
						_t74 =  *0x30c50d4;
						_v8 = _t74;
						_t75 = _t74 + 1;
						_v40 = _t75;
						 *0x30c50d4 = _t75;
						 *0x30c50d8 = HeapReAlloc(GetProcessHeap(), 8,  *0x30c50d8, _t75 * 0x418);
						_t79 = lstrcmpiA(_t110, "BUTTON");
						__eflags = _t79;
						if(_t79 != 0) {
							_t80 = lstrcmpiA(_t110, "EDIT");
							__eflags = _t80;
							if(_t80 != 0) {
								_t81 = lstrcmpiA(_t110, "COMBOBOX");
								__eflags = _t81;
								if(_t81 != 0) {
									_t82 = lstrcmpiA(_t110, "LISTBOX");
									__eflags = _t82;
									if(_t82 != 0) {
										_t83 = lstrcmpiA(_t110, "RichEdit");
										__eflags = _t83;
										if(_t83 != 0) {
											_t84 = lstrcmpiA(_t110, "RICHEDIT_CLASS");
											__eflags = _t84;
											if(_t84 != 0) {
												_t85 = lstrcmpiA(_t110, "STATIC");
												__eflags = _t85;
												if(_t85 != 0) {
													_t86 = lstrcmpiA(_t110, "LINK");
													_t118 = _v8 * 0x418;
													__eflags = _t86;
													_t87 =  *0x30c50d8;
													if(_t86 != 0) {
														_t36 = _t118 + _t87 + 4;
														 *_t36 =  *(_t118 + _t87 + 4) & 0x00000000;
														__eflags =  *_t36;
													} else {
														 *(_t118 + _t87 + 4) = 8;
													}
												} else {
													_t118 = _v8 * 0x418;
													 *(_t118 +  *0x30c50d8 + 4) = 7;
												}
											} else {
												_t118 = _v8 * 0x418;
												 *(_t118 +  *0x30c50d8 + 4) = 6;
											}
										} else {
											_t118 = _v8 * 0x418;
											 *(_t118 +  *0x30c50d8 + 4) = 5;
										}
									} else {
										_t118 = _v8 * 0x418;
										 *(_t118 +  *0x30c50d8 + 4) = 4;
									}
								} else {
									_t118 = _v8 * 0x418;
									 *(_t118 +  *0x30c50d8 + 4) = 3;
								}
							} else {
								_t118 = _v8 * 0x418;
								 *(_t118 +  *0x30c50d8 + 4) = 2;
							}
						} else {
							_t118 = _v8 * 0x418;
							 *(_t118 +  *0x30c50d8 + 4) = 1;
						}
						E030C1D0C( *(_t118 +  *0x30c50d8 + 4),  &_v12,  &_v16);
						_t92 = lstrcmpiA(_t110, "LINK");
						__eflags = _t92;
						if(_t92 == 0) {
							_t110 = "BUTTON";
						}
						_t95 = CreateWindowExA(_v16, _t110, _v36, _v12, _v32, _v28, _v24, _v20,  *0x30c50c0, _v8 + 0x4b0,  *0x30c50a4, 0); // executed
						_t111 = _t95;
						 *( *0x30c50d8 + _t118) = _t111;
						SetPropA(_t111, "NSIS: nsControl pointer property", _v40);
						SendMessageA(_t111, 0x30, SendMessageA( *0x30c50c4, 0x31, 0, 0), 1);
						_t100 =  *0x30c50d8;
						__eflags =  *((intOrPtr*)(_t118 + _t100 + 4)) - 8;
						if( *((intOrPtr*)(_t118 + _t100 + 4)) == 8) {
							 *((intOrPtr*)(_t118 +  *0x30c50d8 + 0x414)) = SetWindowLongA(_t111, 0xfffffffc, E030C1480);
						}
						_push(_t111);
						L030C2016();
						_push(_v44);
						_push(0);
						_t66 = GetProcessHeap();
						L27:
						return HeapFree(_t66, ??, ??);
					}
					goto L4;
				}
			}

































                                                                                                                                                                                                                                0x030c1877
                                                                                                                                                                                                                                0x030c1880
                                                                                                                                                                                                                                0x030c1883
                                                                                                                                                                                                                                0x030c1886
                                                                                                                                                                                                                                0x030c1889
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c1890
                                                                                                                                                                                                                                0x030c189d
                                                                                                                                                                                                                                0x030c18a2
                                                                                                                                                                                                                                0x030c18a4
                                                                                                                                                                                                                                0x030c18d7
                                                                                                                                                                                                                                0x030c18dc
                                                                                                                                                                                                                                0x030c18e1
                                                                                                                                                                                                                                0x030c18e2
                                                                                                                                                                                                                                0x030c18e4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c18a6
                                                                                                                                                                                                                                0x030c18a6
                                                                                                                                                                                                                                0x030c18ab
                                                                                                                                                                                                                                0x030c18ae
                                                                                                                                                                                                                                0x030c18b3
                                                                                                                                                                                                                                0x030c18c6
                                                                                                                                                                                                                                0x030c18ce
                                                                                                                                                                                                                                0x030c18d3
                                                                                                                                                                                                                                0x030c18d5
                                                                                                                                                                                                                                0x030c18eb
                                                                                                                                                                                                                                0x030c18f0
                                                                                                                                                                                                                                0x030c18f3
                                                                                                                                                                                                                                0x030c18f4
                                                                                                                                                                                                                                0x030c18f7
                                                                                                                                                                                                                                0x030c1920
                                                                                                                                                                                                                                0x030c1925
                                                                                                                                                                                                                                0x030c1927
                                                                                                                                                                                                                                0x030c1929
                                                                                                                                                                                                                                0x030c194c
                                                                                                                                                                                                                                0x030c194e
                                                                                                                                                                                                                                0x030c1950
                                                                                                                                                                                                                                0x030c1973
                                                                                                                                                                                                                                0x030c1975
                                                                                                                                                                                                                                0x030c1977
                                                                                                                                                                                                                                0x030c199a
                                                                                                                                                                                                                                0x030c199c
                                                                                                                                                                                                                                0x030c199e
                                                                                                                                                                                                                                0x030c19c1
                                                                                                                                                                                                                                0x030c19c3
                                                                                                                                                                                                                                0x030c19c5
                                                                                                                                                                                                                                0x030c19e5
                                                                                                                                                                                                                                0x030c19e7
                                                                                                                                                                                                                                0x030c19e9
                                                                                                                                                                                                                                0x030c1a09
                                                                                                                                                                                                                                0x030c1a0b
                                                                                                                                                                                                                                0x030c1a0d
                                                                                                                                                                                                                                0x030c1a2d
                                                                                                                                                                                                                                0x030c1a32
                                                                                                                                                                                                                                0x030c1a38
                                                                                                                                                                                                                                0x030c1a3a
                                                                                                                                                                                                                                0x030c1a3f
                                                                                                                                                                                                                                0x030c1a4b
                                                                                                                                                                                                                                0x030c1a4b
                                                                                                                                                                                                                                0x030c1a4b
                                                                                                                                                                                                                                0x030c1a41
                                                                                                                                                                                                                                0x030c1a41
                                                                                                                                                                                                                                0x030c1a41
                                                                                                                                                                                                                                0x030c1a0f
                                                                                                                                                                                                                                0x030c1a17
                                                                                                                                                                                                                                0x030c1a1d
                                                                                                                                                                                                                                0x030c1a1d
                                                                                                                                                                                                                                0x030c19eb
                                                                                                                                                                                                                                0x030c19f3
                                                                                                                                                                                                                                0x030c19f9
                                                                                                                                                                                                                                0x030c19f9
                                                                                                                                                                                                                                0x030c19c7
                                                                                                                                                                                                                                0x030c19cf
                                                                                                                                                                                                                                0x030c19d5
                                                                                                                                                                                                                                0x030c19d5
                                                                                                                                                                                                                                0x030c19a0
                                                                                                                                                                                                                                0x030c19a8
                                                                                                                                                                                                                                0x030c19ae
                                                                                                                                                                                                                                0x030c19ae
                                                                                                                                                                                                                                0x030c1979
                                                                                                                                                                                                                                0x030c1981
                                                                                                                                                                                                                                0x030c1987
                                                                                                                                                                                                                                0x030c1987
                                                                                                                                                                                                                                0x030c1952
                                                                                                                                                                                                                                0x030c195a
                                                                                                                                                                                                                                0x030c1960
                                                                                                                                                                                                                                0x030c1960
                                                                                                                                                                                                                                0x030c192b
                                                                                                                                                                                                                                0x030c1933
                                                                                                                                                                                                                                0x030c1939
                                                                                                                                                                                                                                0x030c1939
                                                                                                                                                                                                                                0x030c1a61
                                                                                                                                                                                                                                0x030c1a6c
                                                                                                                                                                                                                                0x030c1a6e
                                                                                                                                                                                                                                0x030c1a70
                                                                                                                                                                                                                                0x030c1a72
                                                                                                                                                                                                                                0x030c1a72
                                                                                                                                                                                                                                0x030c1aa4
                                                                                                                                                                                                                                0x030c1aad
                                                                                                                                                                                                                                0x030c1aba
                                                                                                                                                                                                                                0x030c1abd
                                                                                                                                                                                                                                0x030c1add
                                                                                                                                                                                                                                0x030c1adf
                                                                                                                                                                                                                                0x030c1ae4
                                                                                                                                                                                                                                0x030c1ae9
                                                                                                                                                                                                                                0x030c1aff
                                                                                                                                                                                                                                0x030c1aff
                                                                                                                                                                                                                                0x030c1b06
                                                                                                                                                                                                                                0x030c1b07
                                                                                                                                                                                                                                0x030c1b0c
                                                                                                                                                                                                                                0x030c1b0f
                                                                                                                                                                                                                                0x030c1b11
                                                                                                                                                                                                                                0x030c1b17
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c1b18
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c18d5

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?), ref: 030C186E
                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 030C1871
                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,error,00000000,00000000), ref: 030C18E4
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 030C1B18
                                                                                                                                                                                                                                  • Part of subcall function 030C1E27: GlobalAlloc.KERNEL32(00000040,?,?,030C10BE,error,?,00000104), ref: 030C1E3C
                                                                                                                                                                                                                                  • Part of subcall function 030C1E27: lstrcpynA.KERNEL32(00000004,?,?,030C10BE,error,?,00000104), ref: 030C1E52
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1675900869.00000000030C1000.00000020.00020000.sdmp, Offset: 030C0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675875391.00000000030C0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675927376.00000000030C3000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675953768.00000000030C4000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675968346.00000000030C7000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_30c0000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Heap$AllocProcess$FreeGloballstrcpyn
                                                                                                                                                                                                                                • String ID: BUTTON$COMBOBOX$EDIT$LINK$LISTBOX$NSIS: nsControl pointer property$RICHEDIT_CLASS$RichEdit$STATIC$error
                                                                                                                                                                                                                                • API String ID: 1913068523-3375361224
                                                                                                                                                                                                                                • Opcode ID: 1b639b562eb311b6dc9e32d9521e5811301d46fd6a9d0f2626ce4dfd7063328b
                                                                                                                                                                                                                                • Instruction ID: 94b04988043c0f06e1e322cd1026cb6f9b75a0fadb53b76169c6284210cb1598
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b639b562eb311b6dc9e32d9521e5811301d46fd6a9d0f2626ce4dfd7063328b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F819576932344ABDB11EB92DD44F9EBBFCFB05304F214459E606FB146D778A8448B60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004036AF, Relevance: 52.7, APIs: 15, Strings: 15, Instructions: 216stringregistrylibraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 257 4036af-4036c7 call 405e88 260 4036c9-4036d9 call 405ac4 257->260 261 4036db-403702 call 405a4d 257->261 270 403725-40374e call 403978 call 40573a 260->270 266 403704-403715 call 405a4d 261->266 267 40371a-403720 lstrcatA 261->267 266->267 267->270 275 403754-403759 270->275 276 4037d5-4037dd call 40573a 270->276 275->276 278 40375b-403773 call 405a4d 275->278 282 4037eb-403810 LoadImageA 276->282 283 4037df-4037e6 call 405b88 276->283 281 403778-40377f 278->281 281->276 284 403781-403783 281->284 286 403816-40384c RegisterClassA 282->286 287 40389f-4038a7 call 40140b 282->287 283->282 288 403794-4037a0 lstrlenA 284->288 289 403785-403792 call 405684 284->289 290 403852-40389a SystemParametersInfoA CreateWindowExA 286->290 291 40396e 286->291 300 4038b1-4038bc call 403978 287->300 301 4038a9-4038ac 287->301 295 4037a2-4037b0 lstrcmpiA 288->295 296 4037c8-4037d0 call 405659 call 405b66 288->296 289->288 290->287 293 403970-403977 291->293 295->296 299 4037b2-4037bc GetFileAttributesA 295->299 296->276 303 4037c2-4037c3 call 4056a0 299->303 304 4037be-4037c0 299->304 310 4038c2-4038df ShowWindow LoadLibraryA 300->310 311 403945-40394d call 404fd6 300->311 301->293 303->296 304->296 304->303 313 4038e1-4038e6 LoadLibraryA 310->313 314 4038e8-4038fa GetClassInfoA 310->314 319 403967-403969 call 40140b 311->319 320 40394f-403955 311->320 313->314 315 403912-403935 DialogBoxParamA call 40140b 314->315 316 4038fc-40390c GetClassInfoA RegisterClassA 314->316 321 40393a-403943 call 4035ff 315->321 316->315 319->291 320->301 322 40395b-403962 call 40140b 320->322 321->293 322->301
                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                			E004036AF() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423eb0; // 0x5405b0
				_t20 = E00405E88(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x4204a0;
					"1033" = 0x7830;
					E00405A4D(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x4204a0, 0);
					__eflags =  *0x4204a0;
					if(__eflags == 0) {
						E00405A4D(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x4204a0, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AC4("1033",  *_t20() & 0x0000ffff);
				}
				E00403978(_t76, _t88);
				_t24 =  *0x423eb8; // 0x81
				_t85 = "C:\\Program Files (x86)\\MP3 Rocket";
				 *0x423f20 = _t24 & 0x00000020;
				 *0x423f3c = 0x10000;
				if(E0040573A(_t88, "C:\\Program Files (x86)\\MP3 Rocket") != 0) {
					L16:
					if(E0040573A(_t96, _t85) == 0) {
						E00405B88(0, _t79, _t81, _t85,  *((intOrPtr*)(_t81 + 0x118))); // executed
					}
					_t28 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423688 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403978(_t76, __eflags);
							__eflags =  *0x423f40; // 0x0
							if(__eflags != 0) {
								_t31 = E00404FD6(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420478, 5); // executed
							_t37 = LoadLibraryA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423640);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t86;
								RegisterClassA(0x423640);
							}
							_t39 =  *0x423680; // 0x0
							_t42 = DialogBoxParamA( *0x423ea0, _t39 + 0x00000069 & 0x0000ffff, 0, E00403A45, 0); // executed
							E004035FF(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423ea0; // 0x400000
						 *0x423654 = _t28;
						_v20 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 = _t76;
						 *0x423664 =  &_v20;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420478 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423ed8; // 0x54e3c0
					_t79 = 0x422e40;
					E00405A4D( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422e40, 0);
					_t62 =  *0x422e40; // 0x31
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e41;
						 *((char*)(E00405684(0x422e41, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B66(_t85, E00405659(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056A0(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                                                                                                                                                                                                                0x004036b5
                                                                                                                                                                                                                                0x004036be
                                                                                                                                                                                                                                0x004036c5
                                                                                                                                                                                                                                0x004036c7
                                                                                                                                                                                                                                0x004036db
                                                                                                                                                                                                                                0x004036ed
                                                                                                                                                                                                                                0x004036f7
                                                                                                                                                                                                                                0x004036fc
                                                                                                                                                                                                                                0x00403702
                                                                                                                                                                                                                                0x00403715
                                                                                                                                                                                                                                0x00403715
                                                                                                                                                                                                                                0x00403720
                                                                                                                                                                                                                                0x004036c9
                                                                                                                                                                                                                                0x004036d4
                                                                                                                                                                                                                                0x004036d4
                                                                                                                                                                                                                                0x00403725
                                                                                                                                                                                                                                0x0040372a
                                                                                                                                                                                                                                0x0040372f
                                                                                                                                                                                                                                0x00403738
                                                                                                                                                                                                                                0x0040373d
                                                                                                                                                                                                                                0x0040374e
                                                                                                                                                                                                                                0x004037d5
                                                                                                                                                                                                                                0x004037dd
                                                                                                                                                                                                                                0x004037e6
                                                                                                                                                                                                                                0x004037e6
                                                                                                                                                                                                                                0x004037fc
                                                                                                                                                                                                                                0x00403802
                                                                                                                                                                                                                                0x00403810
                                                                                                                                                                                                                                0x0040389f
                                                                                                                                                                                                                                0x004038a7
                                                                                                                                                                                                                                0x004038b1
                                                                                                                                                                                                                                0x004038b6
                                                                                                                                                                                                                                0x004038bc
                                                                                                                                                                                                                                0x00403946
                                                                                                                                                                                                                                0x0040394b
                                                                                                                                                                                                                                0x0040394d
                                                                                                                                                                                                                                0x00403969
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403969
                                                                                                                                                                                                                                0x0040394f
                                                                                                                                                                                                                                0x00403955
                                                                                                                                                                                                                                0x0040395d
                                                                                                                                                                                                                                0x0040395d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403955
                                                                                                                                                                                                                                0x004038ca
                                                                                                                                                                                                                                0x004038db
                                                                                                                                                                                                                                0x004038dd
                                                                                                                                                                                                                                0x004038df
                                                                                                                                                                                                                                0x004038e6
                                                                                                                                                                                                                                0x004038e6
                                                                                                                                                                                                                                0x004038ee
                                                                                                                                                                                                                                0x004038f6
                                                                                                                                                                                                                                0x004038f8
                                                                                                                                                                                                                                0x004038fa
                                                                                                                                                                                                                                0x00403903
                                                                                                                                                                                                                                0x00403906
                                                                                                                                                                                                                                0x0040390c
                                                                                                                                                                                                                                0x0040390c
                                                                                                                                                                                                                                0x00403912
                                                                                                                                                                                                                                0x0040392b
                                                                                                                                                                                                                                0x0040393c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403941
                                                                                                                                                                                                                                0x004038a9
                                                                                                                                                                                                                                0x004038ab
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403816
                                                                                                                                                                                                                                0x00403816
                                                                                                                                                                                                                                0x0040381c
                                                                                                                                                                                                                                0x00403826
                                                                                                                                                                                                                                0x0040382e
                                                                                                                                                                                                                                0x00403838
                                                                                                                                                                                                                                0x0040383e
                                                                                                                                                                                                                                0x0040384c
                                                                                                                                                                                                                                0x0040396e
                                                                                                                                                                                                                                0x0040396e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040396e
                                                                                                                                                                                                                                0x00403852
                                                                                                                                                                                                                                0x0040385b
                                                                                                                                                                                                                                0x0040389a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040389a
                                                                                                                                                                                                                                0x00403754
                                                                                                                                                                                                                                0x00403754
                                                                                                                                                                                                                                0x00403759
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040375e
                                                                                                                                                                                                                                0x00403763
                                                                                                                                                                                                                                0x00403773
                                                                                                                                                                                                                                0x00403778
                                                                                                                                                                                                                                0x0040377f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403783
                                                                                                                                                                                                                                0x00403785
                                                                                                                                                                                                                                0x00403792
                                                                                                                                                                                                                                0x00403792
                                                                                                                                                                                                                                0x0040379a
                                                                                                                                                                                                                                0x004037a0
                                                                                                                                                                                                                                0x004037c8
                                                                                                                                                                                                                                0x004037d0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004037b2
                                                                                                                                                                                                                                0x004037b3
                                                                                                                                                                                                                                0x004037bc
                                                                                                                                                                                                                                0x004037c2
                                                                                                                                                                                                                                0x004037c3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004037c3
                                                                                                                                                                                                                                0x004037be
                                                                                                                                                                                                                                0x004037c0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004037c0
                                                                                                                                                                                                                                0x004037a0

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                                                                                                                  • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                                                                                                                  • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                                                                                                                                • lstrcatA.KERNEL32(1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\mp3rocket.exe" ,00000000,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00403720
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(100,?,?,?,100,00000000,C:\Program Files (x86)\MP3 Rocket,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\mp3rocket.exe" ), ref: 00403795
                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,.exe,100,?,?,?,100,00000000,C:\Program Files (x86)\MP3 Rocket,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000), ref: 004037A8
                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(100), ref: 004037B3
                                                                                                                                                                                                                                • LoadImageA.USER32 ref: 004037FC
                                                                                                                                                                                                                                  • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                                                                                                                                                • RegisterClassA.USER32 ref: 00403843
                                                                                                                                                                                                                                • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040385B
                                                                                                                                                                                                                                • CreateWindowExA.USER32 ref: 00403894
                                                                                                                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 004038CA
                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(RichEd20), ref: 004038DB
                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(RichEd32), ref: 004038E6
                                                                                                                                                                                                                                • GetClassInfoA.USER32 ref: 004038F6
                                                                                                                                                                                                                                • GetClassInfoA.USER32 ref: 00403903
                                                                                                                                                                                                                                • RegisterClassA.USER32 ref: 0040390C
                                                                                                                                                                                                                                • DialogBoxParamA.USER32 ref: 0040392B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\mp3rocket.exe" $.DEFAULT\Control Panel\International$.exe$100$1033$@6B$A.B$C:\Program Files (x86)\MP3 Rocket$C:\Users\user~1\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                • API String ID: 914957316-2106224639
                                                                                                                                                                                                                                • Opcode ID: 6dd8c866dd907658969a4a4875d5acd1ebd92cc4bf810ee3f5d51b3ace02576f
                                                                                                                                                                                                                                • Instruction ID: 5edcd83abe1923a5ef33726047749e404321c8c293ca1ea02831498dc8d0bb6f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6dd8c866dd907658969a4a4875d5acd1ebd92cc4bf810ee3f5d51b3ace02576f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A961A3B16442007FD720AF659D45E2B3AADEB4475AF40457FF940B22E1D77CAD01CA2E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404060, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 328 404060-404070 329 404183-404196 328->329 330 404076-40407e 328->330 333 4041f2-4041f6 329->333 334 404198-4041a1 329->334 331 404080-40408f 330->331 332 404091-404129 call 403f18 * 2 CheckDlgButton call 403f3a GetDlgItem call 403f4d SendMessageA 330->332 331->332 366 404134-40417e SendMessageA * 2 lstrlenA SendMessageA * 2 332->366 367 40412b-40412e GetSysColor 332->367 336 4042c6-4042cd 333->336 337 4041fc-404210 GetDlgItem 333->337 338 4042d5 334->338 339 4041a7-4041af 334->339 336->338 340 4042cf 336->340 343 404212-404219 337->343 344 404284-40428b 337->344 342 4042d8-4042df call 403f7f 338->342 339->338 345 4041b5-4041c1 339->345 340->338 353 4042e4-4042e8 342->353 343->344 349 40421b-404236 343->349 344->342 350 40428d-404294 344->350 345->338 346 4041c7-4041ed GetDlgItem SendMessageA call 403f3a call 4042eb 345->346 346->333 349->344 354 404238-404281 SendMessageA LoadCursorA SetCursor ShellExecuteA LoadCursorA SetCursor 349->354 350->342 355 404296-40429a 350->355 354->344 358 40429c-4042ab SendMessageA 355->358 359 4042ad-4042b1 355->359 358->359 362 4042c1-4042c4 359->362 363 4042b3-4042bf SendMessageA 359->363 362->353 363->362 366->353 367->366
                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                			E00404060(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420480 =  *0x420480 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403F7F(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e40;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420480 != 0) {
						goto L25;
					} else {
						_t103 =  *0x41fc70; // 0x54071c
						_t25 = _t103 + 0x14; // 0x540730
						_t112 = _t25;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403F3A(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004042EB();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42367c; // 0x559062
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423ed8; // 0x54e3c0
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040402C;
				E00403F18(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403F18(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403F3A( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403F4D(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423eb0; // 0x5405b0
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f464 =  *0x41f464 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16); // executed
				 *0x420480 =  *0x420480 & 0x00000000;
				return 0;
			}





















                                                                                                                                                                                                                                0x00404070
                                                                                                                                                                                                                                0x00404196
                                                                                                                                                                                                                                0x004041f2
                                                                                                                                                                                                                                0x004041f6
                                                                                                                                                                                                                                0x004042cd
                                                                                                                                                                                                                                0x004042cf
                                                                                                                                                                                                                                0x004042cf
                                                                                                                                                                                                                                0x004042d5
                                                                                                                                                                                                                                0x004042d5
                                                                                                                                                                                                                                0x004042d8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004042df
                                                                                                                                                                                                                                0x00404204
                                                                                                                                                                                                                                0x00404206
                                                                                                                                                                                                                                0x00404210
                                                                                                                                                                                                                                0x0040421b
                                                                                                                                                                                                                                0x0040421e
                                                                                                                                                                                                                                0x00404221
                                                                                                                                                                                                                                0x0040422c
                                                                                                                                                                                                                                0x0040422f
                                                                                                                                                                                                                                0x00404236
                                                                                                                                                                                                                                0x00404244
                                                                                                                                                                                                                                0x0040425c
                                                                                                                                                                                                                                0x00404264
                                                                                                                                                                                                                                0x0040426f
                                                                                                                                                                                                                                0x0040427f
                                                                                                                                                                                                                                0x00404281
                                                                                                                                                                                                                                0x00404281
                                                                                                                                                                                                                                0x00404236
                                                                                                                                                                                                                                0x0040428b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404296
                                                                                                                                                                                                                                0x0040429a
                                                                                                                                                                                                                                0x004042ab
                                                                                                                                                                                                                                0x004042ab
                                                                                                                                                                                                                                0x004042b1
                                                                                                                                                                                                                                0x004042bf
                                                                                                                                                                                                                                0x004042bf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004042c3
                                                                                                                                                                                                                                0x0040428b
                                                                                                                                                                                                                                0x004041a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004041b5
                                                                                                                                                                                                                                0x004041b5
                                                                                                                                                                                                                                0x004041bb
                                                                                                                                                                                                                                0x004041bb
                                                                                                                                                                                                                                0x004041c1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004041e6
                                                                                                                                                                                                                                0x004041e8
                                                                                                                                                                                                                                0x004041ed
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004041ed
                                                                                                                                                                                                                                0x004041a1
                                                                                                                                                                                                                                0x00404076
                                                                                                                                                                                                                                0x00404079
                                                                                                                                                                                                                                0x0040407e
                                                                                                                                                                                                                                0x00404080
                                                                                                                                                                                                                                0x0040408f
                                                                                                                                                                                                                                0x0040408f
                                                                                                                                                                                                                                0x00404091
                                                                                                                                                                                                                                0x00404096
                                                                                                                                                                                                                                0x00404099
                                                                                                                                                                                                                                0x0040409b
                                                                                                                                                                                                                                0x004040a0
                                                                                                                                                                                                                                0x004040a9
                                                                                                                                                                                                                                0x004040af
                                                                                                                                                                                                                                0x004040bb
                                                                                                                                                                                                                                0x004040be
                                                                                                                                                                                                                                0x004040c7
                                                                                                                                                                                                                                0x004040cc
                                                                                                                                                                                                                                0x004040cf
                                                                                                                                                                                                                                0x004040d4
                                                                                                                                                                                                                                0x004040eb
                                                                                                                                                                                                                                0x004040f2
                                                                                                                                                                                                                                0x00404105
                                                                                                                                                                                                                                0x00404108
                                                                                                                                                                                                                                0x0040411d
                                                                                                                                                                                                                                0x0040411f
                                                                                                                                                                                                                                0x00404124
                                                                                                                                                                                                                                0x00404129
                                                                                                                                                                                                                                0x0040412e
                                                                                                                                                                                                                                0x0040412e
                                                                                                                                                                                                                                0x0040413d
                                                                                                                                                                                                                                0x0040414c
                                                                                                                                                                                                                                0x0040414e
                                                                                                                                                                                                                                0x00404164
                                                                                                                                                                                                                                0x00404173
                                                                                                                                                                                                                                0x00404175
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                                                                • String ID: @.B$N$open
                                                                                                                                                                                                                                • API String ID: 3615053054-3815657624
                                                                                                                                                                                                                                • Opcode ID: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                                                                                                                                                • Instruction ID: 7761d7a6ce13443680711406d70bf9c6d022160e69bfd2fffc9b265f6460a43d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4661B2B1A40209BFEB109F60DC45F6A3B69FB44755F10817AFB04BA2D1C7B8A951CF98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402C72, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 368 402c72-402cc0 GetTickCount GetModuleFileNameA call 40583d 371 402cc2-402cc7 368->371 372 402ccc-402cfa call 405b66 call 4056a0 call 405b66 GetFileSize 368->372 373 402f11-402f15 371->373 380 402d00-402d17 372->380 381 402dea-402df8 call 402bd3 372->381 382 402d19 380->382 383 402d1b-402d21 call 4031bf 380->383 387 402ec9-402ece 381->387 388 402dfe-402e01 381->388 382->383 389 402d26-402d28 383->389 387->373 390 402e03-402e14 call 4031f1 call 4031bf 388->390 391 402e2d-402e79 GlobalAlloc call 405f62 call 40586c CreateFileA 388->391 392 402e85-402e8d call 402bd3 389->392 393 402d2e-402d34 389->393 411 402e19-402e1b 390->411 418 402e7b-402e80 391->418 419 402e8f-402ebf call 4031f1 call 402f18 391->419 392->387 396 402db4-402db8 393->396 397 402d36-402d4e call 4057fe 393->397 401 402dc1-402dc7 396->401 402 402dba-402dc0 call 402bd3 396->402 397->401 415 402d50-402d57 397->415 407 402dc9-402dd7 call 405ef4 401->407 408 402dda-402de4 401->408 402->401 407->408 408->380 408->381 411->387 416 402e21-402e27 411->416 415->401 420 402d59-402d60 415->420 416->387 416->391 418->373 428 402ec4-402ec7 419->428 420->401 422 402d62-402d69 420->422 422->401 424 402d6b-402d72 422->424 424->401 425 402d74-402d94 424->425 425->387 427 402d9a-402d9e 425->427 429 402da0-402da4 427->429 430 402da6-402dae 427->430 428->387 431 402ed0-402ee1 428->431 429->381 429->430 430->401 432 402db0-402db2 430->432 433 402ee3 431->433 434 402ee9-402eee 431->434 432->401 433->434 435 402eef-402ef5 434->435 435->435 436 402ef7-402f0f call 4057fe 435->436 436->373
                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                			E00402C72(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t57;
				void* _t62;
				signed int _t63;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				signed int _t101;
				signed int _t103;
				void* _t105;
				signed int _t106;
				signed int _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\frontdesk\\Desktop\\mp3rocket.exe", 0x400);
				_t105 = E0040583D("C:\\Users\\frontdesk\\Desktop\\mp3rocket.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405B66("C:\\Users\\frontdesk\\Desktop", "C:\\Users\\frontdesk\\Desktop\\mp3rocket.exe");
				E00405B66(0x42b000, E004056A0("C:\\Users\\frontdesk\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				__eflags = _t54;
				 *0x41f050 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BD3(1);
					__eflags =  *0x423eb4; // 0x11400
					if(__eflags == 0) {
						goto L30;
					}
					__eflags = _v12;
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00405F62(0x40afb8);
						E0040586C( &_v300, "C:\\Users\\FRONTD~1\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t63 =  *0x423eb4; // 0x11400
							_t65 = E004031F1(_t63 + 0x1c);
							 *0x41f054 = _t65;
							 *0x417048 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F18(_v16, 0xffffffff, 0, _t110, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
									__eflags =  *0x423ebc;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
									__eflags = _t101;
								} while (_t101 != 0);
								_t71 =  *0x417044; // 0x124ff6
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E004057FE(0x423ec0, _t110 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031F1( *0x417040);
					_t77 = E004031BF( &_a4, 4); // executed
					__eflags = _t77;
					if(_t77 == 0) {
						goto L30;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L30;
					}
					goto L26;
				} else {
					do {
						_t79 =  *0x423eb4; // 0x11400
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~_t79 & 0x00007e00) + 0x200;
						__eflags = _t109 - _t82;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031BF(0x417050, _t106); // executed
						__eflags = _t83;
						if(_t83 == 0) {
							E00402BD3(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423eb4; // 0x11400
						if(__eflags != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BD3(0);
							}
							goto L19;
						}
						E004057FE( &_v40, 0x417050, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L19;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L19;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L19;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L19;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L19;
						}
						_a4 = _a4 | _t89;
						_t103 =  *0x417040; // 0x32436
						 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t109;
						 *0x423eb4 = _t103;
						if(_t92 > _t109) {
							goto L30;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L15:
							_v12 = _v12 + 1;
							_t109 = _t92 - 4;
							__eflags = _t106 - _t109;
							if(_t106 > _t109) {
								_t106 = _t109;
							}
							goto L19;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							goto L22;
						}
						goto L15;
						L19:
						__eflags = _t109 -  *0x41f050; // 0x2d010
						if(__eflags < 0) {
							_v8 = E00405EF4(_v8, 0x417050, _t106);
						}
						 *0x417040 =  *0x417040 + _t106;
						_t109 = _t109 - _t106;
						__eflags = _t109;
					} while (_t109 > 0);
					goto L22;
				}
			}

































                                                                                                                                                                                                                                0x00402c80
                                                                                                                                                                                                                                0x00402c83
                                                                                                                                                                                                                                0x00402c9d
                                                                                                                                                                                                                                0x00402ca2
                                                                                                                                                                                                                                0x00402cb5
                                                                                                                                                                                                                                0x00402cba
                                                                                                                                                                                                                                0x00402cc0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402cc2
                                                                                                                                                                                                                                0x00402cd3
                                                                                                                                                                                                                                0x00402ce4
                                                                                                                                                                                                                                0x00402ceb
                                                                                                                                                                                                                                0x00402cf1
                                                                                                                                                                                                                                0x00402cf3
                                                                                                                                                                                                                                0x00402cf8
                                                                                                                                                                                                                                0x00402cfa
                                                                                                                                                                                                                                0x00402dea
                                                                                                                                                                                                                                0x00402dec
                                                                                                                                                                                                                                0x00402df1
                                                                                                                                                                                                                                0x00402df8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402dfe
                                                                                                                                                                                                                                0x00402e01
                                                                                                                                                                                                                                0x00402e2d
                                                                                                                                                                                                                                0x00402e32
                                                                                                                                                                                                                                0x00402e3d
                                                                                                                                                                                                                                0x00402e3f
                                                                                                                                                                                                                                0x00402e50
                                                                                                                                                                                                                                0x00402e6b
                                                                                                                                                                                                                                0x00402e71
                                                                                                                                                                                                                                0x00402e74
                                                                                                                                                                                                                                0x00402e79
                                                                                                                                                                                                                                0x00402e8f
                                                                                                                                                                                                                                0x00402e98
                                                                                                                                                                                                                                0x00402ea8
                                                                                                                                                                                                                                0x00402eba
                                                                                                                                                                                                                                0x00402ebf
                                                                                                                                                                                                                                0x00402ec4
                                                                                                                                                                                                                                0x00402ec7
                                                                                                                                                                                                                                0x00402ed0
                                                                                                                                                                                                                                0x00402ed4
                                                                                                                                                                                                                                0x00402edc
                                                                                                                                                                                                                                0x00402ee1
                                                                                                                                                                                                                                0x00402ee3
                                                                                                                                                                                                                                0x00402ee3
                                                                                                                                                                                                                                0x00402ee3
                                                                                                                                                                                                                                0x00402eeb
                                                                                                                                                                                                                                0x00402eeb
                                                                                                                                                                                                                                0x00402eee
                                                                                                                                                                                                                                0x00402eef
                                                                                                                                                                                                                                0x00402eef
                                                                                                                                                                                                                                0x00402ef2
                                                                                                                                                                                                                                0x00402ef4
                                                                                                                                                                                                                                0x00402ef4
                                                                                                                                                                                                                                0x00402ef4
                                                                                                                                                                                                                                0x00402ef7
                                                                                                                                                                                                                                0x00402efe
                                                                                                                                                                                                                                0x00402f0a
                                                                                                                                                                                                                                0x00402f0f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402f0f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402ec7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402e7b
                                                                                                                                                                                                                                0x00402e09
                                                                                                                                                                                                                                0x00402e14
                                                                                                                                                                                                                                0x00402e19
                                                                                                                                                                                                                                0x00402e1b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402e24
                                                                                                                                                                                                                                0x00402e27
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402d00
                                                                                                                                                                                                                                0x00402d00
                                                                                                                                                                                                                                0x00402d00
                                                                                                                                                                                                                                0x00402d05
                                                                                                                                                                                                                                0x00402d09
                                                                                                                                                                                                                                0x00402d10
                                                                                                                                                                                                                                0x00402d15
                                                                                                                                                                                                                                0x00402d17
                                                                                                                                                                                                                                0x00402d19
                                                                                                                                                                                                                                0x00402d19
                                                                                                                                                                                                                                0x00402d21
                                                                                                                                                                                                                                0x00402d26
                                                                                                                                                                                                                                0x00402d28
                                                                                                                                                                                                                                0x00402e87
                                                                                                                                                                                                                                0x00402ec9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402ec9
                                                                                                                                                                                                                                0x00402d2e
                                                                                                                                                                                                                                0x00402d34
                                                                                                                                                                                                                                0x00402db4
                                                                                                                                                                                                                                0x00402db8
                                                                                                                                                                                                                                0x00402dbb
                                                                                                                                                                                                                                0x00402dc0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402db8
                                                                                                                                                                                                                                0x00402d41
                                                                                                                                                                                                                                0x00402d46
                                                                                                                                                                                                                                0x00402d49
                                                                                                                                                                                                                                0x00402d4e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402d50
                                                                                                                                                                                                                                0x00402d57
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402d59
                                                                                                                                                                                                                                0x00402d60
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402d62
                                                                                                                                                                                                                                0x00402d69
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402d6b
                                                                                                                                                                                                                                0x00402d72
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402d74
                                                                                                                                                                                                                                0x00402d7a
                                                                                                                                                                                                                                0x00402d83
                                                                                                                                                                                                                                0x00402d89
                                                                                                                                                                                                                                0x00402d8c
                                                                                                                                                                                                                                0x00402d8e
                                                                                                                                                                                                                                0x00402d94
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402d9a
                                                                                                                                                                                                                                0x00402d9e
                                                                                                                                                                                                                                0x00402da6
                                                                                                                                                                                                                                0x00402da6
                                                                                                                                                                                                                                0x00402da9
                                                                                                                                                                                                                                0x00402dac
                                                                                                                                                                                                                                0x00402dae
                                                                                                                                                                                                                                0x00402db0
                                                                                                                                                                                                                                0x00402db0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402dae
                                                                                                                                                                                                                                0x00402da0
                                                                                                                                                                                                                                0x00402da4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402dc1
                                                                                                                                                                                                                                0x00402dc1
                                                                                                                                                                                                                                0x00402dc7
                                                                                                                                                                                                                                0x00402dd7
                                                                                                                                                                                                                                0x00402dd7
                                                                                                                                                                                                                                0x00402dda
                                                                                                                                                                                                                                0x00402de0
                                                                                                                                                                                                                                0x00402de2
                                                                                                                                                                                                                                0x00402de2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402d00

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402C86
                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\mp3rocket.exe,00000400), ref: 00402CA2
                                                                                                                                                                                                                                  • Part of subcall function 0040583D: GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\mp3rocket.exe,80000000,00000003), ref: 00405841
                                                                                                                                                                                                                                  • Part of subcall function 0040583D: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\mp3rocket.exe,C:\Users\user\Desktop\mp3rocket.exe,80000000,00000003), ref: 00402CEB
                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E32
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EC9
                                                                                                                                                                                                                                • Error launching installer, xrefs: 00402CC2
                                                                                                                                                                                                                                • soft, xrefs: 00402D62
                                                                                                                                                                                                                                • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00402C72, 00402E4A
                                                                                                                                                                                                                                • Null, xrefs: 00402D6B
                                                                                                                                                                                                                                • "C:\Users\user\Desktop\mp3rocket.exe" , xrefs: 00402C7F
                                                                                                                                                                                                                                • C:\Users\user\Desktop\mp3rocket.exe, xrefs: 00402C8C, 00402C9B, 00402CAF, 00402CCC
                                                                                                                                                                                                                                • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E7B
                                                                                                                                                                                                                                • Inst, xrefs: 00402D59
                                                                                                                                                                                                                                • C:\Users\user\Desktop, xrefs: 00402CCD, 00402CD2, 00402CD8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\mp3rocket.exe" $C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\mp3rocket.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                                                                                • API String ID: 2803837635-1072552796
                                                                                                                                                                                                                                • Opcode ID: 6147c8ce7f916bf316bc462c049502f5517c6654920939d23064a14b970bc3fe
                                                                                                                                                                                                                                • Instruction ID: 0b72a330c31c6d4d52753dad6a5c3012229d4666e6dae103a7747cbc92612fb8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6147c8ce7f916bf316bc462c049502f5517c6654920939d23064a14b970bc3fe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B761E231A40215ABDB20DF64DE49B9E7BB4EB04315F20407BF904B62D2D7BC9E458B9C
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 10001D3B, Relevance: 21.5, APIs: 14, Instructions: 499stringlibraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                			E10001D3B() {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				CHAR* _v44;
				intOrPtr _v48;
				void* _v52;
				CHAR* _t180;
				void* _t182;
				signed int _t183;
				void* _t186;
				void* _t188;
				CHAR* _t190;
				void* _t198;
				struct HINSTANCE__* _t199;
				_Unknown_base(*)()* _t200;
				_Unknown_base(*)()* _t202;
				struct HINSTANCE__* _t203;
				void* _t205;
				char* _t206;
				_Unknown_base(*)()* _t207;
				void* _t218;
				signed char _t219;
				void* _t224;
				struct HINSTANCE__* _t226;
				void* _t227;
				void* _t228;
				void* _t232;
				void* _t235;
				void* _t237;
				void* _t244;
				void* _t245;
				void* _t248;
				struct HINSTANCE__* _t253;
				CHAR* _t254;
				signed char _t257;
				void _t258;
				void* _t259;
				void* _t266;
				void* _t267;
				void* _t271;
				void* _t272;
				void* _t276;
				void* _t277;
				void* _t278;
				void* _t279;
				signed char _t282;
				signed int _t283;
				CHAR* _t284;
				CHAR* _t286;
				struct HINSTANCE__* _t288;
				void* _t290;
				void* _t291;

				_t253 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v12 = 0;
				_v40 = 0;
				_t291 = 0;
				_t180 = E10001541();
				_v24 = _t180;
				_v28 = _t180;
				_v44 = E10001541();
				_t182 = E10001561();
				_v52 = _t182;
				_v8 = _t182;
				while(1) {
					_t183 = _v32;
					_t283 = 3;
					_v48 = _t183;
					if(_t183 != _t253 && _t291 == _t253) {
						break;
					}
					_t282 =  *_v8;
					_t257 = _t282;
					_t186 = _t257 - _t253;
					if(_t186 == 0) {
						_t29 =  &_v32;
						 *_t29 = _v32 | 0xffffffff;
						__eflags =  *_t29;
						L13:
						_t188 = _v48 - _t253;
						if(_t188 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t291 - _t253;
							if(_t291 == _t253) {
								_t224 = GlobalAlloc(0x40, 0x14a4); // executed
								_t291 = _t224;
								 *(_t291 + 0x810) = _t253;
								 *(_t291 + 0x814) = _t253;
							}
							_t258 = _v36;
							_t39 = _t291 + 8; // 0x8
							_t190 = _t39;
							_t40 = _t291 + 0x408; // 0x408
							_t284 = _t40;
							 *_t291 = _t258;
							 *_t190 =  *_t190 & 0x00000000;
							 *(_t291 + 0x808) = _t253;
							 *_t284 =  *_t284 & 0x00000000;
							_t259 = _t258 - _t253;
							__eflags = _t259;
							 *(_t291 + 0x80c) = _t253;
							 *(_t291 + 4) = _t253;
							if(_t259 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L56;
								}
								_t290 = 0;
								GlobalFree(_t291);
								_t291 = E10001641(_v24);
								__eflags = _t291 - _t253;
								if(_t291 == _t253) {
									goto L56;
								} else {
									goto L28;
								}
								while(1) {
									L28:
									_t218 =  *(_t291 + 0x14a0);
									__eflags = _t218 - _t253;
									if(_t218 == _t253) {
										break;
									}
									_t290 = _t291;
									_t291 = _t218;
									__eflags = _t291 - _t253;
									if(_t291 != _t253) {
										continue;
									}
									break;
								}
								__eflags = _t290 - _t253;
								if(_t290 != _t253) {
									 *(_t290 + 0x14a0) = _t253;
								}
								_t219 =  *(_t291 + 0x810);
								__eflags = _t219 & 0x00000008;
								if((_t219 & 0x00000008) == 0) {
									 *(_t291 + 0x810) = _t219 | 0x00000002;
								} else {
									_t291 = E1000187C(_t291);
									 *(_t291 + 0x810) =  *(_t291 + 0x810) & 0xfffffff5;
								}
								goto L56;
							} else {
								_t266 = _t259 - 1;
								__eflags = _t266;
								if(_t266 == 0) {
									L24:
									lstrcpyA(_t190, _v44);
									L25:
									lstrcpyA(_t284, _v24);
									L56:
									_v28 = _v24;
									L57:
									_v8 = _v8 + 1;
									if(_v32 != 0xffffffff) {
										continue;
									}
									break;
								}
								_t267 = _t266 - 1;
								__eflags = _t267;
								if(_t267 == 0) {
									goto L25;
								}
								__eflags = _t267 != 1;
								if(_t267 != 1) {
									goto L56;
								}
								goto L24;
							}
						}
						if(_t188 == 1) {
							_t226 = _v16;
							if(_v40 == _t253) {
								_t226 = _t226 - 1;
							}
							 *(_t291 + 0x814) = _t226;
						}
						goto L56;
					}
					_t227 = _t186 - 0x23;
					if(_t227 == 0) {
						_v32 = _t253;
						_v36 = _t253;
						goto L13;
					}
					_t228 = _t227 - 5;
					if(_t228 == 0) {
						__eflags = _v36 - _t283;
						_v32 = 1;
						_v12 = _t253;
						_v20 = _t253;
						_v16 = (0 | _v36 == _t283) + 1;
						_v40 = _t253;
						goto L13;
					}
					_t232 = _t228 - 1;
					if(_t232 == 0) {
						_v32 = 2;
						_v12 = _t253;
						_v20 = _t253;
						goto L13;
					}
					if(_t232 != 0x16) {
						_t235 = _v32 - _t253;
						__eflags = _t235;
						if(_t235 == 0) {
							__eflags = _t282 - 0x2a;
							if(_t282 == 0x2a) {
								_v36 = 2;
								L55:
								_t253 = 0;
								__eflags = 0;
								goto L56;
							}
							__eflags = _t282 - 0x2d;
							if(_t282 == 0x2d) {
								L124:
								_t237 = _v8 + 1;
								__eflags =  *_t237 - 0x3e;
								if( *_t237 != 0x3e) {
									L126:
									_t237 = _v8 + 1;
									__eflags =  *_t237 - 0x3a;
									if( *_t237 != 0x3a) {
										L133:
										_v28 =  &(_v28[1]);
										 *_v28 = _t282;
										goto L57;
									}
									__eflags = _t282 - 0x2d;
									if(_t282 == 0x2d) {
										goto L133;
									}
									_v36 = 1;
									L129:
									_v8 = _t237;
									__eflags = _v28 - _v24;
									if(_v28 <= _v24) {
										 *_v44 =  *_v44 & 0x00000000;
									} else {
										 *_v28 =  *_v28 & 0x00000000;
										lstrcpyA(_v44, _v24);
									}
									goto L55;
								}
								_v36 = _t283;
								goto L129;
							}
							__eflags = _t282 - 0x3a;
							if(_t282 != 0x3a) {
								goto L133;
							}
							__eflags = _t282 - 0x2d;
							if(_t282 != 0x2d) {
								goto L126;
							}
							goto L124;
						}
						_t244 = _t235 - 1;
						__eflags = _t244;
						if(_t244 == 0) {
							L68:
							_t245 = _t257 - 0x22;
							__eflags = _t245 - 0x55;
							if(_t245 > 0x55) {
								goto L55;
							}
							switch( *((intOrPtr*)(( *(_t245 + 0x100023a0) & 0x000000ff) * 4 +  &M10002344))) {
								case 0:
									__eax = _v24;
									__edi = _v8;
									while(1) {
										__edi = __edi + 1;
										_v8 = __edi;
										__cl =  *__edi;
										__eflags = __cl - __dl;
										if(__cl != __dl) {
											goto L108;
										}
										L107:
										__eflags =  *(__edi + 1) - __dl;
										if( *(__edi + 1) != __dl) {
											L112:
											 *__eax =  *__eax & 0x00000000;
											__ebx = E10001550(_v24);
											goto L84;
										}
										L108:
										__eflags = __cl;
										if(__cl == 0) {
											goto L112;
										}
										__eflags = __cl - __dl;
										if(__cl == __dl) {
											__edi = __edi + 1;
											__eflags = __edi;
										}
										__cl =  *__edi;
										 *__eax =  *__edi;
										__eax = __eax + 1;
										__edi = __edi + 1;
										_v8 = __edi;
										__cl =  *__edi;
										__eflags = __cl - __dl;
										if(__cl != __dl) {
											goto L108;
										}
										goto L107;
									}
								case 1:
									_v12 = 1;
									goto L55;
								case 2:
									_v12 = _v12 | 0xffffffff;
									goto L55;
								case 3:
									_v12 = _v12 & 0x00000000;
									_v20 = _v20 & 0x00000000;
									_v16 = _v16 + 1;
									goto L73;
								case 4:
									__eflags = _v20;
									if(_v20 != 0) {
										goto L55;
									}
									_v8 = _v8 - 1;
									__ebx = E10001541();
									 &_v8 = E10001CD9( &_v8);
									__eax = E1000176C(__edx, __eax, __edx, __ebx);
									goto L84;
								case 5:
									L92:
									_v20 = _v20 + 1;
									goto L55;
								case 6:
									_push(0x19);
									goto L119;
								case 7:
									_push(0x15);
									goto L119;
								case 8:
									_push(0x16);
									goto L119;
								case 9:
									_push(0x18);
									goto L119;
								case 0xa:
									_push(5);
									goto L99;
								case 0xb:
									__eax = 0;
									__eax = 1;
									goto L78;
								case 0xc:
									_push(6);
									goto L99;
								case 0xd:
									_push(2);
									goto L99;
								case 0xe:
									_push(3);
									goto L99;
								case 0xf:
									_push(0x17);
									L119:
									_pop(__ebx);
									goto L85;
								case 0x10:
									__eax =  &_v8;
									__eax = E10001CD9( &_v8);
									__ebx = __eax;
									__ebx = __eax + 1;
									__eflags = __ebx - 0xb;
									if(__ebx < 0xb) {
										__ebx = __ebx + 0xa;
									}
									goto L84;
								case 0x11:
									__ebx = 0xffffffff;
									goto L85;
								case 0x12:
									__eax = 0;
									__eflags = 0;
									goto L78;
								case 0x13:
									_push(4);
									L99:
									_pop(__eax);
									L78:
									__edx = _v16;
									__ecx = 0;
									__edx = _v16 << 5;
									__ecx = 1;
									__eflags = _v12 - 0xffffffff;
									__edi = (_v16 << 5) + __esi;
									_v40 = 1;
									 *(__edi + 0x818) = __eax;
									if(_v12 == 0xffffffff) {
										L80:
										__eax = __ecx;
										L81:
										__eflags = _v12 - __ecx;
										 *(__edi + 0x828) = __eax;
										if(_v12 == __ecx) {
											__eax =  &_v8;
											__eax = E10001CD9( &_v8);
											__eax = __eax + 1;
											__eflags = __eax;
											_v12 = __eax;
										}
										__eax = _v12;
										 *((intOrPtr*)(__edi + 0x81c)) = _v12;
										_t126 = _v16 + 0x41; // 0x41
										_t126 = _t126 << 5;
										__eax = 0;
										__eflags = 0;
										 *((intOrPtr*)((_t126 << 5) + __esi)) = 0;
										 *((intOrPtr*)(__edi + 0x82c)) = 0;
										 *((intOrPtr*)(__edi + 0x830)) = 0;
										goto L84;
									}
									__eax =  *(0x10003058 + __eax * 4);
									__eflags = __eax;
									if(__eax > 0) {
										goto L81;
									}
									goto L80;
								case 0x14:
									_t247 =  *(_t291 + 0x814);
									__eflags = _t247 - _v16;
									if(_t247 > _v16) {
										_v16 = _t247;
									}
									_v12 = _v12 & 0x00000000;
									_v20 = _v20 & 0x00000000;
									_v36 - 3 = _t247 - (_v36 == 3);
									if(_t247 != _v36 == 3) {
										L73:
										_v40 = 1;
									}
									goto L55;
								case 0x15:
									__eax =  &_v8;
									__eax = E10001CD9( &_v8);
									__ebx = __eax;
									__ebx = __eax + 1;
									L84:
									__eflags = __ebx;
									if(__ebx == 0) {
										goto L55;
									}
									L85:
									__eflags = _v20;
									_v40 = 1;
									if(_v20 != 0) {
										L90:
										__eflags = _v20 - 1;
										if(_v20 == 1) {
											__eax = _v16;
											__eax = _v16 << 5;
											__eflags = __eax;
											 *(__eax + __esi + 0x830) = __ebx;
										}
										goto L92;
									}
									_v16 = _v16 << 5;
									_t134 = __esi + 0x82c; // 0x82c
									__edi = (_v16 << 5) + _t134;
									__eax =  *__edi;
									__eflags = __eax - 0xffffffff;
									if(__eax <= 0xffffffff) {
										L88:
										__eax = GlobalFree(__eax);
										L89:
										 *__edi = __ebx;
										goto L90;
									}
									__eflags = __eax - 0x19;
									if(__eax <= 0x19) {
										goto L89;
									}
									goto L88;
								case 0x16:
									goto L55;
							}
						}
						_t248 = _t244 - 1;
						__eflags = _t248;
						if(_t248 == 0) {
							_v16 = _t253;
							goto L68;
						}
						__eflags = _t248 != 1;
						if(_t248 != 1) {
							goto L133;
						}
						_t271 = _t257 - 0x21;
						__eflags = _t271;
						if(_t271 == 0) {
							_v12 =  ~_v12;
							goto L55;
						}
						_t272 = _t271 - 0x42;
						__eflags = _t272;
						if(_t272 == 0) {
							L51:
							__eflags = _v12 - 1;
							if(_v12 != 1) {
								_t84 = _t291 + 0x810;
								 *_t84 =  *(_t291 + 0x810) &  !0x00000001;
								__eflags =  *_t84;
							} else {
								 *(_t291 + 0x810) =  *(_t291 + 0x810) | 1;
							}
							_v12 = 1;
							goto L55;
						}
						_t276 = _t272;
						__eflags = _t276;
						if(_t276 == 0) {
							_push(0x20);
							L50:
							_pop(1);
							goto L51;
						}
						_t277 = _t276 - 9;
						__eflags = _t277;
						if(_t277 == 0) {
							_push(8);
							goto L50;
						}
						_push(4);
						_pop(1);
						_t278 = _t277 - 1;
						__eflags = _t278;
						if(_t278 == 0) {
							goto L51;
						}
						_t279 = _t278 - 1;
						__eflags = _t279;
						if(_t279 == 0) {
							_push(0x10);
							goto L50;
						}
						__eflags = _t279 != 0;
						if(_t279 != 0) {
							goto L55;
						}
						_push(0x40);
						goto L50;
					} else {
						_v32 = _t283;
						_v12 = 1;
						goto L13;
					}
				}
				GlobalFree(_v52);
				GlobalFree(_v24);
				GlobalFree(_v44);
				if(_t291 == _t253 ||  *(_t291 + 0x80c) != _t253) {
					L145:
					return _t291;
				} else {
					_t198 =  *_t291 - 1;
					if(_t198 == 0) {
						_t169 = _t291 + 8; // 0x8
						_t286 = _t169;
						__eflags =  *_t286;
						if( *_t286 != 0) {
							_t199 = GetModuleHandleA(_t286);
							__eflags = _t199 - _t253;
							 *(_t291 + 0x808) = _t199;
							if(_t199 != _t253) {
								L141:
								_t173 = _t291 + 0x408; // 0x408
								_t254 = _t173;
								_t200 = GetProcAddress( *(_t291 + 0x808), _t254);
								__eflags = _t200;
								 *(_t291 + 0x80c) = _t200;
								if(_t200 != 0) {
									goto L145;
								}
								lstrcatA(_t254, 0x10004024);
								_t202 = GetProcAddress( *(_t291 + 0x808), _t254);
								__eflags = _t202;
								L143:
								 *(_t291 + 0x80c) = _t202;
								if(__eflags != 0) {
									goto L145;
								}
								L144:
								_t178 = _t291 + 4;
								 *_t178 =  *(_t291 + 4) | 0xffffffff;
								__eflags =  *_t178;
								goto L145;
							}
							_t203 = LoadLibraryA(_t286);
							__eflags = _t203 - _t253;
							 *(_t291 + 0x808) = _t203;
							if(_t203 == _t253) {
								goto L144;
							}
							goto L141;
						}
						_t170 = _t291 + 0x408; // 0x408
						_t202 = E10001641(_t170);
						__eflags = _t202 - _t253;
						goto L143;
					}
					_t205 = _t198 - 1;
					if(_t205 == 0) {
						_t167 = _t291 + 0x408; // 0x408
						_t206 = _t167;
						__eflags =  *_t206;
						if( *_t206 == 0) {
							goto L145;
						}
						_t207 = E10001641(_t206);
						L136:
						 *(_t291 + 0x80c) = _t207;
						goto L145;
					}
					if(_t205 != 1) {
						goto L145;
					}
					_t72 = _t291 + 8; // 0x8
					_t255 = _t72;
					_t288 = E10001641(_t72);
					 *(_t291 + 0x808) = _t288;
					if(_t288 == 0) {
						goto L144;
					}
					 *(_t291 + 0x850) =  *(_t291 + 0x850) & 0x00000000;
					 *((intOrPtr*)(_t291 + 0x84c)) = E10001550(_t255);
					 *(_t291 + 0x83c) =  *(_t291 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t291 + 0x848)) = 1;
					 *((intOrPtr*)(_t291 + 0x838)) = 1;
					_t81 = _t291 + 0x408; // 0x408
					_t207 =  *(_t288->i + E10001641(_t81) * 4);
					goto L136;
				}
			}





























































                                                                                                                                                                                                                                0x10001d43
                                                                                                                                                                                                                                0x10001d46
                                                                                                                                                                                                                                0x10001d49
                                                                                                                                                                                                                                0x10001d4c
                                                                                                                                                                                                                                0x10001d4f
                                                                                                                                                                                                                                0x10001d52
                                                                                                                                                                                                                                0x10001d55
                                                                                                                                                                                                                                0x10001d57
                                                                                                                                                                                                                                0x10001d5c
                                                                                                                                                                                                                                0x10001d5f
                                                                                                                                                                                                                                0x10001d67
                                                                                                                                                                                                                                0x10001d6a
                                                                                                                                                                                                                                0x10001d6f
                                                                                                                                                                                                                                0x10001d72
                                                                                                                                                                                                                                0x10001d75
                                                                                                                                                                                                                                0x10001d75
                                                                                                                                                                                                                                0x10001d7c
                                                                                                                                                                                                                                0x10001d7d
                                                                                                                                                                                                                                0x10001d80
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001d8d
                                                                                                                                                                                                                                0x10001d8f
                                                                                                                                                                                                                                0x10001d94
                                                                                                                                                                                                                                0x10001d96
                                                                                                                                                                                                                                0x10001def
                                                                                                                                                                                                                                0x10001def
                                                                                                                                                                                                                                0x10001def
                                                                                                                                                                                                                                0x10001df3
                                                                                                                                                                                                                                0x10001df6
                                                                                                                                                                                                                                0x10001df8
                                                                                                                                                                                                                                0x10001e1a
                                                                                                                                                                                                                                0x10001e1d
                                                                                                                                                                                                                                0x10001e1f
                                                                                                                                                                                                                                0x10001e28
                                                                                                                                                                                                                                0x10001e2e
                                                                                                                                                                                                                                0x10001e30
                                                                                                                                                                                                                                0x10001e36
                                                                                                                                                                                                                                0x10001e36
                                                                                                                                                                                                                                0x10001e3c
                                                                                                                                                                                                                                0x10001e3f
                                                                                                                                                                                                                                0x10001e3f
                                                                                                                                                                                                                                0x10001e42
                                                                                                                                                                                                                                0x10001e42
                                                                                                                                                                                                                                0x10001e48
                                                                                                                                                                                                                                0x10001e4a
                                                                                                                                                                                                                                0x10001e4d
                                                                                                                                                                                                                                0x10001e53
                                                                                                                                                                                                                                0x10001e56
                                                                                                                                                                                                                                0x10001e56
                                                                                                                                                                                                                                0x10001e58
                                                                                                                                                                                                                                0x10001e5e
                                                                                                                                                                                                                                0x10001e61
                                                                                                                                                                                                                                0x10001e8c
                                                                                                                                                                                                                                0x10001e8f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001e96
                                                                                                                                                                                                                                0x10001e98
                                                                                                                                                                                                                                0x10001ea6
                                                                                                                                                                                                                                0x10001ea9
                                                                                                                                                                                                                                0x10001eab
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001eb1
                                                                                                                                                                                                                                0x10001eb1
                                                                                                                                                                                                                                0x10001eb1
                                                                                                                                                                                                                                0x10001eb7
                                                                                                                                                                                                                                0x10001eb9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001ebb
                                                                                                                                                                                                                                0x10001ebd
                                                                                                                                                                                                                                0x10001ebf
                                                                                                                                                                                                                                0x10001ec1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001ec1
                                                                                                                                                                                                                                0x10001ec3
                                                                                                                                                                                                                                0x10001ec5
                                                                                                                                                                                                                                0x10001ec7
                                                                                                                                                                                                                                0x10001ec7
                                                                                                                                                                                                                                0x10001ecd
                                                                                                                                                                                                                                0x10001ed3
                                                                                                                                                                                                                                0x10001ed5
                                                                                                                                                                                                                                0x10001eeb
                                                                                                                                                                                                                                0x10001ed7
                                                                                                                                                                                                                                0x10001edd
                                                                                                                                                                                                                                0x10001ee0
                                                                                                                                                                                                                                0x10001ee0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001e63
                                                                                                                                                                                                                                0x10001e63
                                                                                                                                                                                                                                0x10001e63
                                                                                                                                                                                                                                0x10001e64
                                                                                                                                                                                                                                0x10001e70
                                                                                                                                                                                                                                0x10001e74
                                                                                                                                                                                                                                0x10001e7a
                                                                                                                                                                                                                                0x10001e7e
                                                                                                                                                                                                                                0x10001f64
                                                                                                                                                                                                                                0x10001f67
                                                                                                                                                                                                                                0x10001f6a
                                                                                                                                                                                                                                0x10001f6a
                                                                                                                                                                                                                                0x10001f71
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001f71
                                                                                                                                                                                                                                0x10001e66
                                                                                                                                                                                                                                0x10001e66
                                                                                                                                                                                                                                0x10001e67
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001e69
                                                                                                                                                                                                                                0x10001e6a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001e6a
                                                                                                                                                                                                                                0x10001e61
                                                                                                                                                                                                                                0x10001dfb
                                                                                                                                                                                                                                0x10001e04
                                                                                                                                                                                                                                0x10001e07
                                                                                                                                                                                                                                0x10001e14
                                                                                                                                                                                                                                0x10001e14
                                                                                                                                                                                                                                0x10001e09
                                                                                                                                                                                                                                0x10001e09
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001dfb
                                                                                                                                                                                                                                0x10001d98
                                                                                                                                                                                                                                0x10001d9b
                                                                                                                                                                                                                                0x10001de7
                                                                                                                                                                                                                                0x10001dea
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001dea
                                                                                                                                                                                                                                0x10001d9d
                                                                                                                                                                                                                                0x10001da0
                                                                                                                                                                                                                                0x10001dcb
                                                                                                                                                                                                                                0x10001dce
                                                                                                                                                                                                                                0x10001dd5
                                                                                                                                                                                                                                0x10001ddc
                                                                                                                                                                                                                                0x10001ddf
                                                                                                                                                                                                                                0x10001de2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001de2
                                                                                                                                                                                                                                0x10001da2
                                                                                                                                                                                                                                0x10001da3
                                                                                                                                                                                                                                0x10001dba
                                                                                                                                                                                                                                0x10001dc1
                                                                                                                                                                                                                                0x10001dc4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001dc4
                                                                                                                                                                                                                                0x10001da8
                                                                                                                                                                                                                                0x10001ef6
                                                                                                                                                                                                                                0x10001ef6
                                                                                                                                                                                                                                0x10001ef8
                                                                                                                                                                                                                                0x10002225
                                                                                                                                                                                                                                0x10002228
                                                                                                                                                                                                                                0x10002289
                                                                                                                                                                                                                                0x10001f62
                                                                                                                                                                                                                                0x10001f62
                                                                                                                                                                                                                                0x10001f62
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001f62
                                                                                                                                                                                                                                0x1000222a
                                                                                                                                                                                                                                0x1000222d
                                                                                                                                                                                                                                0x10002239
                                                                                                                                                                                                                                0x1000223c
                                                                                                                                                                                                                                0x1000223d
                                                                                                                                                                                                                                0x10002240
                                                                                                                                                                                                                                0x10002247
                                                                                                                                                                                                                                0x1000224a
                                                                                                                                                                                                                                0x1000224b
                                                                                                                                                                                                                                0x1000224e
                                                                                                                                                                                                                                0x10002295
                                                                                                                                                                                                                                0x10002298
                                                                                                                                                                                                                                0x1000229b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000229b
                                                                                                                                                                                                                                0x10002250
                                                                                                                                                                                                                                0x10002253
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002255
                                                                                                                                                                                                                                0x1000225c
                                                                                                                                                                                                                                0x1000225c
                                                                                                                                                                                                                                0x10002262
                                                                                                                                                                                                                                0x10002265
                                                                                                                                                                                                                                0x10002281
                                                                                                                                                                                                                                0x10002267
                                                                                                                                                                                                                                0x10002270
                                                                                                                                                                                                                                0x10002273
                                                                                                                                                                                                                                0x10002273
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002265
                                                                                                                                                                                                                                0x10002242
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002242
                                                                                                                                                                                                                                0x1000222f
                                                                                                                                                                                                                                0x10002232
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002234
                                                                                                                                                                                                                                0x10002237
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002237
                                                                                                                                                                                                                                0x10001efe
                                                                                                                                                                                                                                0x10001efe
                                                                                                                                                                                                                                0x10001eff
                                                                                                                                                                                                                                0x10002026
                                                                                                                                                                                                                                0x10002026
                                                                                                                                                                                                                                0x1000202b
                                                                                                                                                                                                                                0x1000202e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000203b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100021cd
                                                                                                                                                                                                                                0x100021d0
                                                                                                                                                                                                                                0x100021d3
                                                                                                                                                                                                                                0x100021d3
                                                                                                                                                                                                                                0x100021d4
                                                                                                                                                                                                                                0x100021d7
                                                                                                                                                                                                                                0x100021d9
                                                                                                                                                                                                                                0x100021db
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100021dd
                                                                                                                                                                                                                                0x100021dd
                                                                                                                                                                                                                                0x100021e0
                                                                                                                                                                                                                                0x100021f2
                                                                                                                                                                                                                                0x100021f5
                                                                                                                                                                                                                                0x100021fe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100021fe
                                                                                                                                                                                                                                0x100021e2
                                                                                                                                                                                                                                0x100021e2
                                                                                                                                                                                                                                0x100021e4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100021e6
                                                                                                                                                                                                                                0x100021e8
                                                                                                                                                                                                                                0x100021ea
                                                                                                                                                                                                                                0x100021ea
                                                                                                                                                                                                                                0x100021ea
                                                                                                                                                                                                                                0x100021eb
                                                                                                                                                                                                                                0x100021ed
                                                                                                                                                                                                                                0x100021ef
                                                                                                                                                                                                                                0x100021d3
                                                                                                                                                                                                                                0x100021d4
                                                                                                                                                                                                                                0x100021d7
                                                                                                                                                                                                                                0x100021d9
                                                                                                                                                                                                                                0x100021db
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100021db
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002082
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000208e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002075
                                                                                                                                                                                                                                0x10002079
                                                                                                                                                                                                                                0x1000207d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000219f
                                                                                                                                                                                                                                0x100021a3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100021a9
                                                                                                                                                                                                                                0x100021b1
                                                                                                                                                                                                                                0x100021b8
                                                                                                                                                                                                                                0x100021c0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002147
                                                                                                                                                                                                                                0x10002147
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000221d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000220d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002211
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002219
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000215f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000214f
                                                                                                                                                                                                                                0x10002151
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002167
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002157
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000215b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002215
                                                                                                                                                                                                                                0x1000221f
                                                                                                                                                                                                                                0x1000221f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000216f
                                                                                                                                                                                                                                0x10002173
                                                                                                                                                                                                                                0x10002178
                                                                                                                                                                                                                                0x1000217b
                                                                                                                                                                                                                                0x1000217c
                                                                                                                                                                                                                                0x1000217f
                                                                                                                                                                                                                                0x10002185
                                                                                                                                                                                                                                0x10002185
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002205
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002097
                                                                                                                                                                                                                                0x10002097
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002163
                                                                                                                                                                                                                                0x10002169
                                                                                                                                                                                                                                0x10002169
                                                                                                                                                                                                                                0x10002099
                                                                                                                                                                                                                                0x10002099
                                                                                                                                                                                                                                0x1000209c
                                                                                                                                                                                                                                0x1000209e
                                                                                                                                                                                                                                0x100020a1
                                                                                                                                                                                                                                0x100020a2
                                                                                                                                                                                                                                0x100020a6
                                                                                                                                                                                                                                0x100020a9
                                                                                                                                                                                                                                0x100020ac
                                                                                                                                                                                                                                0x100020b2
                                                                                                                                                                                                                                0x100020bf
                                                                                                                                                                                                                                0x100020bf
                                                                                                                                                                                                                                0x100020c1
                                                                                                                                                                                                                                0x100020c1
                                                                                                                                                                                                                                0x100020c4
                                                                                                                                                                                                                                0x100020ca
                                                                                                                                                                                                                                0x100020cc
                                                                                                                                                                                                                                0x100020d0
                                                                                                                                                                                                                                0x100020d5
                                                                                                                                                                                                                                0x100020d5
                                                                                                                                                                                                                                0x100020d7
                                                                                                                                                                                                                                0x100020d7
                                                                                                                                                                                                                                0x100020da
                                                                                                                                                                                                                                0x100020dd
                                                                                                                                                                                                                                0x100020e6
                                                                                                                                                                                                                                0x100020e9
                                                                                                                                                                                                                                0x100020ec
                                                                                                                                                                                                                                0x100020ec
                                                                                                                                                                                                                                0x100020ee
                                                                                                                                                                                                                                0x100020f1
                                                                                                                                                                                                                                0x100020f7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100020f7
                                                                                                                                                                                                                                0x100020b4
                                                                                                                                                                                                                                0x100020bb
                                                                                                                                                                                                                                0x100020bd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002042
                                                                                                                                                                                                                                0x10002048
                                                                                                                                                                                                                                0x1000204b
                                                                                                                                                                                                                                0x1000204d
                                                                                                                                                                                                                                0x1000204d
                                                                                                                                                                                                                                0x10002050
                                                                                                                                                                                                                                0x10002054
                                                                                                                                                                                                                                0x10002061
                                                                                                                                                                                                                                0x10002063
                                                                                                                                                                                                                                0x10002069
                                                                                                                                                                                                                                0x10002069
                                                                                                                                                                                                                                0x10002069
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000218d
                                                                                                                                                                                                                                0x10002191
                                                                                                                                                                                                                                0x10002196
                                                                                                                                                                                                                                0x10002199
                                                                                                                                                                                                                                0x100020fd
                                                                                                                                                                                                                                0x100020fd
                                                                                                                                                                                                                                0x100020ff
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002105
                                                                                                                                                                                                                                0x10002105
                                                                                                                                                                                                                                0x10002109
                                                                                                                                                                                                                                0x10002110
                                                                                                                                                                                                                                0x10002134
                                                                                                                                                                                                                                0x10002134
                                                                                                                                                                                                                                0x10002138
                                                                                                                                                                                                                                0x1000213a
                                                                                                                                                                                                                                0x1000213d
                                                                                                                                                                                                                                0x1000213d
                                                                                                                                                                                                                                0x10002140
                                                                                                                                                                                                                                0x10002140
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002138
                                                                                                                                                                                                                                0x10002115
                                                                                                                                                                                                                                0x10002118
                                                                                                                                                                                                                                0x10002118
                                                                                                                                                                                                                                0x1000211f
                                                                                                                                                                                                                                0x10002121
                                                                                                                                                                                                                                0x10002124
                                                                                                                                                                                                                                0x1000212b
                                                                                                                                                                                                                                0x1000212c
                                                                                                                                                                                                                                0x10002132
                                                                                                                                                                                                                                0x10002132
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002132
                                                                                                                                                                                                                                0x10002126
                                                                                                                                                                                                                                0x10002129
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000203b
                                                                                                                                                                                                                                0x10001f05
                                                                                                                                                                                                                                0x10001f05
                                                                                                                                                                                                                                0x10001f06
                                                                                                                                                                                                                                0x10002023
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002023
                                                                                                                                                                                                                                0x10001f0c
                                                                                                                                                                                                                                0x10001f0d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001f13
                                                                                                                                                                                                                                0x10001f13
                                                                                                                                                                                                                                0x10001f16
                                                                                                                                                                                                                                0x10001f5f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001f5f
                                                                                                                                                                                                                                0x10001f18
                                                                                                                                                                                                                                0x10001f18
                                                                                                                                                                                                                                0x10001f1b
                                                                                                                                                                                                                                0x10001f43
                                                                                                                                                                                                                                0x10001f46
                                                                                                                                                                                                                                0x10001f49
                                                                                                                                                                                                                                0x10002015
                                                                                                                                                                                                                                0x10002015
                                                                                                                                                                                                                                0x10002015
                                                                                                                                                                                                                                0x10001f4f
                                                                                                                                                                                                                                0x10001f4f
                                                                                                                                                                                                                                0x10001f4f
                                                                                                                                                                                                                                0x1000201b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000201b
                                                                                                                                                                                                                                0x10001f1e
                                                                                                                                                                                                                                0x10001f1e
                                                                                                                                                                                                                                0x10001f1f
                                                                                                                                                                                                                                0x10001f40
                                                                                                                                                                                                                                0x10001f42
                                                                                                                                                                                                                                0x10001f42
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001f42
                                                                                                                                                                                                                                0x10001f21
                                                                                                                                                                                                                                0x10001f21
                                                                                                                                                                                                                                0x10001f24
                                                                                                                                                                                                                                0x10001f3c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001f3c
                                                                                                                                                                                                                                0x10001f26
                                                                                                                                                                                                                                0x10001f28
                                                                                                                                                                                                                                0x10001f29
                                                                                                                                                                                                                                0x10001f29
                                                                                                                                                                                                                                0x10001f2b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001f2d
                                                                                                                                                                                                                                0x10001f2d
                                                                                                                                                                                                                                0x10001f2e
                                                                                                                                                                                                                                0x10001f38
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001f38
                                                                                                                                                                                                                                0x10001f31
                                                                                                                                                                                                                                0x10001f32
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001f34
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001dae
                                                                                                                                                                                                                                0x10001dae
                                                                                                                                                                                                                                0x10001db1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001db1
                                                                                                                                                                                                                                0x10001da8
                                                                                                                                                                                                                                0x10001f80
                                                                                                                                                                                                                                0x10001f85
                                                                                                                                                                                                                                0x10001f8a
                                                                                                                                                                                                                                0x10001f8e
                                                                                                                                                                                                                                0x1000233d
                                                                                                                                                                                                                                0x10002343
                                                                                                                                                                                                                                0x10001fa0
                                                                                                                                                                                                                                0x10001fa2
                                                                                                                                                                                                                                0x10001fa3
                                                                                                                                                                                                                                0x100022c0
                                                                                                                                                                                                                                0x100022c0
                                                                                                                                                                                                                                0x100022c3
                                                                                                                                                                                                                                0x100022c6
                                                                                                                                                                                                                                0x100022da
                                                                                                                                                                                                                                0x100022e0
                                                                                                                                                                                                                                0x100022e2
                                                                                                                                                                                                                                0x100022e8
                                                                                                                                                                                                                                0x100022fb
                                                                                                                                                                                                                                0x10002301
                                                                                                                                                                                                                                0x10002301
                                                                                                                                                                                                                                0x1000230e
                                                                                                                                                                                                                                0x10002310
                                                                                                                                                                                                                                0x10002312
                                                                                                                                                                                                                                0x10002318
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002320
                                                                                                                                                                                                                                0x1000232d
                                                                                                                                                                                                                                0x1000232f
                                                                                                                                                                                                                                0x10002331
                                                                                                                                                                                                                                0x10002331
                                                                                                                                                                                                                                0x10002337
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002339
                                                                                                                                                                                                                                0x10002339
                                                                                                                                                                                                                                0x10002339
                                                                                                                                                                                                                                0x10002339
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002339
                                                                                                                                                                                                                                0x100022eb
                                                                                                                                                                                                                                0x100022f1
                                                                                                                                                                                                                                0x100022f3
                                                                                                                                                                                                                                0x100022f9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100022f9
                                                                                                                                                                                                                                0x100022c8
                                                                                                                                                                                                                                0x100022cf
                                                                                                                                                                                                                                0x100022d5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100022d5
                                                                                                                                                                                                                                0x10001fa9
                                                                                                                                                                                                                                0x10001faa
                                                                                                                                                                                                                                0x100022a2
                                                                                                                                                                                                                                0x100022a2
                                                                                                                                                                                                                                0x100022a8
                                                                                                                                                                                                                                0x100022ab
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100022b2
                                                                                                                                                                                                                                0x100022b7
                                                                                                                                                                                                                                0x100022b8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100022b8
                                                                                                                                                                                                                                0x10001fb1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001fb7
                                                                                                                                                                                                                                0x10001fb7
                                                                                                                                                                                                                                0x10001fc0
                                                                                                                                                                                                                                0x10001fc5
                                                                                                                                                                                                                                0x10001fcb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001fd1
                                                                                                                                                                                                                                0x10001fde
                                                                                                                                                                                                                                0x10001fe4
                                                                                                                                                                                                                                0x10001fee
                                                                                                                                                                                                                                0x10001ff4
                                                                                                                                                                                                                                0x10001ffc
                                                                                                                                                                                                                                0x1000200c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000200c

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 10001541: GlobalAlloc.KERNELBASE(00000040,10001577,?,?,10001804,?,10001017), ref: 10001549
                                                                                                                                                                                                                                  • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                                                                                                                                  • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 10001E28
                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000008,?), ref: 10001E74
                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000408,?), ref: 10001E7E
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 10001E98
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 10001F80
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 10001F85
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 10001F8A
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 1000212C
                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(?,?), ref: 10002273
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000008), ref: 100022DA
                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(00000008), ref: 100022EB
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000408), ref: 1000230E
                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000408,10004024), ref: 10002320
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000408), ref: 1000232D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1690752483.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690732782.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690765129.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690776803.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$Free$lstrcpy$AddressAllocProc$HandleLibraryLoadModulelstrcat
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2432367840-0
                                                                                                                                                                                                                                • Opcode ID: ee092e71ca505709d651e0729bf6a215d1fa5f7789b41da9f2bb1e621745af8d
                                                                                                                                                                                                                                • Instruction ID: 43630dbe77052cbd99e7b50fc19318fc31bc1fc88c17e7e17ecc67392abc93a9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee092e71ca505709d651e0729bf6a215d1fa5f7789b41da9f2bb1e621745af8d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94029C71D0464ADFEB60CFA4C8807EEBBF4FB043C4F21852AE5A5A7189D7749A81DB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 748 401734-401757 call 4029f6 call 4056c6 753 401761-401773 call 405b66 call 405659 lstrcatA 748->753 754 401759-40175f call 405b66 748->754 759 401778-40177e call 405dc8 753->759 754->759 764 401783-401787 759->764 765 401789-401793 call 405e61 764->765 766 4017ba-4017bd 764->766 773 4017a5-4017b7 765->773 774 401795-4017a3 CompareFileTime 765->774 768 4017c5-4017e1 call 40583d 766->768 769 4017bf-4017c0 call 40581e 766->769 776 4017e3-4017e6 768->776 777 401859-401882 call 404f04 call 402f18 768->777 769->768 773->766 774->773 778 4017e8-40182a call 405b66 * 2 call 405b88 call 405b66 call 405427 776->778 779 40183b-401845 call 404f04 776->779 789 401884-401888 777->789 790 40188a-401896 SetFileTime 777->790 778->764 811 401830-401831 778->811 791 40184e-401854 779->791 789->790 794 40189c-4018a7 FindCloseChangeNotification 789->794 790->794 795 402894 791->795 798 40288b-40288e 794->798 799 4018ad-4018b0 794->799 797 402896-40289a 795->797 798->795 801 4018b2-4018c3 call 405b88 lstrcatA 799->801 802 4018c5-4018c8 call 405b88 799->802 808 4018cd-402209 801->808 802->808 812 40220e-402213 808->812 813 402209 call 405427 808->813 811->791 814 401833-401834 811->814 812->797 813->812 814->779
                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004056C6(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405659(E00405B66(0x409b70, "C:\\Users\\FRONTD~1\\AppData\\Local\\Temp\\nsc308D.tmp")), ??);
				} else {
					_push(0x409b70);
					E00405B66();
				}
				E00405DC8(0x409b70);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E61(0x409b70);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040581E(0x409b70);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040583D(0x409b70, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404F04(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405B66(0x40a370, 0x424000);
						E00405B66(0x424000, 0x409b70);
						E00405B88(_t75, 0x40a370, 0x409b70, "Software\APN PIP\MP3R7",  *((intOrPtr*)(_t85 - 0x10)));
						E00405B66(0x424000, 0x40a370);
						_t62 = E00405427("Software\APN PIP\MP3R7",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b70);
								_push(0xfffffffa);
								E00404F04();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404F04(0xffffffea,  *(_t85 - 8));
				 *0x423f54 =  *0x423f54 + 1;
				_t43 = E00402F18(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffee);
					} else {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffe9);
						lstrcatA(0x409b70,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b70);
					E00405427();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                                                                                                                                0x00401734
                                                                                                                                                                                                                                0x0040173b
                                                                                                                                                                                                                                0x00401744
                                                                                                                                                                                                                                0x00401747
                                                                                                                                                                                                                                0x0040174a
                                                                                                                                                                                                                                0x0040174f
                                                                                                                                                                                                                                0x00401757
                                                                                                                                                                                                                                0x00401773
                                                                                                                                                                                                                                0x00401759
                                                                                                                                                                                                                                0x00401759
                                                                                                                                                                                                                                0x0040175a
                                                                                                                                                                                                                                0x0040175a
                                                                                                                                                                                                                                0x00401779
                                                                                                                                                                                                                                0x00401783
                                                                                                                                                                                                                                0x00401783
                                                                                                                                                                                                                                0x00401787
                                                                                                                                                                                                                                0x0040178a
                                                                                                                                                                                                                                0x0040178f
                                                                                                                                                                                                                                0x00401791
                                                                                                                                                                                                                                0x00401793
                                                                                                                                                                                                                                0x00401798
                                                                                                                                                                                                                                0x00401798
                                                                                                                                                                                                                                0x004017a3
                                                                                                                                                                                                                                0x004017a3
                                                                                                                                                                                                                                0x004017b4
                                                                                                                                                                                                                                0x004017b6
                                                                                                                                                                                                                                0x004017b6
                                                                                                                                                                                                                                0x004017b7
                                                                                                                                                                                                                                0x004017b7
                                                                                                                                                                                                                                0x004017ba
                                                                                                                                                                                                                                0x004017bd
                                                                                                                                                                                                                                0x004017c0
                                                                                                                                                                                                                                0x004017c0
                                                                                                                                                                                                                                0x004017c7
                                                                                                                                                                                                                                0x004017d6
                                                                                                                                                                                                                                0x004017db
                                                                                                                                                                                                                                0x004017de
                                                                                                                                                                                                                                0x004017e1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004017e3
                                                                                                                                                                                                                                0x004017e6
                                                                                                                                                                                                                                0x00401840
                                                                                                                                                                                                                                0x00401845
                                                                                                                                                                                                                                0x004015a8
                                                                                                                                                                                                                                0x0040265c
                                                                                                                                                                                                                                0x0040265c
                                                                                                                                                                                                                                0x0040288b
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004017e8
                                                                                                                                                                                                                                0x004017ee
                                                                                                                                                                                                                                0x004017f9
                                                                                                                                                                                                                                0x00401806
                                                                                                                                                                                                                                0x00401811
                                                                                                                                                                                                                                0x00401827
                                                                                                                                                                                                                                0x00401827
                                                                                                                                                                                                                                0x0040182a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00401830
                                                                                                                                                                                                                                0x00401830
                                                                                                                                                                                                                                0x00401831
                                                                                                                                                                                                                                0x0040184e
                                                                                                                                                                                                                                0x00402894
                                                                                                                                                                                                                                0x00402894
                                                                                                                                                                                                                                0x00402894
                                                                                                                                                                                                                                0x00401833
                                                                                                                                                                                                                                0x00401833
                                                                                                                                                                                                                                0x00401834
                                                                                                                                                                                                                                0x00401492
                                                                                                                                                                                                                                0x0040220e
                                                                                                                                                                                                                                0x0040220e
                                                                                                                                                                                                                                0x0040220e
                                                                                                                                                                                                                                0x00401831
                                                                                                                                                                                                                                0x0040182a
                                                                                                                                                                                                                                0x00402896
                                                                                                                                                                                                                                0x0040289a
                                                                                                                                                                                                                                0x0040289a
                                                                                                                                                                                                                                0x0040185e
                                                                                                                                                                                                                                0x00401863
                                                                                                                                                                                                                                0x00401871
                                                                                                                                                                                                                                0x00401876
                                                                                                                                                                                                                                0x0040187c
                                                                                                                                                                                                                                0x00401880
                                                                                                                                                                                                                                0x00401882
                                                                                                                                                                                                                                0x0040188a
                                                                                                                                                                                                                                0x00401896
                                                                                                                                                                                                                                0x00401884
                                                                                                                                                                                                                                0x00401884
                                                                                                                                                                                                                                0x00401888
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00401888
                                                                                                                                                                                                                                0x0040189f
                                                                                                                                                                                                                                0x004018a5
                                                                                                                                                                                                                                0x004018a7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004018ad
                                                                                                                                                                                                                                0x004018ad
                                                                                                                                                                                                                                0x004018b0
                                                                                                                                                                                                                                0x004018c8
                                                                                                                                                                                                                                0x004018b2
                                                                                                                                                                                                                                0x004018b5
                                                                                                                                                                                                                                0x004018be
                                                                                                                                                                                                                                0x004018be
                                                                                                                                                                                                                                0x004018cd
                                                                                                                                                                                                                                0x004018d2
                                                                                                                                                                                                                                0x00402209
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402209
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrcatA.KERNEL32(00000000,00000000,Show_UI,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,00000000,00000000,00000031), ref: 00401773
                                                                                                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,Show_UI,Show_UI,00000000,00000000,Show_UI,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,00000000,00000000,00000031), ref: 0040179D
                                                                                                                                                                                                                                  • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,MP3 Rocket 6.2.4 Setup,NSIS Error), ref: 00405B73
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404F98
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FB2
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FC0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp$Show_UI$Software\APN PIP\MP3R7$Software\APN PIP\MP3R7
                                                                                                                                                                                                                                • API String ID: 1941528284-1471805396
                                                                                                                                                                                                                                • Opcode ID: c50c07e9c34bb8d8f3066d7714e9e00841c620ef4e08def9809282e1cb43631e
                                                                                                                                                                                                                                • Instruction ID: ca24b6133afb507e547736dc5ab02d451b7f1a2d30e0a517c5ad6537af4b780a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c50c07e9c34bb8d8f3066d7714e9e00841c620ef4e08def9809282e1cb43631e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8441C131900515BBCB10BFB5DD46EAF3A79EF01369B24433BF511B11E1D63C9A418AAD
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 030C1C59, Relevance: 12.1, APIs: 8, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E030C1C59(struct HWND__* _a4) {
				struct tagMSG _v32;
				int _t14;

				SendMessageA(_a4, 0x40d,  *0x30c50c0, 0);
				ShowWindow( *0x30c50c0, 8); // executed
				if( *0x30c50c0 != 0) {
					do {
						GetMessageA( &_v32, 0, 0, 0); // executed
						_t14 = IsDialogMessageA( *0x30c50c0,  &_v32); // executed
						if(_t14 == 0 && IsDialogMessageA( *0x30c50c4,  &_v32) == 0) {
							TranslateMessage( &_v32);
							DispatchMessageA( &_v32); // executed
						}
					} while ( *0x30c50c0 != 0);
				}
				return SetWindowLongA(_a4, 4,  *0x30c50c8);
			}





                                                                                                                                                                                                                                0x030c1c71
                                                                                                                                                                                                                                0x030c1c7f
                                                                                                                                                                                                                                0x030c1c8b
                                                                                                                                                                                                                                0x030c1c94
                                                                                                                                                                                                                                0x030c1c9b
                                                                                                                                                                                                                                0x030c1cab
                                                                                                                                                                                                                                0x030c1caf
                                                                                                                                                                                                                                0x030c1cc5
                                                                                                                                                                                                                                0x030c1ccf
                                                                                                                                                                                                                                0x030c1ccf
                                                                                                                                                                                                                                0x030c1cd5
                                                                                                                                                                                                                                0x030c1cdd
                                                                                                                                                                                                                                0x030c1cf1

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 030C1C71
                                                                                                                                                                                                                                • ShowWindow.USER32(00000008), ref: 030C1C7F
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL ref: 030C1C9B
                                                                                                                                                                                                                                • IsDialogMessageA.USER32(?), ref: 030C1CAB
                                                                                                                                                                                                                                • IsDialogMessageA.USER32(?), ref: 030C1CBB
                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 030C1CC5
                                                                                                                                                                                                                                • DispatchMessageA.USER32 ref: 030C1CCF
                                                                                                                                                                                                                                • SetWindowLongA.USER32(?,00000004), ref: 030C1CE9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1675900869.00000000030C1000.00000020.00020000.sdmp, Offset: 030C0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675875391.00000000030C0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675927376.00000000030C3000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675953768.00000000030C4000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675968346.00000000030C7000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_30c0000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$DialogWindow$CallbackDispatchDispatcherLongSendShowTranslateUser
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4159918924-0
                                                                                                                                                                                                                                • Opcode ID: b9c3c6dbcdde9a271934b59b81a4c46831c3e925d4ad3bbf7e6549859d8eeabf
                                                                                                                                                                                                                                • Instruction ID: e4fbd9d4b3cebe9cb64b2c1c18d58bbc539a5b0d0f4de7ff7b91725632f30815
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9c3c6dbcdde9a271934b59b81a4c46831c3e925d4ad3bbf7e6549859d8eeabf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C111B3A832209EBCB11BBA6FD19D9E7FBEFB46701B508165F641D2018D73CA405DBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402F18, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 832 402f18-402f27 833 402f45-402f50 call 403043 832->833 834 402f29-402f3f SetFilePointer 832->834 837 402f56-402f70 ReadFile 833->837 838 40303c-403040 833->838 834->833 839 402f76-402f79 837->839 840 403039 837->840 839->840 841 402f7f-402f92 call 403043 839->841 842 40303b 840->842 841->838 845 402f98-402f9b 841->845 842->838 846 403008-40300e 845->846 847 402f9d-402fa0 845->847 848 403010 846->848 849 403013-403026 ReadFile 846->849 850 403034-403037 847->850 851 402fa6 847->851 848->849 849->840 852 403028-403031 849->852 850->838 853 402fab-402fb3 851->853 852->850 854 402fb5 853->854 855 402fb8-402fca ReadFile 853->855 854->855 855->840 856 402fcc-402fcf 855->856 856->840 857 402fd1-402fe6 WriteFile 856->857 858 403004-403006 857->858 859 402fe8-402feb 857->859 858->842 859->858 860 402fed-403000 859->860 860->853 861 403002 860->861 861->850
                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                			E00402F18(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				intOrPtr _t51;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t51 =  *0x423ef8; // 0x18c4a
					_t44 = _t31 + _t51;
					 *0x417044 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403043(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417044 =  *0x417044 + _t57;
						_t32 = E00403043(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417044 =  *0x417044 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413040, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413040, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417044 =  *0x417044 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}


















                                                                                                                                                                                                                                0x00402f1d
                                                                                                                                                                                                                                0x00402f27
                                                                                                                                                                                                                                0x00402f29
                                                                                                                                                                                                                                0x00402f30
                                                                                                                                                                                                                                0x00402f34
                                                                                                                                                                                                                                0x00402f3f
                                                                                                                                                                                                                                0x00402f3f
                                                                                                                                                                                                                                0x00402f47
                                                                                                                                                                                                                                0x00402f49
                                                                                                                                                                                                                                0x00402f50
                                                                                                                                                                                                                                0x00402f6c
                                                                                                                                                                                                                                0x00402f70
                                                                                                                                                                                                                                0x00403039
                                                                                                                                                                                                                                0x00403039
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402f7f
                                                                                                                                                                                                                                0x00402f82
                                                                                                                                                                                                                                0x00402f88
                                                                                                                                                                                                                                0x00402f8f
                                                                                                                                                                                                                                0x00402f92
                                                                                                                                                                                                                                0x00402f9b
                                                                                                                                                                                                                                0x00403008
                                                                                                                                                                                                                                0x0040300e
                                                                                                                                                                                                                                0x00403010
                                                                                                                                                                                                                                0x00403010
                                                                                                                                                                                                                                0x00403022
                                                                                                                                                                                                                                0x00403026
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403028
                                                                                                                                                                                                                                0x00403028
                                                                                                                                                                                                                                0x0040302b
                                                                                                                                                                                                                                0x00403031
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403031
                                                                                                                                                                                                                                0x00402f9d
                                                                                                                                                                                                                                0x00402fa0
                                                                                                                                                                                                                                0x00403034
                                                                                                                                                                                                                                0x00403034
                                                                                                                                                                                                                                0x00402fa6
                                                                                                                                                                                                                                0x00402fab
                                                                                                                                                                                                                                0x00402fab
                                                                                                                                                                                                                                0x00402fb3
                                                                                                                                                                                                                                0x00402fb5
                                                                                                                                                                                                                                0x00402fb5
                                                                                                                                                                                                                                0x00402fc6
                                                                                                                                                                                                                                0x00402fca
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402fde
                                                                                                                                                                                                                                0x00402fe6
                                                                                                                                                                                                                                0x00403004
                                                                                                                                                                                                                                0x0040303b
                                                                                                                                                                                                                                0x0040303b
                                                                                                                                                                                                                                0x00402fed
                                                                                                                                                                                                                                0x00402fed
                                                                                                                                                                                                                                0x00402ff0
                                                                                                                                                                                                                                0x00402ff3
                                                                                                                                                                                                                                0x00402ff6
                                                                                                                                                                                                                                0x00403000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403002
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403002
                                                                                                                                                                                                                                0x00403000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402fe6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402fab
                                                                                                                                                                                                                                0x00402fa0
                                                                                                                                                                                                                                0x00402f9b
                                                                                                                                                                                                                                0x00402f92
                                                                                                                                                                                                                                0x00402f70
                                                                                                                                                                                                                                0x0040303c
                                                                                                                                                                                                                                0x00403040

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130,000113E4), ref: 00402F3F
                                                                                                                                                                                                                                • ReadFile.KERNELBASE(00409130,00000004,000113E4,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130), ref: 00402F6C
                                                                                                                                                                                                                                • ReadFile.KERNELBASE(00413040,00004000,000113E4,00000000,00409130,?,00402EC4,000000FF,00000000,00000000,00409130,000113E4), ref: 00402FC6
                                                                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00413040,000113E4,000000FF,00000000,?,00402EC4,000000FF,00000000,00000000,00409130,000113E4), ref: 00402FDE
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$Read$PointerWrite
                                                                                                                                                                                                                                • String ID: @0A
                                                                                                                                                                                                                                • API String ID: 2113905535-1363546919
                                                                                                                                                                                                                                • Opcode ID: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                                                                                                                                                • Instruction ID: f0f891dec1baa82fcb152a6e3a42d02399587e043c2e4755ce28507b82245ee9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F315731501249EBDB21CF55DD40A9E7FBCEB843A5F20407AFA05A6190D3789F81DBA9
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403043, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 862 403043-40306c GetTickCount 863 403072-40309d call 4031f1 SetFilePointer 862->863 864 4031ad-4031b5 call 402bd3 862->864 870 4030a2-4030b4 863->870 869 4031b7-4031bc 864->869 871 4030b6 870->871 872 4030b8-4030c6 call 4031bf 870->872 871->872 875 4030cc-4030d8 872->875 876 40319f-4031a2 872->876 877 4030de-4030e4 875->877 876->869 878 4030e6-4030ec 877->878 879 40310f-40312b call 405f82 877->879 878->879 880 4030ee-40310e call 402bd3 878->880 885 4031a8 879->885 886 40312d-403135 879->886 880->879 887 4031aa-4031ab 885->887 888 403137-40314d WriteFile 886->888 889 403169-40316f 886->889 887->869 890 4031a4-4031a6 888->890 891 40314f-403153 888->891 889->885 892 403171-403173 889->892 890->887 891->890 893 403155-403161 891->893 892->885 894 403175-403188 892->894 893->877 895 403167 893->895 894->870 896 40318e-40319d SetFilePointer 894->896 895->894 896->864
                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                			E00403043(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t22;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t53;

				_t35 =  *0x417044; // 0x124ff6
				_t37 = _t35 -  *0x40afb0 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BD3(1);
					return 0;
				}
				E004031F1( *0x41f054);
				SetFilePointer( *0x409018,  *0x40afb0, 0, 0); // executed
				 *0x41f050 = _t37;
				 *0x417040 = 0;
				while(1) {
					L2:
					_t12 =  *0x417048; // 0x94ec39
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f054;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031BF(0x413040, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f054 =  *0x41f054 + _t34;
					 *0x40afd0 = 0x413040;
					 *0x40afd4 = _t34;
					while(1) {
						_t46 =  *0x423eb0; // 0x5405b0
						if(_t46 != 0) {
							_t47 =  *0x423f40; // 0x0
							if(_t47 == 0) {
								_t22 =  *0x41f050; // 0x2d010
								 *0x417040 = _t22 -  *0x417044 - _a4 +  *0x40afb0;
								E00402BD3(0);
							}
						}
						 *0x40afd8 = 0x40b040;
						 *0x40afdc = 0x8000; // executed
						_t16 = E00405F82(0x40afb8); // executed
						if(_t16 < 0) {
							break;
						}
						_t39 =  *0x40afd8; // 0x40d431
						_t40 = _t39 - 0x40b040;
						if(_t40 == 0) {
							__eflags =  *0x40afd4; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags = _t34;
							if(_t34 == 0) {
								break;
							}
							L17:
							_t18 =  *0x417044; // 0x124ff6
							if(_t18 -  *0x40afb0 + _a4 > 0) {
								goto L2;
							}
							SetFilePointer( *0x409018, _t18, 0, 0); // executed
							goto L23;
						}
						_t21 = WriteFile( *0x409018, 0x40b040, _t40,  &_v4, 0); // executed
						if(_t21 == 0 || _t40 != _v4) {
							_push(0xfffffffe);
							L22:
							_pop(_t17);
							return _t17;
						} else {
							 *0x40afb0 =  *0x40afb0 + _t40;
							_t53 =  *0x40afd4; // 0x0
							if(_t53 != 0) {
								continue;
							}
							goto L17;
						}
					}
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}





















                                                                                                                                                                                                                                0x00403047
                                                                                                                                                                                                                                0x00403054
                                                                                                                                                                                                                                0x00403067
                                                                                                                                                                                                                                0x0040306c
                                                                                                                                                                                                                                0x004031ad
                                                                                                                                                                                                                                0x004031af
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004031b5
                                                                                                                                                                                                                                0x00403078
                                                                                                                                                                                                                                0x0040308b
                                                                                                                                                                                                                                0x00403091
                                                                                                                                                                                                                                0x00403097
                                                                                                                                                                                                                                0x004030a2
                                                                                                                                                                                                                                0x004030a2
                                                                                                                                                                                                                                0x004030a2
                                                                                                                                                                                                                                0x004030a7
                                                                                                                                                                                                                                0x004030ac
                                                                                                                                                                                                                                0x004030b4
                                                                                                                                                                                                                                0x004030b6
                                                                                                                                                                                                                                0x004030b6
                                                                                                                                                                                                                                0x004030bf
                                                                                                                                                                                                                                0x004030c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004030cc
                                                                                                                                                                                                                                0x004030d2
                                                                                                                                                                                                                                0x004030d8
                                                                                                                                                                                                                                0x004030de
                                                                                                                                                                                                                                0x004030de
                                                                                                                                                                                                                                0x004030e4
                                                                                                                                                                                                                                0x004030e6
                                                                                                                                                                                                                                0x004030ec
                                                                                                                                                                                                                                0x004030ee
                                                                                                                                                                                                                                0x00403104
                                                                                                                                                                                                                                0x00403109
                                                                                                                                                                                                                                0x0040310e
                                                                                                                                                                                                                                0x004030ec
                                                                                                                                                                                                                                0x00403114
                                                                                                                                                                                                                                0x0040311a
                                                                                                                                                                                                                                0x00403124
                                                                                                                                                                                                                                0x0040312b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040312d
                                                                                                                                                                                                                                0x00403133
                                                                                                                                                                                                                                0x00403135
                                                                                                                                                                                                                                0x00403169
                                                                                                                                                                                                                                0x0040316f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403171
                                                                                                                                                                                                                                0x00403173
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403175
                                                                                                                                                                                                                                0x00403175
                                                                                                                                                                                                                                0x00403188
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403197
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403197
                                                                                                                                                                                                                                0x00403145
                                                                                                                                                                                                                                0x0040314d
                                                                                                                                                                                                                                0x004031a4
                                                                                                                                                                                                                                0x004031aa
                                                                                                                                                                                                                                0x004031aa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403155
                                                                                                                                                                                                                                0x00403155
                                                                                                                                                                                                                                0x0040315b
                                                                                                                                                                                                                                0x00403161
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403167
                                                                                                                                                                                                                                0x0040314d
                                                                                                                                                                                                                                0x004031a8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004031a8
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403058
                                                                                                                                                                                                                                  • Part of subcall function 004031F1: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,000113E4), ref: 004031FF
                                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000), ref: 0040308B
                                                                                                                                                                                                                                • WriteFile.KERNELBASE(0040B040,0040D431,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403145
                                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00124FF6,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403197
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$Pointer$CountTickWrite
                                                                                                                                                                                                                                • String ID: @0A
                                                                                                                                                                                                                                • API String ID: 2146148272-1363546919
                                                                                                                                                                                                                                • Opcode ID: 09db56204c7f15284c341d007dee54cfa9a87c515f6ef0f82ef5e9c09c89c7a4
                                                                                                                                                                                                                                • Instruction ID: c862c83604f3b109b9ae356e59bf9e99270c6d64ee518f880403d0392c1b0dc8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09db56204c7f15284c341d007dee54cfa9a87c515f6ef0f82ef5e9c09c89c7a4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B41ABB25042029FD710CF29EE4096A7FBDF748356705423BE501BA2E1CB3C6E099B9E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 897 401f51-401f5d 898 401f63-401f79 call 4029f6 * 2 897->898 899 402019-40201b 897->899 909 401f88-401f96 LoadLibraryExA 898->909 910 401f7b-401f86 GetModuleHandleA 898->910 901 402164-402169 call 401423 899->901 906 40288b-40289a 901->906 912 401f98-401fa6 GetProcAddress 909->912 913 402012-402014 909->913 910->909 910->912 914 401fe5-401fea call 404f04 912->914 915 401fa8-401fae 912->915 913->901 919 401fef-401ff2 914->919 917 401fb0-401fbc call 401423 915->917 918 401fc7-401fdb 915->918 917->919 927 401fbe-401fc5 917->927 929 401fde call 30c1c59 918->929 930 401fde call 30c1759 918->930 931 401fde call 30c1855 918->931 932 401fde call 1000198f 918->932 919->906 922 401ff8-402000 call 40364f 919->922 921 401fe0-401fe3 921->919 922->906 928 402006-40200d FreeLibrary 922->928 927->919 928->906 929->921 930->921 931->921 932->921
                                                                                                                                                                                                                                C-Code - Quality: 60%
                                                                                                                                                                                                                                			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f28 =  *0x423f28 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404F04(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af70, " ?B"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E0040364F(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                                                                                                                                0x00401f51
                                                                                                                                                                                                                                0x00401f51
                                                                                                                                                                                                                                0x00401f56
                                                                                                                                                                                                                                0x00401f5d
                                                                                                                                                                                                                                0x00402019
                                                                                                                                                                                                                                0x00402164
                                                                                                                                                                                                                                0x00402164
                                                                                                                                                                                                                                0x0040288b
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a
                                                                                                                                                                                                                                0x0040289a
                                                                                                                                                                                                                                0x00401f6c
                                                                                                                                                                                                                                0x00401f76
                                                                                                                                                                                                                                0x00401f79
                                                                                                                                                                                                                                0x00401f88
                                                                                                                                                                                                                                0x00401f8c
                                                                                                                                                                                                                                0x00401f92
                                                                                                                                                                                                                                0x00401f96
                                                                                                                                                                                                                                0x00402012
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402012
                                                                                                                                                                                                                                0x00401f98
                                                                                                                                                                                                                                0x00401fa2
                                                                                                                                                                                                                                0x00401fa6
                                                                                                                                                                                                                                0x00401fea
                                                                                                                                                                                                                                0x00401fa8
                                                                                                                                                                                                                                0x00401fab
                                                                                                                                                                                                                                0x00401fae
                                                                                                                                                                                                                                0x00401fde
                                                                                                                                                                                                                                0x00401fb0
                                                                                                                                                                                                                                0x00401fb3
                                                                                                                                                                                                                                0x00401fbc
                                                                                                                                                                                                                                0x00401fbe
                                                                                                                                                                                                                                0x00401fbe
                                                                                                                                                                                                                                0x00401fbc
                                                                                                                                                                                                                                0x00401fae
                                                                                                                                                                                                                                0x00401ff2
                                                                                                                                                                                                                                0x00402007
                                                                                                                                                                                                                                0x00402007
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00401ff2
                                                                                                                                                                                                                                0x00401f7c
                                                                                                                                                                                                                                0x00401f82
                                                                                                                                                                                                                                0x00401f86
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404F98
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FB2
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FC0
                                                                                                                                                                                                                                • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                                                                • String ID: ?B
                                                                                                                                                                                                                                • API String ID: 2987980305-117478770
                                                                                                                                                                                                                                • Opcode ID: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                                                                                                                                                                • Instruction ID: 83c29b7dad20212888764ed045f323035a642c1bbb84e8da84d377f5f563bf0e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D621EE72D04216EBCF207FA4DE49A6E75B06B44399F204237F511B52E0D77C4D41965E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 933 402303-402349 call 402aeb call 4029f6 * 2 RegCreateKeyExA 940 40288b-40289a 933->940 941 40234f-402357 933->941 943 402367-40236a 941->943 944 402359-402366 call 4029f6 lstrlenA 941->944 947 40237a-40237d 943->947 948 40236c-402379 call 4029d9 943->948 944->943 951 40238e-4023a2 RegSetValueExA 947->951 952 40237f-402389 call 402f18 947->952 948->947 953 4023a4 951->953 954 4023a7-402483 RegCloseKey 951->954 952->951 953->954 954->940 958 40265c-402663 954->958 958->940
                                                                                                                                                                                                                                C-Code - Quality: 90%
                                                                                                                                                                                                                                			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				long _t22;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t30 =  *0x423f50; // 0x0
				_t31 = _t30 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27); // executed
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a370) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a370 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F18(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a370, 0xc00);
					}
					_t22 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a370, _t19); // executed
					if(_t22 == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey(); // executed
				}
				 *0x423f28 =  *0x423f28 +  *(_t37 - 4);
				return 0;
			}












                                                                                                                                                                                                                                0x00402304
                                                                                                                                                                                                                                0x00402309
                                                                                                                                                                                                                                0x00402313
                                                                                                                                                                                                                                0x0040231d
                                                                                                                                                                                                                                0x00402320
                                                                                                                                                                                                                                0x0040232a
                                                                                                                                                                                                                                0x00402330
                                                                                                                                                                                                                                0x0040233a
                                                                                                                                                                                                                                0x00402341
                                                                                                                                                                                                                                0x00402349
                                                                                                                                                                                                                                0x00402357
                                                                                                                                                                                                                                0x0040235b
                                                                                                                                                                                                                                0x00402366
                                                                                                                                                                                                                                0x00402366
                                                                                                                                                                                                                                0x0040236a
                                                                                                                                                                                                                                0x0040236e
                                                                                                                                                                                                                                0x00402374
                                                                                                                                                                                                                                0x00402379
                                                                                                                                                                                                                                0x00402379
                                                                                                                                                                                                                                0x0040237d
                                                                                                                                                                                                                                0x00402389
                                                                                                                                                                                                                                0x00402389
                                                                                                                                                                                                                                0x0040239a
                                                                                                                                                                                                                                0x004023a2
                                                                                                                                                                                                                                0x004023a4
                                                                                                                                                                                                                                0x004023a4
                                                                                                                                                                                                                                0x004023a7
                                                                                                                                                                                                                                0x0040247d
                                                                                                                                                                                                                                0x0040247d
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402341
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(Software\APN PIP\MP3R7,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402361
                                                                                                                                                                                                                                • RegSetValueExA.KERNELBASE(?,?,?,?,Software\APN PIP\MP3R7,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040239A
                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,Software\APN PIP\MP3R7,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                                                                • String ID: Software\APN PIP\MP3R7
                                                                                                                                                                                                                                • API String ID: 1356686001-3921194532
                                                                                                                                                                                                                                • Opcode ID: 271707f578e5353a3fbe2519cc7d62c3cf42ff78cad1b3e4df9531e7eebe3039
                                                                                                                                                                                                                                • Instruction ID: d7b132d9018d44432a73f3315d2b91b6aa1600c7a927e9fa70905f900517fa5a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 271707f578e5353a3fbe2519cc7d62c3cf42ff78cad1b3e4df9531e7eebe3039
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA1160B1E00209BFEB10AFA0DE49EAF767CFB54398F10413AF905B61D0D7B85D019669
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004015B3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E004056ED(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405684(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B66("C:\\Users\\FRONTD~1\\AppData\\Local\\Temp\\nsc308D.tmp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                                                                                                                                                                0x004015b3
                                                                                                                                                                                                                                0x004015ba
                                                                                                                                                                                                                                0x004015bd
                                                                                                                                                                                                                                0x004015c2
                                                                                                                                                                                                                                0x004015c6
                                                                                                                                                                                                                                0x004015c8
                                                                                                                                                                                                                                0x004015d0
                                                                                                                                                                                                                                0x004015d6
                                                                                                                                                                                                                                0x004015d8
                                                                                                                                                                                                                                0x004015db
                                                                                                                                                                                                                                0x004015e3
                                                                                                                                                                                                                                0x004015f0
                                                                                                                                                                                                                                0x004015fd
                                                                                                                                                                                                                                0x004015fd
                                                                                                                                                                                                                                0x004015f2
                                                                                                                                                                                                                                0x004015f3
                                                                                                                                                                                                                                0x004015fb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004015fb
                                                                                                                                                                                                                                0x004015f0
                                                                                                                                                                                                                                0x00401600
                                                                                                                                                                                                                                0x00401603
                                                                                                                                                                                                                                0x00401605
                                                                                                                                                                                                                                0x00401606
                                                                                                                                                                                                                                0x004015c8
                                                                                                                                                                                                                                0x0040160d
                                                                                                                                                                                                                                0x0040162d
                                                                                                                                                                                                                                0x00402164
                                                                                                                                                                                                                                0x0040160f
                                                                                                                                                                                                                                0x00401611
                                                                                                                                                                                                                                0x0040161c
                                                                                                                                                                                                                                0x00401622
                                                                                                                                                                                                                                0x00401622
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,00000000,00405751,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,?,?,76D7F560,0040549F,?,"C:\Users\user\Desktop\mp3rocket.exe" ,76D7F560), ref: 004056FB
                                                                                                                                                                                                                                  • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                                                                                                                                                                                                                  • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,00000000,00000000,000000F0), ref: 00401622
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp, xrefs: 00401617
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp
                                                                                                                                                                                                                                • API String ID: 3751793516-3177201956
                                                                                                                                                                                                                                • Opcode ID: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                                                                                                                                                                • Instruction ID: c38907cd9fbddcdb820990ab727de55d75fa8bca08f123d111df4852c942a759
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E010431D08141AFDB216F751D4497F27B0AA56369728073FF891B22E2C63C0942962E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040586C, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E0040586C(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                                                                                                                                                0x00405870
                                                                                                                                                                                                                                0x00405876
                                                                                                                                                                                                                                0x00405877
                                                                                                                                                                                                                                0x00405877
                                                                                                                                                                                                                                0x00405878
                                                                                                                                                                                                                                0x0040587f
                                                                                                                                                                                                                                0x00405889
                                                                                                                                                                                                                                0x00405896
                                                                                                                                                                                                                                0x00405899
                                                                                                                                                                                                                                0x004058a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004058a5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004058a7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004058a7
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040587F
                                                                                                                                                                                                                                • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405899
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\mp3rocket.exe" $C:\Users\user~1\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                • API String ID: 1716503409-1737031345
                                                                                                                                                                                                                                • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                                                                • Instruction ID: 7bdb262dbebad2fb51735791196b4a750b565e3ebaa120aaaad2cbe3184e43fd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1F0A73734820876E7105E55DC04B9B7F9DDF91760F14C027FE44DA1C0D6B49954C7A5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00401CC1(int __edx) {
				long _t16;
				void* _t17;
				int _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t16 = LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10); // executed
				_t17 = SendMessageA(_t25, 0x172, _t21, _t16); // executed
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}








                                                                                                                                                                                                                                0x00401ccb
                                                                                                                                                                                                                                0x00401cd2
                                                                                                                                                                                                                                0x00401cf3
                                                                                                                                                                                                                                0x00401d01
                                                                                                                                                                                                                                0x00401d09
                                                                                                                                                                                                                                0x00401d10
                                                                                                                                                                                                                                0x00401d10
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                                                                                                • Opcode ID: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                                                                                                                                                                • Instruction ID: de7316f9b9f1bcc3f0c1dff9ae5dc63c91f1472c52c052d8cf8a0da7f27950be
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1000198F, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                			E1000198F(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				struct HINSTANCE__* _t34;
				void* _t36;
				intOrPtr _t38;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t50;
				intOrPtr _t53;
				signed int _t57;
				signed int _t61;
				void* _t65;
				void* _t66;
				void* _t70;
				void* _t74;

				_t74 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				 *0x10004058 = _a8;
				 *0x1000405c = _a16;
				 *0x10004060 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004038, E1000189E);
				_push(1); // executed
				_t34 = E10001D3B(); // executed
				_t50 = _t34;
				if(_t50 == 0) {
					L28:
					return _t34;
				} else {
					if( *((intOrPtr*)(_t50 + 4)) != 1) {
						E100023F6(_t50);
					}
					E10002440(_t65, _t50);
					_t53 =  *((intOrPtr*)(_t50 + 4));
					if(_t53 == 0xffffffff) {
						L14:
						if(( *(_t50 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t50 + 4)) == 0) {
								_t34 = E100025FE(_t65, _t50);
							} else {
								_push(_t74);
								_push(_t66);
								_t12 = _t50 + 0x818; // 0x818
								_t57 = 8;
								memcpy( &_v36, _t12, _t57 << 2);
								_t38 = E100018A1(_t50);
								_t15 = _t50 + 0x818; // 0x818
								_t70 = _t15;
								 *((intOrPtr*)(_t50 + 0x820)) = _t38;
								 *_t70 = 3;
								E100025FE(_t65, _t50);
								_t61 = 8;
								_t34 = memcpy(_t70,  &_v36, _t61 << 2);
							}
						} else {
							E100025FE(_t65, _t50);
							_t34 = GlobalFree(E1000159E(E100018A1(_t50)));
						}
						if( *((intOrPtr*)(_t50 + 4)) != 1) {
							_t34 = E100025C4(_t50);
							if(( *(_t50 + 0x810) & 0x00000040) != 0 &&  *_t50 == 1) {
								_t34 =  *(_t50 + 0x808);
								if(_t34 != 0) {
									_t34 = FreeLibrary(_t34);
								}
							}
							if(( *(_t50 + 0x810) & 0x00000020) != 0) {
								_t34 = E10001825( *0x10004054);
							}
						}
						if(( *(_t50 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							_t36 = GlobalFree(_t50); // executed
							return _t36;
						}
					}
					_t44 =  *_t50;
					if(_t44 == 0) {
						if(_t53 != 1) {
							goto L14;
						}
						E100014C7(_t50);
						L12:
						_t50 = _t44;
						L13:
						goto L14;
					}
					_t45 = _t44 - 1;
					if(_t45 == 0) {
						L8:
						_t44 = E1000120C(_t53, _t50); // executed
						goto L12;
					}
					_t46 = _t45 - 1;
					if(_t46 == 0) {
						E100027CC(_t50);
						goto L13;
					}
					if(_t46 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                                                                                                                                                                0x1000198f
                                                                                                                                                                                                                                0x1000198f
                                                                                                                                                                                                                                0x1000198f
                                                                                                                                                                                                                                0x10001999
                                                                                                                                                                                                                                0x100019a1
                                                                                                                                                                                                                                0x100019ae
                                                                                                                                                                                                                                0x100019bc
                                                                                                                                                                                                                                0x100019bf
                                                                                                                                                                                                                                0x100019c1
                                                                                                                                                                                                                                0x100019c6
                                                                                                                                                                                                                                0x100019cb
                                                                                                                                                                                                                                0x10001ade
                                                                                                                                                                                                                                0x10001ade
                                                                                                                                                                                                                                0x100019d1
                                                                                                                                                                                                                                0x100019d5
                                                                                                                                                                                                                                0x100019d8
                                                                                                                                                                                                                                0x100019dd
                                                                                                                                                                                                                                0x100019df
                                                                                                                                                                                                                                0x100019e5
                                                                                                                                                                                                                                0x100019eb
                                                                                                                                                                                                                                0x10001a1b
                                                                                                                                                                                                                                0x10001a22
                                                                                                                                                                                                                                0x10001a46
                                                                                                                                                                                                                                0x10001a85
                                                                                                                                                                                                                                0x10001a48
                                                                                                                                                                                                                                0x10001a48
                                                                                                                                                                                                                                0x10001a49
                                                                                                                                                                                                                                0x10001a4c
                                                                                                                                                                                                                                0x10001a52
                                                                                                                                                                                                                                0x10001a56
                                                                                                                                                                                                                                0x10001a59
                                                                                                                                                                                                                                0x10001a5e
                                                                                                                                                                                                                                0x10001a5e
                                                                                                                                                                                                                                0x10001a65
                                                                                                                                                                                                                                0x10001a6b
                                                                                                                                                                                                                                0x10001a71
                                                                                                                                                                                                                                0x10001a7d
                                                                                                                                                                                                                                0x10001a7e
                                                                                                                                                                                                                                0x10001a81
                                                                                                                                                                                                                                0x10001a24
                                                                                                                                                                                                                                0x10001a25
                                                                                                                                                                                                                                0x10001a3a
                                                                                                                                                                                                                                0x10001a3a
                                                                                                                                                                                                                                0x10001a8f
                                                                                                                                                                                                                                0x10001a92
                                                                                                                                                                                                                                0x10001a9f
                                                                                                                                                                                                                                0x10001aa6
                                                                                                                                                                                                                                0x10001aae
                                                                                                                                                                                                                                0x10001ab1
                                                                                                                                                                                                                                0x10001ab1
                                                                                                                                                                                                                                0x10001aae
                                                                                                                                                                                                                                0x10001abe
                                                                                                                                                                                                                                0x10001ac6
                                                                                                                                                                                                                                0x10001acb
                                                                                                                                                                                                                                0x10001abe
                                                                                                                                                                                                                                0x10001ad3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001ad5
                                                                                                                                                                                                                                0x10001ad6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001ad6
                                                                                                                                                                                                                                0x10001ad3
                                                                                                                                                                                                                                0x100019ef
                                                                                                                                                                                                                                0x100019f2
                                                                                                                                                                                                                                0x10001a10
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001a13
                                                                                                                                                                                                                                0x10001a18
                                                                                                                                                                                                                                0x10001a18
                                                                                                                                                                                                                                0x10001a1a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001a1a
                                                                                                                                                                                                                                0x100019f4
                                                                                                                                                                                                                                0x100019f5
                                                                                                                                                                                                                                0x100019fd
                                                                                                                                                                                                                                0x100019fe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100019fe
                                                                                                                                                                                                                                0x100019f7
                                                                                                                                                                                                                                0x100019f8
                                                                                                                                                                                                                                0x10001a06
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001a06
                                                                                                                                                                                                                                0x100019fb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100019fb

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F80
                                                                                                                                                                                                                                  • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F85
                                                                                                                                                                                                                                  • Part of subcall function 10001D3B: GlobalFree.KERNEL32 ref: 10001F8A
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 10001A3A
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 10001AB1
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 10001AD6
                                                                                                                                                                                                                                  • Part of subcall function 100023F6: GlobalAlloc.KERNEL32(00000040,E8002080), ref: 10002428
                                                                                                                                                                                                                                  • Part of subcall function 100027CC: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,?,10001A0B,00000000), ref: 1000281C
                                                                                                                                                                                                                                  • Part of subcall function 100018A1: lstrcpyA.KERNEL32(00000000,10004018,00000000,10001967,00000000), ref: 100018BA
                                                                                                                                                                                                                                  • Part of subcall function 100025FE: wsprintfA.USER32 ref: 1000265F
                                                                                                                                                                                                                                  • Part of subcall function 100025FE: GlobalFree.KERNEL32 ref: 10002728
                                                                                                                                                                                                                                  • Part of subcall function 100025FE: GlobalFree.KERNEL32 ref: 10002751
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1690752483.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690732782.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690765129.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690776803.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$Free$Alloc$Librarylstrcpywsprintf
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1767494692-3916222277
                                                                                                                                                                                                                                • Opcode ID: 6e0759a576b18076926cce8c598bb7c3c4ce6d2cf8641f24577731197bddaade
                                                                                                                                                                                                                                • Instruction ID: 73a644c0497f06cd708a10c3248ea791f84cf5318f3d9e6ca3c0cc3a1fe5f0c9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e0759a576b18076926cce8c598bb7c3c4ce6d2cf8641f24577731197bddaade
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8031A075601245AAFB41DF649CC5BDA3BE8FF062D0F148429F9066A09FCF749845CBA2
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 51%
                                                                                                                                                                                                                                			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28); // executed
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8)); // executed
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405AC4();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                                                                                                                                                0x00401bb6
                                                                                                                                                                                                                                0x00401bc2
                                                                                                                                                                                                                                0x00401bc5
                                                                                                                                                                                                                                0x00401bce
                                                                                                                                                                                                                                0x00401bce
                                                                                                                                                                                                                                0x00401bd1
                                                                                                                                                                                                                                0x00401bd5
                                                                                                                                                                                                                                0x00401bde
                                                                                                                                                                                                                                0x00401bde
                                                                                                                                                                                                                                0x00401be1
                                                                                                                                                                                                                                0x00401be5
                                                                                                                                                                                                                                0x00401be7
                                                                                                                                                                                                                                0x00401c34
                                                                                                                                                                                                                                0x00401c36
                                                                                                                                                                                                                                0x00401c3f
                                                                                                                                                                                                                                0x00401c47
                                                                                                                                                                                                                                0x00401c4a
                                                                                                                                                                                                                                0x00401c4a
                                                                                                                                                                                                                                0x00401c53
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00401be9
                                                                                                                                                                                                                                0x00401bf0
                                                                                                                                                                                                                                0x00401bf2
                                                                                                                                                                                                                                0x00401bfa
                                                                                                                                                                                                                                0x00401bfd
                                                                                                                                                                                                                                0x00401c25
                                                                                                                                                                                                                                0x00401c59
                                                                                                                                                                                                                                0x00401c59
                                                                                                                                                                                                                                0x00401bff
                                                                                                                                                                                                                                0x00401c0d
                                                                                                                                                                                                                                0x00401c15
                                                                                                                                                                                                                                0x00401c18
                                                                                                                                                                                                                                0x00401c18
                                                                                                                                                                                                                                0x00401bfd
                                                                                                                                                                                                                                0x00401c5c
                                                                                                                                                                                                                                0x00401c5f
                                                                                                                                                                                                                                0x00401c65
                                                                                                                                                                                                                                0x00402833
                                                                                                                                                                                                                                0x00402833
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 00401C25
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                • String ID: !
                                                                                                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                • Opcode ID: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                                                                                                                                                • Instruction ID: 67abd366a37910a3fb0c7fe19d632a25016d3899897cc5a5bd850e91adcb6683
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B721C4B1A44209BFEF01AFB4CE4AAAE7B75EF44344F14053EF602B60D1D6B84980E718
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004053C6, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E004053C6(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a8,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                                                                                                                                0x004053cf
                                                                                                                                                                                                                                0x004053eb
                                                                                                                                                                                                                                0x004053f3
                                                                                                                                                                                                                                0x004053f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004053fe
                                                                                                                                                                                                                                0x00405402

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 004053F8
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Error launching installer, xrefs: 004053D9
                                                                                                                                                                                                                                • C:\Users\user~1\AppData\Local\Temp\, xrefs: 004053C6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\$Error launching installer
                                                                                                                                                                                                                                • API String ID: 3712363035-2110930418
                                                                                                                                                                                                                                • Opcode ID: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                                                                                                                                                • Instruction ID: 069b69ca15cd8b990da55ccc95fe3be7356009797bdfa18ab8f6d6c8c96e71ef
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3E0ECB4A00219BFDB00AF64ED49AAB7BBDEB00305F90C522A911E2150D775D8118AB9
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 030C13FB, Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                			E030C13FB(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t20;

				if(_a8 != 0x408 || _a12 != 0xffffffff) {
					L4:
					_t20 = CallWindowProcA( *0x30c50c8, _a4, _a8, _a12, _a16);
					if(_a8 == 0x408 && _t20 == 0) {
						DestroyWindow( *0x30c50c0); // executed
						HeapFree(GetProcessHeap(), _t20,  *0x30c50d8);
						 *0x30c50c0 =  *0x30c50c0 & _t20;
						 *0x30c50d8 =  *0x30c50d8 & _t20;
					}
					return _t20;
				} else {
					_push(0);
					_push( *0x30c50d0 - 1);
					if( *((intOrPtr*)( *0x30c50a0 + 4))() == 0) {
						goto L4;
					}
					return 0;
				}
			}




                                                                                                                                                                                                                                0x030c1407
                                                                                                                                                                                                                                0x030c1428
                                                                                                                                                                                                                                0x030c1444
                                                                                                                                                                                                                                0x030c1446
                                                                                                                                                                                                                                0x030c1452
                                                                                                                                                                                                                                0x030c1466
                                                                                                                                                                                                                                0x030c146c
                                                                                                                                                                                                                                0x030c1472
                                                                                                                                                                                                                                0x030c1472
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c140f
                                                                                                                                                                                                                                0x030c1414
                                                                                                                                                                                                                                0x030c1417
                                                                                                                                                                                                                                0x030c1422
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c1424

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CallWindowProcA.USER32 ref: 030C143B
                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 030C1452
                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000), ref: 030C145F
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 030C1466
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1675900869.00000000030C1000.00000020.00020000.sdmp, Offset: 030C0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675875391.00000000030C0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675927376.00000000030C3000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675953768.00000000030C4000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675968346.00000000030C7000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_30c0000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: HeapWindow$CallDestroyFreeProcProcess
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1278960361-0
                                                                                                                                                                                                                                • Opcode ID: 8a1ef2d164f936acfcc3caef191cf2e83b3bb0fff3c04dd2bbc920f080748c9f
                                                                                                                                                                                                                                • Instruction ID: f0e852a5bb4fe20b8c0c95259f7d5930a6f687724989d9ae55815f640f9356ab
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a1ef2d164f936acfcc3caef191cf2e83b3bb0fff3c04dd2bbc920f080748c9f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3901B13A132245EFCB11EF96EC049AD3BB9FB46322B248169FA48C2054C3389460DFA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401389, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 69%
                                                                                                                                                                                                                                			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423ed0; // 0x54212c
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42368c =  *0x42368c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42368c, 0x7530,  *0x423674), 0);
					}
				}
				return 0;
			}












                                                                                                                                                                                                                                0x0040138a
                                                                                                                                                                                                                                0x004013fa
                                                                                                                                                                                                                                0x00401392
                                                                                                                                                                                                                                0x0040139b
                                                                                                                                                                                                                                0x004013a0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004013a2
                                                                                                                                                                                                                                0x004013a3
                                                                                                                                                                                                                                0x004013ad
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00401404
                                                                                                                                                                                                                                0x004013b0
                                                                                                                                                                                                                                0x004013b7
                                                                                                                                                                                                                                0x004013bd
                                                                                                                                                                                                                                0x004013be
                                                                                                                                                                                                                                0x004013c0
                                                                                                                                                                                                                                0x004013c2
                                                                                                                                                                                                                                0x004013b9
                                                                                                                                                                                                                                0x004013b9
                                                                                                                                                                                                                                0x004013ba
                                                                                                                                                                                                                                0x004013ba
                                                                                                                                                                                                                                0x004013c9
                                                                                                                                                                                                                                0x004013cb
                                                                                                                                                                                                                                0x004013f4
                                                                                                                                                                                                                                0x004013f4
                                                                                                                                                                                                                                0x004013c9
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 004013F4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                • String ID: ,!T
                                                                                                                                                                                                                                • API String ID: 3850602802-781182616
                                                                                                                                                                                                                                • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                                                                                                                                                • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403208, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                			E00403208(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\FRONTD~1\\AppData\\Local\\Temp\\";
				E00405DC8(_t6);
				_t2 = E004056C6(_t6);
				if(_t2 != 0) {
					E00405659(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040586C("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                                                                                                                                                                0x00403209
                                                                                                                                                                                                                                0x0040320f
                                                                                                                                                                                                                                0x00403215
                                                                                                                                                                                                                                0x0040321c
                                                                                                                                                                                                                                0x00403221
                                                                                                                                                                                                                                0x00403229
                                                                                                                                                                                                                                0x00403235
                                                                                                                                                                                                                                0x0040323b
                                                                                                                                                                                                                                0x0040321f
                                                                                                                                                                                                                                0x0040321f
                                                                                                                                                                                                                                0x0040321f

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\mp3rocket.exe" ,C:\Users\user~1\AppData\Local\Temp\,00000000,00403214,C:\Users\user~1\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                                                                                                                                  • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                                                                                                                                  • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\mp3rocket.exe" ,C:\Users\user~1\AppData\Local\Temp\,00000000,00403214,C:\Users\user~1\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                                                                                                                                  • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\mp3rocket.exe" ,C:\Users\user~1\AppData\Local\Temp\,00000000,00403214,C:\Users\user~1\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\,00000000,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403386), ref: 00403229
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                • String ID: 1033$C:\Users\user~1\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 4115351271-3049706366
                                                                                                                                                                                                                                • Opcode ID: abd89e45c2a658b1316b3d4f01b0b3756ccb9227471bfd75c63f163c6189ffd7
                                                                                                                                                                                                                                • Instruction ID: 28437e5e833f6c5712a3d87292ca06883de7807d6adf700678bf42288e0e849f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abd89e45c2a658b1316b3d4f01b0b3756ccb9227471bfd75c63f163c6189ffd7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11D0C922656E3032C651363A3C0AFDF091C8F5271AF55847BF908B40D64B6C5A5259EF
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00406566, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 99%
                                                                                                                                                                                                                                			E00406566() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004069D4))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                                                                                                                                0x00406566
                                                                                                                                                                                                                                0x00406566
                                                                                                                                                                                                                                0x00406566
                                                                                                                                                                                                                                0x00406566
                                                                                                                                                                                                                                0x0040656c
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406574
                                                                                                                                                                                                                                0x0040657e
                                                                                                                                                                                                                                0x0040658c
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406865
                                                                                                                                                                                                                                0x0040686c
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x0040689d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040689f
                                                                                                                                                                                                                                0x004068a8
                                                                                                                                                                                                                                0x004068ae
                                                                                                                                                                                                                                0x004068b1
                                                                                                                                                                                                                                0x004068b4
                                                                                                                                                                                                                                0x004068b7
                                                                                                                                                                                                                                0x004068ba
                                                                                                                                                                                                                                0x004068c0
                                                                                                                                                                                                                                0x004068d9
                                                                                                                                                                                                                                0x004068dc
                                                                                                                                                                                                                                0x004068e8
                                                                                                                                                                                                                                0x004068e9
                                                                                                                                                                                                                                0x004068ec
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068d1
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068f6
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x0040689d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406875
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x004069b7
                                                                                                                                                                                                                                0x004069bf
                                                                                                                                                                                                                                0x004069c6
                                                                                                                                                                                                                                0x004069c8
                                                                                                                                                                                                                                0x004069cf
                                                                                                                                                                                                                                0x004069d3
                                                                                                                                                                                                                                0x004069d3
                                                                                                                                                                                                                                0x0040687b
                                                                                                                                                                                                                                0x00406881
                                                                                                                                                                                                                                0x00406888
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406893
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406893
                                                                                                                                                                                                                                0x004068fd
                                                                                                                                                                                                                                0x0040690a
                                                                                                                                                                                                                                0x0040690d
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fcb
                                                                                                                                                                                                                                0x00405fcf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fd5
                                                                                                                                                                                                                                0x00405fd8
                                                                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                                                                0x00405fde
                                                                                                                                                                                                                                0x00405fe2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fe8
                                                                                                                                                                                                                                0x00405fe8
                                                                                                                                                                                                                                0x00405feb
                                                                                                                                                                                                                                0x00405fed
                                                                                                                                                                                                                                0x00405fee
                                                                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                                                                0x00405ff3
                                                                                                                                                                                                                                0x00405ff4
                                                                                                                                                                                                                                0x00405ff6
                                                                                                                                                                                                                                0x00405ff9
                                                                                                                                                                                                                                0x00405ffe
                                                                                                                                                                                                                                0x00406003
                                                                                                                                                                                                                                0x0040600c
                                                                                                                                                                                                                                0x0040601f
                                                                                                                                                                                                                                0x00406022
                                                                                                                                                                                                                                0x0040602e
                                                                                                                                                                                                                                0x00406056
                                                                                                                                                                                                                                0x00406058
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x0040606a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605d
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x00406030
                                                                                                                                                                                                                                0x00406034
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406042
                                                                                                                                                                                                                                0x0040604a
                                                                                                                                                                                                                                0x0040604d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406074
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x0040607a
                                                                                                                                                                                                                                0x0040607d
                                                                                                                                                                                                                                0x0040608d
                                                                                                                                                                                                                                0x00406090
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406096
                                                                                                                                                                                                                                0x0040609a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040609c
                                                                                                                                                                                                                                0x0040609c
                                                                                                                                                                                                                                0x004060a2
                                                                                                                                                                                                                                0x004060cc
                                                                                                                                                                                                                                0x004060d2
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x004060a4
                                                                                                                                                                                                                                0x004060a8
                                                                                                                                                                                                                                0x004060ab
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060bb
                                                                                                                                                                                                                                0x004060c3
                                                                                                                                                                                                                                0x004060c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040610b
                                                                                                                                                                                                                                0x00406111
                                                                                                                                                                                                                                0x00406114
                                                                                                                                                                                                                                0x00406121
                                                                                                                                                                                                                                0x00406129
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e4
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x004060ea
                                                                                                                                                                                                                                0x004060f0
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fe
                                                                                                                                                                                                                                0x00406101
                                                                                                                                                                                                                                0x00406104
                                                                                                                                                                                                                                0x00406109
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a6
                                                                                                                                                                                                                                0x004067ac
                                                                                                                                                                                                                                0x004067b2
                                                                                                                                                                                                                                0x004067cc
                                                                                                                                                                                                                                0x004067cf
                                                                                                                                                                                                                                0x004067d5
                                                                                                                                                                                                                                0x004067e0
                                                                                                                                                                                                                                0x004067e0
                                                                                                                                                                                                                                0x004067e2
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067c3
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004067ee
                                                                                                                                                                                                                                0x004067f2
                                                                                                                                                                                                                                0x004069a1
                                                                                                                                                                                                                                0x004069a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069a1
                                                                                                                                                                                                                                0x004067f8
                                                                                                                                                                                                                                0x004067fe
                                                                                                                                                                                                                                0x00406805
                                                                                                                                                                                                                                0x0040680d
                                                                                                                                                                                                                                0x00406810
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406131
                                                                                                                                                                                                                                0x00406131
                                                                                                                                                                                                                                0x00406133
                                                                                                                                                                                                                                0x00406136
                                                                                                                                                                                                                                0x004061a7
                                                                                                                                                                                                                                0x004061a7
                                                                                                                                                                                                                                0x004061aa
                                                                                                                                                                                                                                0x004061ad
                                                                                                                                                                                                                                0x004061b4
                                                                                                                                                                                                                                0x004061be
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061be
                                                                                                                                                                                                                                0x00406138
                                                                                                                                                                                                                                0x00406138
                                                                                                                                                                                                                                0x0040613c
                                                                                                                                                                                                                                0x0040613f
                                                                                                                                                                                                                                0x00406141
                                                                                                                                                                                                                                0x00406144
                                                                                                                                                                                                                                0x00406147
                                                                                                                                                                                                                                0x00406149
                                                                                                                                                                                                                                0x0040614c
                                                                                                                                                                                                                                0x0040614e
                                                                                                                                                                                                                                0x00406153
                                                                                                                                                                                                                                0x00406156
                                                                                                                                                                                                                                0x00406159
                                                                                                                                                                                                                                0x0040615d
                                                                                                                                                                                                                                0x00406164
                                                                                                                                                                                                                                0x00406167
                                                                                                                                                                                                                                0x0040616e
                                                                                                                                                                                                                                0x00406172
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x0040617e
                                                                                                                                                                                                                                0x00406181
                                                                                                                                                                                                                                0x0040619f
                                                                                                                                                                                                                                0x0040619f
                                                                                                                                                                                                                                0x004061a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406186
                                                                                                                                                                                                                                0x00406189
                                                                                                                                                                                                                                0x0040618c
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x00406191
                                                                                                                                                                                                                                0x00406194
                                                                                                                                                                                                                                0x00406196
                                                                                                                                                                                                                                0x00406197
                                                                                                                                                                                                                                0x0040619a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040619a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063d0
                                                                                                                                                                                                                                0x004063d0
                                                                                                                                                                                                                                0x004063d4
                                                                                                                                                                                                                                0x004063f2
                                                                                                                                                                                                                                0x004063f2
                                                                                                                                                                                                                                0x004063f5
                                                                                                                                                                                                                                0x004063fc
                                                                                                                                                                                                                                0x004063ff
                                                                                                                                                                                                                                0x00406402
                                                                                                                                                                                                                                0x00406405
                                                                                                                                                                                                                                0x00406408
                                                                                                                                                                                                                                0x0040640b
                                                                                                                                                                                                                                0x0040640d
                                                                                                                                                                                                                                0x00406414
                                                                                                                                                                                                                                0x00406415
                                                                                                                                                                                                                                0x00406417
                                                                                                                                                                                                                                0x0040641a
                                                                                                                                                                                                                                0x0040641d
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x004063d6
                                                                                                                                                                                                                                0x004063d6
                                                                                                                                                                                                                                0x004063d9
                                                                                                                                                                                                                                0x004063dc
                                                                                                                                                                                                                                0x004063e6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040643a
                                                                                                                                                                                                                                0x0040643a
                                                                                                                                                                                                                                0x0040643e
                                                                                                                                                                                                                                0x00406461
                                                                                                                                                                                                                                0x00406464
                                                                                                                                                                                                                                0x00406467
                                                                                                                                                                                                                                0x00406471
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406443
                                                                                                                                                                                                                                0x00406446
                                                                                                                                                                                                                                0x00406449
                                                                                                                                                                                                                                0x00406456
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040647d
                                                                                                                                                                                                                                0x0040647d
                                                                                                                                                                                                                                0x00406481
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406487
                                                                                                                                                                                                                                0x00406487
                                                                                                                                                                                                                                0x0040648b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406491
                                                                                                                                                                                                                                0x00406491
                                                                                                                                                                                                                                0x00406493
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x0040649a
                                                                                                                                                                                                                                0x0040649e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064ee
                                                                                                                                                                                                                                0x004064ee
                                                                                                                                                                                                                                0x004064f2
                                                                                                                                                                                                                                0x004064f9
                                                                                                                                                                                                                                0x004064f9
                                                                                                                                                                                                                                0x004064fc
                                                                                                                                                                                                                                0x004064ff
                                                                                                                                                                                                                                0x00406509
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406509
                                                                                                                                                                                                                                0x004064f4
                                                                                                                                                                                                                                0x004064f4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406515
                                                                                                                                                                                                                                0x00406515
                                                                                                                                                                                                                                0x00406519
                                                                                                                                                                                                                                0x00406520
                                                                                                                                                                                                                                0x00406523
                                                                                                                                                                                                                                0x00406526
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x00406529
                                                                                                                                                                                                                                0x0040652c
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x00406532
                                                                                                                                                                                                                                0x00406535
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x0040653b
                                                                                                                                                                                                                                0x00406542
                                                                                                                                                                                                                                0x00406547
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d9
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x004065df
                                                                                                                                                                                                                                0x004065df
                                                                                                                                                                                                                                0x004065e2
                                                                                                                                                                                                                                0x004065e5
                                                                                                                                                                                                                                0x004065e9
                                                                                                                                                                                                                                0x004065ec
                                                                                                                                                                                                                                0x004065f2
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f7
                                                                                                                                                                                                                                0x004065fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ce
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x004061d4
                                                                                                                                                                                                                                0x004061d4
                                                                                                                                                                                                                                0x004061d7
                                                                                                                                                                                                                                0x004061da
                                                                                                                                                                                                                                0x004061de
                                                                                                                                                                                                                                0x004061e1
                                                                                                                                                                                                                                0x004061e7
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061ec
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061f2
                                                                                                                                                                                                                                0x004061f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061fb
                                                                                                                                                                                                                                0x004061fb
                                                                                                                                                                                                                                0x00406201
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x0040620b
                                                                                                                                                                                                                                0x0040620e
                                                                                                                                                                                                                                0x00406211
                                                                                                                                                                                                                                0x00406214
                                                                                                                                                                                                                                0x00406217
                                                                                                                                                                                                                                0x00406218
                                                                                                                                                                                                                                0x0040621b
                                                                                                                                                                                                                                0x0040621d
                                                                                                                                                                                                                                0x00406223
                                                                                                                                                                                                                                0x00406226
                                                                                                                                                                                                                                0x00406229
                                                                                                                                                                                                                                0x0040622c
                                                                                                                                                                                                                                0x0040622f
                                                                                                                                                                                                                                0x00406232
                                                                                                                                                                                                                                0x00406235
                                                                                                                                                                                                                                0x00406251
                                                                                                                                                                                                                                0x00406254
                                                                                                                                                                                                                                0x00406257
                                                                                                                                                                                                                                0x0040625a
                                                                                                                                                                                                                                0x00406261
                                                                                                                                                                                                                                0x00406265
                                                                                                                                                                                                                                0x00406267
                                                                                                                                                                                                                                0x0040626b
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x0040623b
                                                                                                                                                                                                                                0x00406243
                                                                                                                                                                                                                                0x00406248
                                                                                                                                                                                                                                0x0040624a
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040626e
                                                                                                                                                                                                                                0x00406275
                                                                                                                                                                                                                                0x00406278
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406287
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x0040628d
                                                                                                                                                                                                                                0x0040628d
                                                                                                                                                                                                                                0x00406290
                                                                                                                                                                                                                                0x00406293
                                                                                                                                                                                                                                0x00406297
                                                                                                                                                                                                                                0x0040629a
                                                                                                                                                                                                                                0x004062a0
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a5
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062ae
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004062b0
                                                                                                                                                                                                                                0x004062b0
                                                                                                                                                                                                                                0x004062b3
                                                                                                                                                                                                                                0x004062b6
                                                                                                                                                                                                                                0x004062b9
                                                                                                                                                                                                                                0x004062bc
                                                                                                                                                                                                                                0x004062bf
                                                                                                                                                                                                                                0x004062c2
                                                                                                                                                                                                                                0x004062c5
                                                                                                                                                                                                                                0x004062c8
                                                                                                                                                                                                                                0x004062cb
                                                                                                                                                                                                                                0x004062ce
                                                                                                                                                                                                                                0x004062e6
                                                                                                                                                                                                                                0x004062e9
                                                                                                                                                                                                                                0x004062ec
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062f2
                                                                                                                                                                                                                                0x004062f6
                                                                                                                                                                                                                                0x004062f8
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d8
                                                                                                                                                                                                                                0x004062dd
                                                                                                                                                                                                                                0x004062df
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062fb
                                                                                                                                                                                                                                0x00406302
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x0040634b
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00406351
                                                                                                                                                                                                                                0x00406351
                                                                                                                                                                                                                                0x00406354
                                                                                                                                                                                                                                0x00406357
                                                                                                                                                                                                                                0x0040635b
                                                                                                                                                                                                                                0x0040635e
                                                                                                                                                                                                                                0x00406364
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406369
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x00406372
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406377
                                                                                                                                                                                                                                0x0040637a
                                                                                                                                                                                                                                0x0040637d
                                                                                                                                                                                                                                0x00406380
                                                                                                                                                                                                                                0x00406383
                                                                                                                                                                                                                                0x00406386
                                                                                                                                                                                                                                0x00406389
                                                                                                                                                                                                                                0x0040638c
                                                                                                                                                                                                                                0x0040638f
                                                                                                                                                                                                                                0x00406392
                                                                                                                                                                                                                                0x004063aa
                                                                                                                                                                                                                                0x004063ad
                                                                                                                                                                                                                                0x004063b0
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b6
                                                                                                                                                                                                                                0x004063ba
                                                                                                                                                                                                                                0x004063bc
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x0040639c
                                                                                                                                                                                                                                0x004063a1
                                                                                                                                                                                                                                0x004063a3
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063bf
                                                                                                                                                                                                                                0x004063c6
                                                                                                                                                                                                                                0x004063c9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x0040665c
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00406662
                                                                                                                                                                                                                                0x00406662
                                                                                                                                                                                                                                0x00406665
                                                                                                                                                                                                                                0x00406668
                                                                                                                                                                                                                                0x0040666c
                                                                                                                                                                                                                                0x0040666f
                                                                                                                                                                                                                                0x00406675
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x0040667a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x0040642b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406767
                                                                                                                                                                                                                                0x00406767
                                                                                                                                                                                                                                0x0040676b
                                                                                                                                                                                                                                0x0040678d
                                                                                                                                                                                                                                0x0040678d
                                                                                                                                                                                                                                0x00406790
                                                                                                                                                                                                                                0x0040679a
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040676d
                                                                                                                                                                                                                                0x0040676d
                                                                                                                                                                                                                                0x00406770
                                                                                                                                                                                                                                0x00406774
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x0040677a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406824
                                                                                                                                                                                                                                0x00406824
                                                                                                                                                                                                                                0x00406828
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x0040684d
                                                                                                                                                                                                                                0x00406854
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406865
                                                                                                                                                                                                                                0x0040686c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040686f
                                                                                                                                                                                                                                0x0040682a
                                                                                                                                                                                                                                0x0040682a
                                                                                                                                                                                                                                0x0040682d
                                                                                                                                                                                                                                0x00406830
                                                                                                                                                                                                                                0x00406833
                                                                                                                                                                                                                                0x0040683a
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x00406781
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406915
                                                                                                                                                                                                                                0x00406915
                                                                                                                                                                                                                                0x00406918
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040681f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040654f
                                                                                                                                                                                                                                0x0040654f
                                                                                                                                                                                                                                0x00406551
                                                                                                                                                                                                                                0x00406558
                                                                                                                                                                                                                                0x00406559
                                                                                                                                                                                                                                0x0040655b
                                                                                                                                                                                                                                0x0040655e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406865
                                                                                                                                                                                                                                0x0040686c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040686f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406594
                                                                                                                                                                                                                                0x00406594
                                                                                                                                                                                                                                0x00406597
                                                                                                                                                                                                                                0x004065cd
                                                                                                                                                                                                                                0x004065cd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406703
                                                                                                                                                                                                                                0x00406705
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x0040670b
                                                                                                                                                                                                                                0x0040670b
                                                                                                                                                                                                                                0x0040670e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406714
                                                                                                                                                                                                                                0x00406714
                                                                                                                                                                                                                                0x00406718
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00406599
                                                                                                                                                                                                                                0x00406599
                                                                                                                                                                                                                                0x0040659b
                                                                                                                                                                                                                                0x0040659d
                                                                                                                                                                                                                                0x0040659f
                                                                                                                                                                                                                                0x004065a2
                                                                                                                                                                                                                                0x004065a3
                                                                                                                                                                                                                                0x004065a5
                                                                                                                                                                                                                                0x004065a7
                                                                                                                                                                                                                                0x004065aa
                                                                                                                                                                                                                                0x004065ad
                                                                                                                                                                                                                                0x004065c3
                                                                                                                                                                                                                                0x004065c3
                                                                                                                                                                                                                                0x004065c8
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406604
                                                                                                                                                                                                                                0x0040662d
                                                                                                                                                                                                                                0x00406630
                                                                                                                                                                                                                                0x00406632
                                                                                                                                                                                                                                0x00406639
                                                                                                                                                                                                                                0x0040663c
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406646
                                                                                                                                                                                                                                0x00406649
                                                                                                                                                                                                                                0x00406650
                                                                                                                                                                                                                                0x00406653
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406683
                                                                                                                                                                                                                                0x00406686
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00406688
                                                                                                                                                                                                                                0x00406688
                                                                                                                                                                                                                                0x0040668e
                                                                                                                                                                                                                                0x00406691
                                                                                                                                                                                                                                0x00406694
                                                                                                                                                                                                                                0x00406697
                                                                                                                                                                                                                                0x0040669a
                                                                                                                                                                                                                                0x0040669d
                                                                                                                                                                                                                                0x004066a0
                                                                                                                                                                                                                                0x004066a3
                                                                                                                                                                                                                                0x004066a6
                                                                                                                                                                                                                                0x004066a9
                                                                                                                                                                                                                                0x004066c2
                                                                                                                                                                                                                                0x004066c4
                                                                                                                                                                                                                                0x004066c7
                                                                                                                                                                                                                                0x004066c8
                                                                                                                                                                                                                                0x004066cb
                                                                                                                                                                                                                                0x004066cd
                                                                                                                                                                                                                                0x004066d0
                                                                                                                                                                                                                                0x004066d2
                                                                                                                                                                                                                                0x004066d4
                                                                                                                                                                                                                                0x004066d7
                                                                                                                                                                                                                                0x004066d9
                                                                                                                                                                                                                                0x004066dc
                                                                                                                                                                                                                                0x004066e0
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e3
                                                                                                                                                                                                                                0x004066e6
                                                                                                                                                                                                                                0x004066e9
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066b3
                                                                                                                                                                                                                                0x004066b8
                                                                                                                                                                                                                                0x004066ba
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066ec
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x00406606
                                                                                                                                                                                                                                0x00406606
                                                                                                                                                                                                                                0x00406609
                                                                                                                                                                                                                                0x0040660b
                                                                                                                                                                                                                                0x0040660e
                                                                                                                                                                                                                                0x00406611
                                                                                                                                                                                                                                0x00406614
                                                                                                                                                                                                                                0x00406616
                                                                                                                                                                                                                                0x00406619
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x00406622
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065af
                                                                                                                                                                                                                                0x004065af
                                                                                                                                                                                                                                0x004065b2
                                                                                                                                                                                                                                0x004065b4
                                                                                                                                                                                                                                0x004065b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x0040631a
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00406320
                                                                                                                                                                                                                                0x00406320
                                                                                                                                                                                                                                0x00406323
                                                                                                                                                                                                                                0x00406326
                                                                                                                                                                                                                                0x00406329
                                                                                                                                                                                                                                0x0040632c
                                                                                                                                                                                                                                0x0040632f
                                                                                                                                                                                                                                0x00406332
                                                                                                                                                                                                                                0x00406334
                                                                                                                                                                                                                                0x00406337
                                                                                                                                                                                                                                0x0040633a
                                                                                                                                                                                                                                0x0040633d
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a5
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x004064ab
                                                                                                                                                                                                                                0x004064ab
                                                                                                                                                                                                                                0x004064ae
                                                                                                                                                                                                                                0x004064b1
                                                                                                                                                                                                                                0x004064b4
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b9
                                                                                                                                                                                                                                0x004064bc
                                                                                                                                                                                                                                0x004064bf
                                                                                                                                                                                                                                0x004064c2
                                                                                                                                                                                                                                0x004064c5
                                                                                                                                                                                                                                0x004064c8
                                                                                                                                                                                                                                0x004064c9
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064ce
                                                                                                                                                                                                                                0x004064d1
                                                                                                                                                                                                                                0x004064d4
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064da
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x00406722
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406728
                                                                                                                                                                                                                                0x00406728
                                                                                                                                                                                                                                0x0040672b
                                                                                                                                                                                                                                0x0040672e
                                                                                                                                                                                                                                0x00406731
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406736
                                                                                                                                                                                                                                0x00406739
                                                                                                                                                                                                                                0x0040673c
                                                                                                                                                                                                                                0x0040673f
                                                                                                                                                                                                                                0x00406742
                                                                                                                                                                                                                                0x00406745
                                                                                                                                                                                                                                0x00406746
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x0040674b
                                                                                                                                                                                                                                0x0040674e
                                                                                                                                                                                                                                0x00406751
                                                                                                                                                                                                                                0x00406754
                                                                                                                                                                                                                                0x00406757
                                                                                                                                                                                                                                0x0040675b
                                                                                                                                                                                                                                0x0040675d
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406762
                                                                                                                                                                                                                                0x00406762
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00406995
                                                                                                                                                                                                                                0x00406995
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x00406862

                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                                                                                                                                                • Instruction ID: 319d18918fa2cc3741333e20ed782d5c303dd2f769888eebbc994f2124d7c2e6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29A15171E00229CBDF28CFA8C8547ADBBB1FF44305F15812AD856BB281D7789A96DF44
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00406767, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                                                                			E00406767() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406767
                                                                                                                                                                                                                                0x00406767
                                                                                                                                                                                                                                0x0040676b
                                                                                                                                                                                                                                0x00406790
                                                                                                                                                                                                                                0x0040679a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040676d
                                                                                                                                                                                                                                0x0040676d
                                                                                                                                                                                                                                0x00406770
                                                                                                                                                                                                                                0x00406774
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x0040677a
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x00406781
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406865
                                                                                                                                                                                                                                0x0040686c
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x0040689d
                                                                                                                                                                                                                                0x004068fd
                                                                                                                                                                                                                                0x00406900
                                                                                                                                                                                                                                0x00406905
                                                                                                                                                                                                                                0x00406906
                                                                                                                                                                                                                                0x00406908
                                                                                                                                                                                                                                0x0040690a
                                                                                                                                                                                                                                0x0040690d
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fcf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fd8
                                                                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                                                                0x00405fde
                                                                                                                                                                                                                                0x00405fe2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fe8
                                                                                                                                                                                                                                0x00405feb
                                                                                                                                                                                                                                0x00405fed
                                                                                                                                                                                                                                0x00405fee
                                                                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                                                                0x00405ff3
                                                                                                                                                                                                                                0x00405ff4
                                                                                                                                                                                                                                0x00405ff6
                                                                                                                                                                                                                                0x00405ff9
                                                                                                                                                                                                                                0x00405ffe
                                                                                                                                                                                                                                0x00406003
                                                                                                                                                                                                                                0x0040600c
                                                                                                                                                                                                                                0x0040601f
                                                                                                                                                                                                                                0x00406022
                                                                                                                                                                                                                                0x0040602e
                                                                                                                                                                                                                                0x00406056
                                                                                                                                                                                                                                0x00406058
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x0040606a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605d
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x00406034
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406042
                                                                                                                                                                                                                                0x0040604a
                                                                                                                                                                                                                                0x0040604d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406074
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x0040607d
                                                                                                                                                                                                                                0x0040608d
                                                                                                                                                                                                                                0x00406090
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406096
                                                                                                                                                                                                                                0x0040609a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040609c
                                                                                                                                                                                                                                0x004060a2
                                                                                                                                                                                                                                0x004060cc
                                                                                                                                                                                                                                0x004060d2
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x004060a8
                                                                                                                                                                                                                                0x004060ab
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060bb
                                                                                                                                                                                                                                0x004060c3
                                                                                                                                                                                                                                0x004060c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040610b
                                                                                                                                                                                                                                0x00406111
                                                                                                                                                                                                                                0x00406114
                                                                                                                                                                                                                                0x00406121
                                                                                                                                                                                                                                0x00406129
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e4
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x004060f0
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fe
                                                                                                                                                                                                                                0x00406101
                                                                                                                                                                                                                                0x00406104
                                                                                                                                                                                                                                0x00406109
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a6
                                                                                                                                                                                                                                0x004067ac
                                                                                                                                                                                                                                0x004067b2
                                                                                                                                                                                                                                0x004067cc
                                                                                                                                                                                                                                0x004067cf
                                                                                                                                                                                                                                0x004067d5
                                                                                                                                                                                                                                0x004067e0
                                                                                                                                                                                                                                0x004067e0
                                                                                                                                                                                                                                0x004067e2
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067c3
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004067ee
                                                                                                                                                                                                                                0x004067f2
                                                                                                                                                                                                                                0x004069a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069a1
                                                                                                                                                                                                                                0x004067fe
                                                                                                                                                                                                                                0x00406805
                                                                                                                                                                                                                                0x0040680d
                                                                                                                                                                                                                                0x00406810
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406131
                                                                                                                                                                                                                                0x00406133
                                                                                                                                                                                                                                0x00406136
                                                                                                                                                                                                                                0x004061a7
                                                                                                                                                                                                                                0x004061aa
                                                                                                                                                                                                                                0x004061ad
                                                                                                                                                                                                                                0x004061b4
                                                                                                                                                                                                                                0x004061be
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061be
                                                                                                                                                                                                                                0x00406138
                                                                                                                                                                                                                                0x0040613c
                                                                                                                                                                                                                                0x0040613f
                                                                                                                                                                                                                                0x00406141
                                                                                                                                                                                                                                0x00406144
                                                                                                                                                                                                                                0x00406147
                                                                                                                                                                                                                                0x00406149
                                                                                                                                                                                                                                0x0040614c
                                                                                                                                                                                                                                0x0040614e
                                                                                                                                                                                                                                0x00406153
                                                                                                                                                                                                                                0x00406156
                                                                                                                                                                                                                                0x00406159
                                                                                                                                                                                                                                0x0040615d
                                                                                                                                                                                                                                0x00406164
                                                                                                                                                                                                                                0x00406167
                                                                                                                                                                                                                                0x0040616e
                                                                                                                                                                                                                                0x00406172
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x0040617e
                                                                                                                                                                                                                                0x00406181
                                                                                                                                                                                                                                0x0040619f
                                                                                                                                                                                                                                0x004061a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406186
                                                                                                                                                                                                                                0x00406189
                                                                                                                                                                                                                                0x0040618c
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x00406191
                                                                                                                                                                                                                                0x00406194
                                                                                                                                                                                                                                0x00406196
                                                                                                                                                                                                                                0x00406197
                                                                                                                                                                                                                                0x0040619a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040619a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063d0
                                                                                                                                                                                                                                0x004063d4
                                                                                                                                                                                                                                0x004063f2
                                                                                                                                                                                                                                0x004063f5
                                                                                                                                                                                                                                0x004063fc
                                                                                                                                                                                                                                0x004063ff
                                                                                                                                                                                                                                0x00406402
                                                                                                                                                                                                                                0x00406405
                                                                                                                                                                                                                                0x00406408
                                                                                                                                                                                                                                0x0040640b
                                                                                                                                                                                                                                0x0040640d
                                                                                                                                                                                                                                0x00406414
                                                                                                                                                                                                                                0x00406415
                                                                                                                                                                                                                                0x00406417
                                                                                                                                                                                                                                0x0040641a
                                                                                                                                                                                                                                0x0040641d
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x004063d6
                                                                                                                                                                                                                                0x004063d9
                                                                                                                                                                                                                                0x004063dc
                                                                                                                                                                                                                                0x004063e6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040643a
                                                                                                                                                                                                                                0x0040643e
                                                                                                                                                                                                                                0x00406461
                                                                                                                                                                                                                                0x00406464
                                                                                                                                                                                                                                0x00406467
                                                                                                                                                                                                                                0x00406471
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406443
                                                                                                                                                                                                                                0x00406446
                                                                                                                                                                                                                                0x00406449
                                                                                                                                                                                                                                0x00406456
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040647d
                                                                                                                                                                                                                                0x00406481
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406487
                                                                                                                                                                                                                                0x0040648b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406491
                                                                                                                                                                                                                                0x00406493
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x0040649a
                                                                                                                                                                                                                                0x0040649e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064ee
                                                                                                                                                                                                                                0x004064f2
                                                                                                                                                                                                                                0x004064f9
                                                                                                                                                                                                                                0x004064fc
                                                                                                                                                                                                                                0x004064ff
                                                                                                                                                                                                                                0x00406509
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406509
                                                                                                                                                                                                                                0x004064f4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406515
                                                                                                                                                                                                                                0x00406519
                                                                                                                                                                                                                                0x00406520
                                                                                                                                                                                                                                0x00406523
                                                                                                                                                                                                                                0x00406526
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x00406529
                                                                                                                                                                                                                                0x0040652c
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x00406532
                                                                                                                                                                                                                                0x00406535
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x0040653b
                                                                                                                                                                                                                                0x00406542
                                                                                                                                                                                                                                0x00406547
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d9
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x004065df
                                                                                                                                                                                                                                0x004065e2
                                                                                                                                                                                                                                0x004065e5
                                                                                                                                                                                                                                0x004065e9
                                                                                                                                                                                                                                0x004065ec
                                                                                                                                                                                                                                0x004065f2
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f7
                                                                                                                                                                                                                                0x004065fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ce
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x004061d4
                                                                                                                                                                                                                                0x004061d7
                                                                                                                                                                                                                                0x004061da
                                                                                                                                                                                                                                0x004061de
                                                                                                                                                                                                                                0x004061e1
                                                                                                                                                                                                                                0x004061e7
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061ec
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061f2
                                                                                                                                                                                                                                0x004061f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061fb
                                                                                                                                                                                                                                0x00406201
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x0040620b
                                                                                                                                                                                                                                0x0040620e
                                                                                                                                                                                                                                0x00406211
                                                                                                                                                                                                                                0x00406214
                                                                                                                                                                                                                                0x00406217
                                                                                                                                                                                                                                0x00406218
                                                                                                                                                                                                                                0x0040621b
                                                                                                                                                                                                                                0x0040621d
                                                                                                                                                                                                                                0x00406223
                                                                                                                                                                                                                                0x00406226
                                                                                                                                                                                                                                0x00406229
                                                                                                                                                                                                                                0x0040622c
                                                                                                                                                                                                                                0x0040622f
                                                                                                                                                                                                                                0x00406232
                                                                                                                                                                                                                                0x00406235
                                                                                                                                                                                                                                0x00406251
                                                                                                                                                                                                                                0x00406254
                                                                                                                                                                                                                                0x00406257
                                                                                                                                                                                                                                0x0040625a
                                                                                                                                                                                                                                0x00406261
                                                                                                                                                                                                                                0x00406265
                                                                                                                                                                                                                                0x00406267
                                                                                                                                                                                                                                0x0040626b
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x0040623b
                                                                                                                                                                                                                                0x00406243
                                                                                                                                                                                                                                0x00406248
                                                                                                                                                                                                                                0x0040624a
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040626e
                                                                                                                                                                                                                                0x00406275
                                                                                                                                                                                                                                0x00406278
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406287
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x0040628d
                                                                                                                                                                                                                                0x00406290
                                                                                                                                                                                                                                0x00406293
                                                                                                                                                                                                                                0x00406297
                                                                                                                                                                                                                                0x0040629a
                                                                                                                                                                                                                                0x004062a0
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a5
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062ae
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004062b0
                                                                                                                                                                                                                                0x004062b3
                                                                                                                                                                                                                                0x004062b6
                                                                                                                                                                                                                                0x004062b9
                                                                                                                                                                                                                                0x004062bc
                                                                                                                                                                                                                                0x004062bf
                                                                                                                                                                                                                                0x004062c2
                                                                                                                                                                                                                                0x004062c5
                                                                                                                                                                                                                                0x004062c8
                                                                                                                                                                                                                                0x004062cb
                                                                                                                                                                                                                                0x004062ce
                                                                                                                                                                                                                                0x004062e6
                                                                                                                                                                                                                                0x004062e9
                                                                                                                                                                                                                                0x004062ec
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062f2
                                                                                                                                                                                                                                0x004062f6
                                                                                                                                                                                                                                0x004062f8
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d8
                                                                                                                                                                                                                                0x004062dd
                                                                                                                                                                                                                                0x004062df
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062fb
                                                                                                                                                                                                                                0x00406302
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x0040634b
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00406351
                                                                                                                                                                                                                                0x00406354
                                                                                                                                                                                                                                0x00406357
                                                                                                                                                                                                                                0x0040635b
                                                                                                                                                                                                                                0x0040635e
                                                                                                                                                                                                                                0x00406364
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406369
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x00406372
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406377
                                                                                                                                                                                                                                0x0040637a
                                                                                                                                                                                                                                0x0040637d
                                                                                                                                                                                                                                0x00406380
                                                                                                                                                                                                                                0x00406383
                                                                                                                                                                                                                                0x00406386
                                                                                                                                                                                                                                0x00406389
                                                                                                                                                                                                                                0x0040638c
                                                                                                                                                                                                                                0x0040638f
                                                                                                                                                                                                                                0x00406392
                                                                                                                                                                                                                                0x004063aa
                                                                                                                                                                                                                                0x004063ad
                                                                                                                                                                                                                                0x004063b0
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b6
                                                                                                                                                                                                                                0x004063ba
                                                                                                                                                                                                                                0x004063bc
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x0040639c
                                                                                                                                                                                                                                0x004063a1
                                                                                                                                                                                                                                0x004063a3
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063bf
                                                                                                                                                                                                                                0x004063c6
                                                                                                                                                                                                                                0x004063c9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x0040665c
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00406662
                                                                                                                                                                                                                                0x00406665
                                                                                                                                                                                                                                0x00406668
                                                                                                                                                                                                                                0x0040666c
                                                                                                                                                                                                                                0x0040666f
                                                                                                                                                                                                                                0x00406675
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x0040667a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x0040642b
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406824
                                                                                                                                                                                                                                0x00406828
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x0040684d
                                                                                                                                                                                                                                0x00406854
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406854
                                                                                                                                                                                                                                0x0040682a
                                                                                                                                                                                                                                0x0040682d
                                                                                                                                                                                                                                0x00406830
                                                                                                                                                                                                                                0x00406833
                                                                                                                                                                                                                                0x0040683a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406915
                                                                                                                                                                                                                                0x00406918
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040654f
                                                                                                                                                                                                                                0x00406551
                                                                                                                                                                                                                                0x00406558
                                                                                                                                                                                                                                0x00406559
                                                                                                                                                                                                                                0x0040655b
                                                                                                                                                                                                                                0x0040655e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406566
                                                                                                                                                                                                                                0x00406569
                                                                                                                                                                                                                                0x0040656c
                                                                                                                                                                                                                                0x0040656e
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406571
                                                                                                                                                                                                                                0x00406574
                                                                                                                                                                                                                                0x0040657b
                                                                                                                                                                                                                                0x0040657e
                                                                                                                                                                                                                                0x0040658c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406875
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x0040687b
                                                                                                                                                                                                                                0x0040687e
                                                                                                                                                                                                                                0x00406881
                                                                                                                                                                                                                                0x00406885
                                                                                                                                                                                                                                0x00406888
                                                                                                                                                                                                                                0x0040688e
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406893
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406594
                                                                                                                                                                                                                                0x00406597
                                                                                                                                                                                                                                0x004065cd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406703
                                                                                                                                                                                                                                0x00406705
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x0040670b
                                                                                                                                                                                                                                0x0040670e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406714
                                                                                                                                                                                                                                0x00406718
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00406599
                                                                                                                                                                                                                                0x0040659b
                                                                                                                                                                                                                                0x0040659d
                                                                                                                                                                                                                                0x0040659f
                                                                                                                                                                                                                                0x004065a2
                                                                                                                                                                                                                                0x004065a3
                                                                                                                                                                                                                                0x004065a5
                                                                                                                                                                                                                                0x004065a7
                                                                                                                                                                                                                                0x004065aa
                                                                                                                                                                                                                                0x004065ad
                                                                                                                                                                                                                                0x004065c3
                                                                                                                                                                                                                                0x004065c8
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406604
                                                                                                                                                                                                                                0x00406630
                                                                                                                                                                                                                                0x00406632
                                                                                                                                                                                                                                0x00406639
                                                                                                                                                                                                                                0x0040663c
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406646
                                                                                                                                                                                                                                0x00406649
                                                                                                                                                                                                                                0x00406650
                                                                                                                                                                                                                                0x00406653
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406683
                                                                                                                                                                                                                                0x00406686
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00406688
                                                                                                                                                                                                                                0x0040668e
                                                                                                                                                                                                                                0x00406691
                                                                                                                                                                                                                                0x00406694
                                                                                                                                                                                                                                0x00406697
                                                                                                                                                                                                                                0x0040669a
                                                                                                                                                                                                                                0x0040669d
                                                                                                                                                                                                                                0x004066a0
                                                                                                                                                                                                                                0x004066a3
                                                                                                                                                                                                                                0x004066a6
                                                                                                                                                                                                                                0x004066a9
                                                                                                                                                                                                                                0x004066c2
                                                                                                                                                                                                                                0x004066c4
                                                                                                                                                                                                                                0x004066c7
                                                                                                                                                                                                                                0x004066c8
                                                                                                                                                                                                                                0x004066cb
                                                                                                                                                                                                                                0x004066cd
                                                                                                                                                                                                                                0x004066d0
                                                                                                                                                                                                                                0x004066d2
                                                                                                                                                                                                                                0x004066d4
                                                                                                                                                                                                                                0x004066d7
                                                                                                                                                                                                                                0x004066d9
                                                                                                                                                                                                                                0x004066dc
                                                                                                                                                                                                                                0x004066e0
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e3
                                                                                                                                                                                                                                0x004066e6
                                                                                                                                                                                                                                0x004066e9
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066b3
                                                                                                                                                                                                                                0x004066b8
                                                                                                                                                                                                                                0x004066ba
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066ec
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x00406606
                                                                                                                                                                                                                                0x00406609
                                                                                                                                                                                                                                0x0040660b
                                                                                                                                                                                                                                0x0040660e
                                                                                                                                                                                                                                0x00406611
                                                                                                                                                                                                                                0x00406614
                                                                                                                                                                                                                                0x00406616
                                                                                                                                                                                                                                0x00406619
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x00406622
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065af
                                                                                                                                                                                                                                0x004065b2
                                                                                                                                                                                                                                0x004065b4
                                                                                                                                                                                                                                0x004065b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x0040631a
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00406320
                                                                                                                                                                                                                                0x00406323
                                                                                                                                                                                                                                0x00406326
                                                                                                                                                                                                                                0x00406329
                                                                                                                                                                                                                                0x0040632c
                                                                                                                                                                                                                                0x0040632f
                                                                                                                                                                                                                                0x00406332
                                                                                                                                                                                                                                0x00406334
                                                                                                                                                                                                                                0x00406337
                                                                                                                                                                                                                                0x0040633a
                                                                                                                                                                                                                                0x0040633d
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a5
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x004064ab
                                                                                                                                                                                                                                0x004064ae
                                                                                                                                                                                                                                0x004064b1
                                                                                                                                                                                                                                0x004064b4
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b9
                                                                                                                                                                                                                                0x004064bc
                                                                                                                                                                                                                                0x004064bf
                                                                                                                                                                                                                                0x004064c2
                                                                                                                                                                                                                                0x004064c5
                                                                                                                                                                                                                                0x004064c8
                                                                                                                                                                                                                                0x004064c9
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064ce
                                                                                                                                                                                                                                0x004064d1
                                                                                                                                                                                                                                0x004064d4
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064da
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x00406722
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406728
                                                                                                                                                                                                                                0x0040672b
                                                                                                                                                                                                                                0x0040672e
                                                                                                                                                                                                                                0x00406731
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406736
                                                                                                                                                                                                                                0x00406739
                                                                                                                                                                                                                                0x0040673c
                                                                                                                                                                                                                                0x0040673f
                                                                                                                                                                                                                                0x00406742
                                                                                                                                                                                                                                0x00406745
                                                                                                                                                                                                                                0x00406746
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x0040674b
                                                                                                                                                                                                                                0x0040674e
                                                                                                                                                                                                                                0x00406751
                                                                                                                                                                                                                                0x00406754
                                                                                                                                                                                                                                0x00406757
                                                                                                                                                                                                                                0x0040675b
                                                                                                                                                                                                                                0x0040675d
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406762
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00406995
                                                                                                                                                                                                                                0x004069b7
                                                                                                                                                                                                                                0x004069bd
                                                                                                                                                                                                                                0x004069bf
                                                                                                                                                                                                                                0x004069c6
                                                                                                                                                                                                                                0x004069c8
                                                                                                                                                                                                                                0x004069cf
                                                                                                                                                                                                                                0x004069d3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x0040689f
                                                                                                                                                                                                                                0x004068a5
                                                                                                                                                                                                                                0x004068a8
                                                                                                                                                                                                                                0x004068ab
                                                                                                                                                                                                                                0x004068ae
                                                                                                                                                                                                                                0x004068b1
                                                                                                                                                                                                                                0x004068b4
                                                                                                                                                                                                                                0x004068b7
                                                                                                                                                                                                                                0x004068ba
                                                                                                                                                                                                                                0x004068c0
                                                                                                                                                                                                                                0x004068d9
                                                                                                                                                                                                                                0x004068dc
                                                                                                                                                                                                                                0x004068df
                                                                                                                                                                                                                                0x004068e2
                                                                                                                                                                                                                                0x004068e6
                                                                                                                                                                                                                                0x004068e8
                                                                                                                                                                                                                                0x004068e9
                                                                                                                                                                                                                                0x004068ec
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068ca
                                                                                                                                                                                                                                0x004068cf
                                                                                                                                                                                                                                0x004068d1
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068f6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x004068f6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040676b

                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                                                                                                                                                • Instruction ID: 868f2ec1f3ea74d7de1394d818727f69d5aca31e92bf34b5737afca42cfaef71
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E913171D00229CBEF28CF98C8547ADBBB1FF44305F15812AD856BB281C7789A9ADF44
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040647D, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                                                                			E0040647D() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040647d
                                                                                                                                                                                                                                0x0040647d
                                                                                                                                                                                                                                0x00406481
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x0040653b
                                                                                                                                                                                                                                0x00406547
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x0040642b
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a6
                                                                                                                                                                                                                                0x004067ac
                                                                                                                                                                                                                                0x004067b2
                                                                                                                                                                                                                                0x004067cc
                                                                                                                                                                                                                                0x004067cf
                                                                                                                                                                                                                                0x004067d5
                                                                                                                                                                                                                                0x004067e0
                                                                                                                                                                                                                                0x004067e2
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067c3
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067ec
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004067ee
                                                                                                                                                                                                                                0x004067ee
                                                                                                                                                                                                                                0x004067f2
                                                                                                                                                                                                                                0x004069a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069a1
                                                                                                                                                                                                                                0x004067fe
                                                                                                                                                                                                                                0x00406805
                                                                                                                                                                                                                                0x0040680d
                                                                                                                                                                                                                                0x00406810
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406810
                                                                                                                                                                                                                                0x00406487
                                                                                                                                                                                                                                0x0040648b
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x004069cf
                                                                                                                                                                                                                                0x004069d3
                                                                                                                                                                                                                                0x004069d3
                                                                                                                                                                                                                                0x00406491
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x0040649a
                                                                                                                                                                                                                                0x0040649e
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a5
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x004069b7
                                                                                                                                                                                                                                0x004069bf
                                                                                                                                                                                                                                0x004069c6
                                                                                                                                                                                                                                0x004069c8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069c8
                                                                                                                                                                                                                                0x004064ab
                                                                                                                                                                                                                                0x004064ae
                                                                                                                                                                                                                                0x004064b4
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b9
                                                                                                                                                                                                                                0x004064bc
                                                                                                                                                                                                                                0x004064bf
                                                                                                                                                                                                                                0x004064c2
                                                                                                                                                                                                                                0x004064c5
                                                                                                                                                                                                                                0x004064c8
                                                                                                                                                                                                                                0x004064c9
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064ce
                                                                                                                                                                                                                                0x004064d1
                                                                                                                                                                                                                                0x004064d4
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064da
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fcf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fd8
                                                                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                                                                0x00405fde
                                                                                                                                                                                                                                0x00405fe2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fe8
                                                                                                                                                                                                                                0x00405feb
                                                                                                                                                                                                                                0x00405fed
                                                                                                                                                                                                                                0x00405fee
                                                                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                                                                0x00405ff3
                                                                                                                                                                                                                                0x00405ff4
                                                                                                                                                                                                                                0x00405ff6
                                                                                                                                                                                                                                0x00405ff9
                                                                                                                                                                                                                                0x00405ffe
                                                                                                                                                                                                                                0x00406003
                                                                                                                                                                                                                                0x0040600c
                                                                                                                                                                                                                                0x0040601f
                                                                                                                                                                                                                                0x00406022
                                                                                                                                                                                                                                0x0040602e
                                                                                                                                                                                                                                0x00406056
                                                                                                                                                                                                                                0x00406058
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x0040606a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605d
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x00406034
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406042
                                                                                                                                                                                                                                0x0040604a
                                                                                                                                                                                                                                0x0040604d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406074
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x0040607d
                                                                                                                                                                                                                                0x0040608d
                                                                                                                                                                                                                                0x00406090
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406096
                                                                                                                                                                                                                                0x0040609a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040609c
                                                                                                                                                                                                                                0x004060a2
                                                                                                                                                                                                                                0x004060cc
                                                                                                                                                                                                                                0x004060d2
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x004060a8
                                                                                                                                                                                                                                0x004060ab
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060bb
                                                                                                                                                                                                                                0x004060c3
                                                                                                                                                                                                                                0x004060c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040610b
                                                                                                                                                                                                                                0x00406111
                                                                                                                                                                                                                                0x00406114
                                                                                                                                                                                                                                0x00406121
                                                                                                                                                                                                                                0x00406129
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e4
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x004060f0
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fe
                                                                                                                                                                                                                                0x00406101
                                                                                                                                                                                                                                0x00406104
                                                                                                                                                                                                                                0x00406109
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406131
                                                                                                                                                                                                                                0x00406133
                                                                                                                                                                                                                                0x00406136
                                                                                                                                                                                                                                0x004061a7
                                                                                                                                                                                                                                0x004061aa
                                                                                                                                                                                                                                0x004061ad
                                                                                                                                                                                                                                0x004061b4
                                                                                                                                                                                                                                0x004061be
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061be
                                                                                                                                                                                                                                0x00406138
                                                                                                                                                                                                                                0x0040613c
                                                                                                                                                                                                                                0x0040613f
                                                                                                                                                                                                                                0x00406141
                                                                                                                                                                                                                                0x00406144
                                                                                                                                                                                                                                0x00406147
                                                                                                                                                                                                                                0x00406149
                                                                                                                                                                                                                                0x0040614c
                                                                                                                                                                                                                                0x0040614e
                                                                                                                                                                                                                                0x00406153
                                                                                                                                                                                                                                0x00406156
                                                                                                                                                                                                                                0x00406159
                                                                                                                                                                                                                                0x0040615d
                                                                                                                                                                                                                                0x00406164
                                                                                                                                                                                                                                0x00406167
                                                                                                                                                                                                                                0x0040616e
                                                                                                                                                                                                                                0x00406172
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x0040617e
                                                                                                                                                                                                                                0x00406181
                                                                                                                                                                                                                                0x0040619f
                                                                                                                                                                                                                                0x004061a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406186
                                                                                                                                                                                                                                0x00406189
                                                                                                                                                                                                                                0x0040618c
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x00406191
                                                                                                                                                                                                                                0x00406194
                                                                                                                                                                                                                                0x00406196
                                                                                                                                                                                                                                0x00406197
                                                                                                                                                                                                                                0x0040619a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040619a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063d0
                                                                                                                                                                                                                                0x004063d4
                                                                                                                                                                                                                                0x004063f2
                                                                                                                                                                                                                                0x004063f5
                                                                                                                                                                                                                                0x004063fc
                                                                                                                                                                                                                                0x004063ff
                                                                                                                                                                                                                                0x00406402
                                                                                                                                                                                                                                0x00406405
                                                                                                                                                                                                                                0x00406408
                                                                                                                                                                                                                                0x0040640b
                                                                                                                                                                                                                                0x0040640d
                                                                                                                                                                                                                                0x00406414
                                                                                                                                                                                                                                0x00406415
                                                                                                                                                                                                                                0x00406417
                                                                                                                                                                                                                                0x0040641a
                                                                                                                                                                                                                                0x0040641d
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x004063d6
                                                                                                                                                                                                                                0x004063d9
                                                                                                                                                                                                                                0x004063dc
                                                                                                                                                                                                                                0x004063e6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040643a
                                                                                                                                                                                                                                0x0040643e
                                                                                                                                                                                                                                0x00406461
                                                                                                                                                                                                                                0x00406464
                                                                                                                                                                                                                                0x00406467
                                                                                                                                                                                                                                0x00406471
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406443
                                                                                                                                                                                                                                0x00406446
                                                                                                                                                                                                                                0x00406449
                                                                                                                                                                                                                                0x00406456
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064ee
                                                                                                                                                                                                                                0x004064f2
                                                                                                                                                                                                                                0x004064f9
                                                                                                                                                                                                                                0x004064fc
                                                                                                                                                                                                                                0x004064ff
                                                                                                                                                                                                                                0x00406509
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406509
                                                                                                                                                                                                                                0x004064f4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406515
                                                                                                                                                                                                                                0x00406519
                                                                                                                                                                                                                                0x00406520
                                                                                                                                                                                                                                0x00406523
                                                                                                                                                                                                                                0x00406526
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x00406529
                                                                                                                                                                                                                                0x0040652c
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x00406532
                                                                                                                                                                                                                                0x00406535
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d9
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x004065df
                                                                                                                                                                                                                                0x004065e2
                                                                                                                                                                                                                                0x004065e5
                                                                                                                                                                                                                                0x004065e9
                                                                                                                                                                                                                                0x004065ec
                                                                                                                                                                                                                                0x004065f2
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f7
                                                                                                                                                                                                                                0x004065fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ce
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x004061d4
                                                                                                                                                                                                                                0x004061d7
                                                                                                                                                                                                                                0x004061da
                                                                                                                                                                                                                                0x004061de
                                                                                                                                                                                                                                0x004061e1
                                                                                                                                                                                                                                0x004061e7
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061ec
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061f2
                                                                                                                                                                                                                                0x004061f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061fb
                                                                                                                                                                                                                                0x00406201
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x0040620b
                                                                                                                                                                                                                                0x0040620e
                                                                                                                                                                                                                                0x00406211
                                                                                                                                                                                                                                0x00406214
                                                                                                                                                                                                                                0x00406217
                                                                                                                                                                                                                                0x00406218
                                                                                                                                                                                                                                0x0040621b
                                                                                                                                                                                                                                0x0040621d
                                                                                                                                                                                                                                0x00406223
                                                                                                                                                                                                                                0x00406226
                                                                                                                                                                                                                                0x00406229
                                                                                                                                                                                                                                0x0040622c
                                                                                                                                                                                                                                0x0040622f
                                                                                                                                                                                                                                0x00406232
                                                                                                                                                                                                                                0x00406235
                                                                                                                                                                                                                                0x00406251
                                                                                                                                                                                                                                0x00406254
                                                                                                                                                                                                                                0x00406257
                                                                                                                                                                                                                                0x0040625a
                                                                                                                                                                                                                                0x00406261
                                                                                                                                                                                                                                0x00406265
                                                                                                                                                                                                                                0x00406267
                                                                                                                                                                                                                                0x0040626b
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x0040623b
                                                                                                                                                                                                                                0x00406243
                                                                                                                                                                                                                                0x00406248
                                                                                                                                                                                                                                0x0040624a
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040626e
                                                                                                                                                                                                                                0x00406275
                                                                                                                                                                                                                                0x00406278
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406287
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x0040628d
                                                                                                                                                                                                                                0x00406290
                                                                                                                                                                                                                                0x00406293
                                                                                                                                                                                                                                0x00406297
                                                                                                                                                                                                                                0x0040629a
                                                                                                                                                                                                                                0x004062a0
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a5
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062ae
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004062b0
                                                                                                                                                                                                                                0x004062b3
                                                                                                                                                                                                                                0x004062b6
                                                                                                                                                                                                                                0x004062b9
                                                                                                                                                                                                                                0x004062bc
                                                                                                                                                                                                                                0x004062bf
                                                                                                                                                                                                                                0x004062c2
                                                                                                                                                                                                                                0x004062c5
                                                                                                                                                                                                                                0x004062c8
                                                                                                                                                                                                                                0x004062cb
                                                                                                                                                                                                                                0x004062ce
                                                                                                                                                                                                                                0x004062e6
                                                                                                                                                                                                                                0x004062e9
                                                                                                                                                                                                                                0x004062ec
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062f2
                                                                                                                                                                                                                                0x004062f6
                                                                                                                                                                                                                                0x004062f8
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d8
                                                                                                                                                                                                                                0x004062dd
                                                                                                                                                                                                                                0x004062df
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062fb
                                                                                                                                                                                                                                0x00406302
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x0040634b
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00406351
                                                                                                                                                                                                                                0x00406354
                                                                                                                                                                                                                                0x00406357
                                                                                                                                                                                                                                0x0040635b
                                                                                                                                                                                                                                0x0040635e
                                                                                                                                                                                                                                0x00406364
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406369
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x00406372
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406377
                                                                                                                                                                                                                                0x0040637a
                                                                                                                                                                                                                                0x0040637d
                                                                                                                                                                                                                                0x00406380
                                                                                                                                                                                                                                0x00406383
                                                                                                                                                                                                                                0x00406386
                                                                                                                                                                                                                                0x00406389
                                                                                                                                                                                                                                0x0040638c
                                                                                                                                                                                                                                0x0040638f
                                                                                                                                                                                                                                0x00406392
                                                                                                                                                                                                                                0x004063aa
                                                                                                                                                                                                                                0x004063ad
                                                                                                                                                                                                                                0x004063b0
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b6
                                                                                                                                                                                                                                0x004063ba
                                                                                                                                                                                                                                0x004063bc
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x0040639c
                                                                                                                                                                                                                                0x004063a1
                                                                                                                                                                                                                                0x004063a3
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063bf
                                                                                                                                                                                                                                0x004063c6
                                                                                                                                                                                                                                0x004063c9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x0040665c
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00406662
                                                                                                                                                                                                                                0x00406665
                                                                                                                                                                                                                                0x00406668
                                                                                                                                                                                                                                0x0040666c
                                                                                                                                                                                                                                0x0040666f
                                                                                                                                                                                                                                0x00406675
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x0040667a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406767
                                                                                                                                                                                                                                0x0040676b
                                                                                                                                                                                                                                0x0040678d
                                                                                                                                                                                                                                0x00406790
                                                                                                                                                                                                                                0x0040679a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679a
                                                                                                                                                                                                                                0x0040676d
                                                                                                                                                                                                                                0x00406770
                                                                                                                                                                                                                                0x00406774
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x0040677a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406824
                                                                                                                                                                                                                                0x00406828
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x0040684d
                                                                                                                                                                                                                                0x00406854
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x0040682a
                                                                                                                                                                                                                                0x0040682d
                                                                                                                                                                                                                                0x00406830
                                                                                                                                                                                                                                0x00406833
                                                                                                                                                                                                                                0x0040683a
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x00406781
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406915
                                                                                                                                                                                                                                0x00406918
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040654f
                                                                                                                                                                                                                                0x00406551
                                                                                                                                                                                                                                0x00406558
                                                                                                                                                                                                                                0x00406559
                                                                                                                                                                                                                                0x0040655b
                                                                                                                                                                                                                                0x0040655e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406566
                                                                                                                                                                                                                                0x00406569
                                                                                                                                                                                                                                0x0040656c
                                                                                                                                                                                                                                0x0040656e
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406571
                                                                                                                                                                                                                                0x00406574
                                                                                                                                                                                                                                0x0040657b
                                                                                                                                                                                                                                0x0040657e
                                                                                                                                                                                                                                0x0040658c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406865
                                                                                                                                                                                                                                0x0040686c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406875
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x0040687b
                                                                                                                                                                                                                                0x0040687e
                                                                                                                                                                                                                                0x00406881
                                                                                                                                                                                                                                0x00406885
                                                                                                                                                                                                                                0x00406888
                                                                                                                                                                                                                                0x0040688e
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406893
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x0040689d
                                                                                                                                                                                                                                0x004068fd
                                                                                                                                                                                                                                0x00406900
                                                                                                                                                                                                                                0x00406905
                                                                                                                                                                                                                                0x00406906
                                                                                                                                                                                                                                0x00406908
                                                                                                                                                                                                                                0x0040690a
                                                                                                                                                                                                                                0x0040690d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040690d
                                                                                                                                                                                                                                0x0040689f
                                                                                                                                                                                                                                0x004068a5
                                                                                                                                                                                                                                0x004068a8
                                                                                                                                                                                                                                0x004068ab
                                                                                                                                                                                                                                0x004068ae
                                                                                                                                                                                                                                0x004068b1
                                                                                                                                                                                                                                0x004068b4
                                                                                                                                                                                                                                0x004068b7
                                                                                                                                                                                                                                0x004068ba
                                                                                                                                                                                                                                0x004068bd
                                                                                                                                                                                                                                0x004068c0
                                                                                                                                                                                                                                0x004068d9
                                                                                                                                                                                                                                0x004068dc
                                                                                                                                                                                                                                0x004068df
                                                                                                                                                                                                                                0x004068e2
                                                                                                                                                                                                                                0x004068e6
                                                                                                                                                                                                                                0x004068e8
                                                                                                                                                                                                                                0x004068e8
                                                                                                                                                                                                                                0x004068e9
                                                                                                                                                                                                                                0x004068ec
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068ca
                                                                                                                                                                                                                                0x004068cf
                                                                                                                                                                                                                                0x004068d1
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068ef
                                                                                                                                                                                                                                0x004068f6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406594
                                                                                                                                                                                                                                0x00406597
                                                                                                                                                                                                                                0x004065cd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406703
                                                                                                                                                                                                                                0x00406705
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x0040670b
                                                                                                                                                                                                                                0x0040670e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406714
                                                                                                                                                                                                                                0x00406718
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00406599
                                                                                                                                                                                                                                0x0040659b
                                                                                                                                                                                                                                0x0040659d
                                                                                                                                                                                                                                0x0040659f
                                                                                                                                                                                                                                0x004065a2
                                                                                                                                                                                                                                0x004065a3
                                                                                                                                                                                                                                0x004065a5
                                                                                                                                                                                                                                0x004065a7
                                                                                                                                                                                                                                0x004065aa
                                                                                                                                                                                                                                0x004065ad
                                                                                                                                                                                                                                0x004065c3
                                                                                                                                                                                                                                0x004065c8
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406604
                                                                                                                                                                                                                                0x00406630
                                                                                                                                                                                                                                0x00406632
                                                                                                                                                                                                                                0x00406639
                                                                                                                                                                                                                                0x0040663c
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406646
                                                                                                                                                                                                                                0x00406649
                                                                                                                                                                                                                                0x00406650
                                                                                                                                                                                                                                0x00406653
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406683
                                                                                                                                                                                                                                0x00406686
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00406688
                                                                                                                                                                                                                                0x0040668e
                                                                                                                                                                                                                                0x00406691
                                                                                                                                                                                                                                0x00406694
                                                                                                                                                                                                                                0x00406697
                                                                                                                                                                                                                                0x0040669a
                                                                                                                                                                                                                                0x0040669d
                                                                                                                                                                                                                                0x004066a0
                                                                                                                                                                                                                                0x004066a3
                                                                                                                                                                                                                                0x004066a6
                                                                                                                                                                                                                                0x004066a9
                                                                                                                                                                                                                                0x004066c2
                                                                                                                                                                                                                                0x004066c4
                                                                                                                                                                                                                                0x004066c7
                                                                                                                                                                                                                                0x004066c8
                                                                                                                                                                                                                                0x004066cb
                                                                                                                                                                                                                                0x004066cd
                                                                                                                                                                                                                                0x004066d0
                                                                                                                                                                                                                                0x004066d2
                                                                                                                                                                                                                                0x004066d4
                                                                                                                                                                                                                                0x004066d7
                                                                                                                                                                                                                                0x004066d9
                                                                                                                                                                                                                                0x004066dc
                                                                                                                                                                                                                                0x004066e0
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e3
                                                                                                                                                                                                                                0x004066e6
                                                                                                                                                                                                                                0x004066e9
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066b3
                                                                                                                                                                                                                                0x004066b8
                                                                                                                                                                                                                                0x004066ba
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066ec
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x00406606
                                                                                                                                                                                                                                0x00406609
                                                                                                                                                                                                                                0x0040660b
                                                                                                                                                                                                                                0x0040660e
                                                                                                                                                                                                                                0x00406611
                                                                                                                                                                                                                                0x00406614
                                                                                                                                                                                                                                0x00406616
                                                                                                                                                                                                                                0x00406619
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x00406622
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065af
                                                                                                                                                                                                                                0x004065b2
                                                                                                                                                                                                                                0x004065b4
                                                                                                                                                                                                                                0x004065b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x0040631a
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00406320
                                                                                                                                                                                                                                0x00406323
                                                                                                                                                                                                                                0x00406326
                                                                                                                                                                                                                                0x00406329
                                                                                                                                                                                                                                0x0040632c
                                                                                                                                                                                                                                0x0040632f
                                                                                                                                                                                                                                0x00406332
                                                                                                                                                                                                                                0x00406334
                                                                                                                                                                                                                                0x00406337
                                                                                                                                                                                                                                0x0040633a
                                                                                                                                                                                                                                0x0040633d
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x00406722
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406728
                                                                                                                                                                                                                                0x0040672b
                                                                                                                                                                                                                                0x0040672e
                                                                                                                                                                                                                                0x00406731
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406736
                                                                                                                                                                                                                                0x00406739
                                                                                                                                                                                                                                0x0040673c
                                                                                                                                                                                                                                0x0040673f
                                                                                                                                                                                                                                0x00406742
                                                                                                                                                                                                                                0x00406745
                                                                                                                                                                                                                                0x00406746
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x0040674b
                                                                                                                                                                                                                                0x0040674e
                                                                                                                                                                                                                                0x00406751
                                                                                                                                                                                                                                0x00406754
                                                                                                                                                                                                                                0x00406757
                                                                                                                                                                                                                                0x0040675b
                                                                                                                                                                                                                                0x0040675d
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406762
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406762
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00406995
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4

                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                                                                                                                                                • Instruction ID: e06b97397237a54a8f7c6fae7a0c48c933f493286525731b7b3672fa0d973436
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 678155B1D00229CFDF24CFA8C8447ADBBB1FB44305F25816AD456BB281D7789A96CF54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405F82, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                                                                			E00405F82(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004069D4))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                                                                                                                                0x00405f92
                                                                                                                                                                                                                                0x00405f99
                                                                                                                                                                                                                                0x00405f9f
                                                                                                                                                                                                                                0x00405fa5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fa9
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fcb
                                                                                                                                                                                                                                0x00405fcf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fd8
                                                                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                                                                0x00405fde
                                                                                                                                                                                                                                0x00405fe0
                                                                                                                                                                                                                                0x00405fe2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fe8
                                                                                                                                                                                                                                0x00405feb
                                                                                                                                                                                                                                0x00405fed
                                                                                                                                                                                                                                0x00405fee
                                                                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                                                                0x00405ff3
                                                                                                                                                                                                                                0x00405ff4
                                                                                                                                                                                                                                0x00405ff6
                                                                                                                                                                                                                                0x00405ff9
                                                                                                                                                                                                                                0x00405ffe
                                                                                                                                                                                                                                0x00406003
                                                                                                                                                                                                                                0x0040600c
                                                                                                                                                                                                                                0x0040601f
                                                                                                                                                                                                                                0x00406022
                                                                                                                                                                                                                                0x0040602b
                                                                                                                                                                                                                                0x0040602e
                                                                                                                                                                                                                                0x00406056
                                                                                                                                                                                                                                0x00406056
                                                                                                                                                                                                                                0x00406058
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x0040606a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605d
                                                                                                                                                                                                                                0x0040605d
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x00406030
                                                                                                                                                                                                                                0x00406034
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406042
                                                                                                                                                                                                                                0x00406048
                                                                                                                                                                                                                                0x0040604a
                                                                                                                                                                                                                                0x0040604d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406074
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x0040607d
                                                                                                                                                                                                                                0x0040608d
                                                                                                                                                                                                                                0x00406090
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406096
                                                                                                                                                                                                                                0x00406096
                                                                                                                                                                                                                                0x0040609a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040609c
                                                                                                                                                                                                                                0x0040609f
                                                                                                                                                                                                                                0x004060a2
                                                                                                                                                                                                                                0x004060cc
                                                                                                                                                                                                                                0x004060d2
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x004060a4
                                                                                                                                                                                                                                0x004060a8
                                                                                                                                                                                                                                0x004060ab
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060bb
                                                                                                                                                                                                                                0x004060c1
                                                                                                                                                                                                                                0x004060c3
                                                                                                                                                                                                                                0x004060c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040610b
                                                                                                                                                                                                                                0x00406111
                                                                                                                                                                                                                                0x00406114
                                                                                                                                                                                                                                0x00406121
                                                                                                                                                                                                                                0x00406129
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e4
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x004060f0
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fe
                                                                                                                                                                                                                                0x00406101
                                                                                                                                                                                                                                0x00406104
                                                                                                                                                                                                                                0x00406107
                                                                                                                                                                                                                                0x00406109
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a6
                                                                                                                                                                                                                                0x004067ac
                                                                                                                                                                                                                                0x004067af
                                                                                                                                                                                                                                0x004067b2
                                                                                                                                                                                                                                0x004067cc
                                                                                                                                                                                                                                0x004067cf
                                                                                                                                                                                                                                0x004067d5
                                                                                                                                                                                                                                0x004067e0
                                                                                                                                                                                                                                0x004067e0
                                                                                                                                                                                                                                0x004067e2
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067c3
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067e5
                                                                                                                                                                                                                                0x004067ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004067ee
                                                                                                                                                                                                                                0x004067ee
                                                                                                                                                                                                                                0x004067f2
                                                                                                                                                                                                                                0x004069a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069a1
                                                                                                                                                                                                                                0x004067fe
                                                                                                                                                                                                                                0x00406805
                                                                                                                                                                                                                                0x0040680d
                                                                                                                                                                                                                                0x0040680d
                                                                                                                                                                                                                                0x0040680d
                                                                                                                                                                                                                                0x00406810
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406131
                                                                                                                                                                                                                                0x00406133
                                                                                                                                                                                                                                0x00406136
                                                                                                                                                                                                                                0x004061a7
                                                                                                                                                                                                                                0x004061aa
                                                                                                                                                                                                                                0x004061ad
                                                                                                                                                                                                                                0x004061b4
                                                                                                                                                                                                                                0x004061be
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061be
                                                                                                                                                                                                                                0x00406138
                                                                                                                                                                                                                                0x0040613c
                                                                                                                                                                                                                                0x0040613f
                                                                                                                                                                                                                                0x00406141
                                                                                                                                                                                                                                0x00406144
                                                                                                                                                                                                                                0x00406147
                                                                                                                                                                                                                                0x00406149
                                                                                                                                                                                                                                0x0040614c
                                                                                                                                                                                                                                0x0040614e
                                                                                                                                                                                                                                0x00406153
                                                                                                                                                                                                                                0x00406156
                                                                                                                                                                                                                                0x00406159
                                                                                                                                                                                                                                0x0040615d
                                                                                                                                                                                                                                0x00406164
                                                                                                                                                                                                                                0x00406167
                                                                                                                                                                                                                                0x0040616e
                                                                                                                                                                                                                                0x00406172
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x0040617e
                                                                                                                                                                                                                                0x00406181
                                                                                                                                                                                                                                0x0040619f
                                                                                                                                                                                                                                0x004061a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061a1
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406186
                                                                                                                                                                                                                                0x00406189
                                                                                                                                                                                                                                0x0040618c
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x00406191
                                                                                                                                                                                                                                0x00406194
                                                                                                                                                                                                                                0x00406196
                                                                                                                                                                                                                                0x00406197
                                                                                                                                                                                                                                0x0040619a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063d0
                                                                                                                                                                                                                                0x004063d4
                                                                                                                                                                                                                                0x004063f2
                                                                                                                                                                                                                                0x004063f5
                                                                                                                                                                                                                                0x004063fc
                                                                                                                                                                                                                                0x004063ff
                                                                                                                                                                                                                                0x00406402
                                                                                                                                                                                                                                0x00406405
                                                                                                                                                                                                                                0x00406408
                                                                                                                                                                                                                                0x0040640b
                                                                                                                                                                                                                                0x0040640d
                                                                                                                                                                                                                                0x00406414
                                                                                                                                                                                                                                0x00406415
                                                                                                                                                                                                                                0x00406417
                                                                                                                                                                                                                                0x0040641a
                                                                                                                                                                                                                                0x0040641d
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x004063d6
                                                                                                                                                                                                                                0x004063d9
                                                                                                                                                                                                                                0x004063dc
                                                                                                                                                                                                                                0x004063e6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040643a
                                                                                                                                                                                                                                0x0040643e
                                                                                                                                                                                                                                0x00406461
                                                                                                                                                                                                                                0x00406464
                                                                                                                                                                                                                                0x00406467
                                                                                                                                                                                                                                0x00406471
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406443
                                                                                                                                                                                                                                0x00406446
                                                                                                                                                                                                                                0x00406449
                                                                                                                                                                                                                                0x00406456
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040647d
                                                                                                                                                                                                                                0x00406481
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406487
                                                                                                                                                                                                                                0x0040648b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406491
                                                                                                                                                                                                                                0x00406493
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x0040649a
                                                                                                                                                                                                                                0x0040649e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064ee
                                                                                                                                                                                                                                0x004064f2
                                                                                                                                                                                                                                0x004064f9
                                                                                                                                                                                                                                0x004064fc
                                                                                                                                                                                                                                0x004064ff
                                                                                                                                                                                                                                0x00406509
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406509
                                                                                                                                                                                                                                0x004064f4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406515
                                                                                                                                                                                                                                0x00406519
                                                                                                                                                                                                                                0x00406520
                                                                                                                                                                                                                                0x00406523
                                                                                                                                                                                                                                0x00406526
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x00406529
                                                                                                                                                                                                                                0x0040652c
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x00406532
                                                                                                                                                                                                                                0x00406535
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x0040653b
                                                                                                                                                                                                                                0x00406542
                                                                                                                                                                                                                                0x00406547
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d9
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x004065df
                                                                                                                                                                                                                                0x004065e2
                                                                                                                                                                                                                                0x004065e5
                                                                                                                                                                                                                                0x004065e9
                                                                                                                                                                                                                                0x004065ec
                                                                                                                                                                                                                                0x004065f2
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f7
                                                                                                                                                                                                                                0x004065fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ce
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x004061d4
                                                                                                                                                                                                                                0x004061d7
                                                                                                                                                                                                                                0x004061da
                                                                                                                                                                                                                                0x004061de
                                                                                                                                                                                                                                0x004061e1
                                                                                                                                                                                                                                0x004061e7
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061ec
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061f2
                                                                                                                                                                                                                                0x004061f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061fb
                                                                                                                                                                                                                                0x00406201
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x0040620b
                                                                                                                                                                                                                                0x0040620e
                                                                                                                                                                                                                                0x00406211
                                                                                                                                                                                                                                0x00406214
                                                                                                                                                                                                                                0x00406217
                                                                                                                                                                                                                                0x00406218
                                                                                                                                                                                                                                0x0040621b
                                                                                                                                                                                                                                0x0040621d
                                                                                                                                                                                                                                0x00406223
                                                                                                                                                                                                                                0x00406226
                                                                                                                                                                                                                                0x00406229
                                                                                                                                                                                                                                0x0040622c
                                                                                                                                                                                                                                0x0040622f
                                                                                                                                                                                                                                0x00406232
                                                                                                                                                                                                                                0x00406235
                                                                                                                                                                                                                                0x00406251
                                                                                                                                                                                                                                0x00406254
                                                                                                                                                                                                                                0x00406257
                                                                                                                                                                                                                                0x0040625a
                                                                                                                                                                                                                                0x00406261
                                                                                                                                                                                                                                0x00406265
                                                                                                                                                                                                                                0x00406267
                                                                                                                                                                                                                                0x0040626b
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x0040623b
                                                                                                                                                                                                                                0x00406243
                                                                                                                                                                                                                                0x00406248
                                                                                                                                                                                                                                0x0040624a
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040626e
                                                                                                                                                                                                                                0x00406275
                                                                                                                                                                                                                                0x00406278
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406287
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x0040628d
                                                                                                                                                                                                                                0x00406290
                                                                                                                                                                                                                                0x00406293
                                                                                                                                                                                                                                0x00406297
                                                                                                                                                                                                                                0x0040629a
                                                                                                                                                                                                                                0x004062a0
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a5
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062ae
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004062b0
                                                                                                                                                                                                                                0x004062b3
                                                                                                                                                                                                                                0x004062b6
                                                                                                                                                                                                                                0x004062b9
                                                                                                                                                                                                                                0x004062bc
                                                                                                                                                                                                                                0x004062bf
                                                                                                                                                                                                                                0x004062c2
                                                                                                                                                                                                                                0x004062c5
                                                                                                                                                                                                                                0x004062c8
                                                                                                                                                                                                                                0x004062cb
                                                                                                                                                                                                                                0x004062ce
                                                                                                                                                                                                                                0x004062e6
                                                                                                                                                                                                                                0x004062e9
                                                                                                                                                                                                                                0x004062ec
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062f2
                                                                                                                                                                                                                                0x004062f6
                                                                                                                                                                                                                                0x004062f8
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d8
                                                                                                                                                                                                                                0x004062dd
                                                                                                                                                                                                                                0x004062df
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062fb
                                                                                                                                                                                                                                0x00406302
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x0040634b
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00406351
                                                                                                                                                                                                                                0x00406354
                                                                                                                                                                                                                                0x00406357
                                                                                                                                                                                                                                0x0040635b
                                                                                                                                                                                                                                0x0040635e
                                                                                                                                                                                                                                0x00406364
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406369
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x00406372
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406377
                                                                                                                                                                                                                                0x0040637a
                                                                                                                                                                                                                                0x0040637d
                                                                                                                                                                                                                                0x00406380
                                                                                                                                                                                                                                0x00406383
                                                                                                                                                                                                                                0x00406386
                                                                                                                                                                                                                                0x00406389
                                                                                                                                                                                                                                0x0040638c
                                                                                                                                                                                                                                0x0040638f
                                                                                                                                                                                                                                0x00406392
                                                                                                                                                                                                                                0x004063aa
                                                                                                                                                                                                                                0x004063ad
                                                                                                                                                                                                                                0x004063b0
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b6
                                                                                                                                                                                                                                0x004063ba
                                                                                                                                                                                                                                0x004063bc
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x0040639c
                                                                                                                                                                                                                                0x004063a1
                                                                                                                                                                                                                                0x004063a3
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063bf
                                                                                                                                                                                                                                0x004063c6
                                                                                                                                                                                                                                0x004063c9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x0040665c
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00406662
                                                                                                                                                                                                                                0x00406665
                                                                                                                                                                                                                                0x00406668
                                                                                                                                                                                                                                0x0040666c
                                                                                                                                                                                                                                0x0040666f
                                                                                                                                                                                                                                0x00406675
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x0040667a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x0040642b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406767
                                                                                                                                                                                                                                0x0040676b
                                                                                                                                                                                                                                0x0040678d
                                                                                                                                                                                                                                0x00406790
                                                                                                                                                                                                                                0x0040679a
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040676d
                                                                                                                                                                                                                                0x00406770
                                                                                                                                                                                                                                0x00406774
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x0040677a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406824
                                                                                                                                                                                                                                0x00406828
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x0040684d
                                                                                                                                                                                                                                0x00406854
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x0040682a
                                                                                                                                                                                                                                0x0040682d
                                                                                                                                                                                                                                0x00406830
                                                                                                                                                                                                                                0x00406833
                                                                                                                                                                                                                                0x0040683a
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x00406781
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406915
                                                                                                                                                                                                                                0x00406918
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040654f
                                                                                                                                                                                                                                0x00406551
                                                                                                                                                                                                                                0x00406558
                                                                                                                                                                                                                                0x00406559
                                                                                                                                                                                                                                0x0040655b
                                                                                                                                                                                                                                0x0040655e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406566
                                                                                                                                                                                                                                0x00406569
                                                                                                                                                                                                                                0x0040656c
                                                                                                                                                                                                                                0x0040656e
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406571
                                                                                                                                                                                                                                0x00406574
                                                                                                                                                                                                                                0x0040657b
                                                                                                                                                                                                                                0x0040657e
                                                                                                                                                                                                                                0x0040658c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406865
                                                                                                                                                                                                                                0x0040686c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406875
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x0040687b
                                                                                                                                                                                                                                0x0040687e
                                                                                                                                                                                                                                0x00406881
                                                                                                                                                                                                                                0x00406885
                                                                                                                                                                                                                                0x00406888
                                                                                                                                                                                                                                0x0040688e
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406893
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x0040689d
                                                                                                                                                                                                                                0x004068fd
                                                                                                                                                                                                                                0x00406900
                                                                                                                                                                                                                                0x00406905
                                                                                                                                                                                                                                0x00406906
                                                                                                                                                                                                                                0x00406908
                                                                                                                                                                                                                                0x0040690a
                                                                                                                                                                                                                                0x0040690d
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x0040689f
                                                                                                                                                                                                                                0x004068a5
                                                                                                                                                                                                                                0x004068a8
                                                                                                                                                                                                                                0x004068ab
                                                                                                                                                                                                                                0x004068ae
                                                                                                                                                                                                                                0x004068b1
                                                                                                                                                                                                                                0x004068b4
                                                                                                                                                                                                                                0x004068b7
                                                                                                                                                                                                                                0x004068ba
                                                                                                                                                                                                                                0x004068bd
                                                                                                                                                                                                                                0x004068c0
                                                                                                                                                                                                                                0x004068d9
                                                                                                                                                                                                                                0x004068dc
                                                                                                                                                                                                                                0x004068df
                                                                                                                                                                                                                                0x004068e2
                                                                                                                                                                                                                                0x004068e6
                                                                                                                                                                                                                                0x004068e8
                                                                                                                                                                                                                                0x004068e8
                                                                                                                                                                                                                                0x004068e9
                                                                                                                                                                                                                                0x004068ec
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068ca
                                                                                                                                                                                                                                0x004068cf
                                                                                                                                                                                                                                0x004068d1
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068ef
                                                                                                                                                                                                                                0x004068f6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406594
                                                                                                                                                                                                                                0x00406597
                                                                                                                                                                                                                                0x004065cd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406703
                                                                                                                                                                                                                                0x00406705
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x0040670b
                                                                                                                                                                                                                                0x0040670e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406714
                                                                                                                                                                                                                                0x00406718
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00406599
                                                                                                                                                                                                                                0x0040659b
                                                                                                                                                                                                                                0x0040659d
                                                                                                                                                                                                                                0x0040659f
                                                                                                                                                                                                                                0x004065a2
                                                                                                                                                                                                                                0x004065a3
                                                                                                                                                                                                                                0x004065a5
                                                                                                                                                                                                                                0x004065a7
                                                                                                                                                                                                                                0x004065aa
                                                                                                                                                                                                                                0x004065ad
                                                                                                                                                                                                                                0x004065c3
                                                                                                                                                                                                                                0x004065c8
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406604
                                                                                                                                                                                                                                0x00406630
                                                                                                                                                                                                                                0x00406632
                                                                                                                                                                                                                                0x00406639
                                                                                                                                                                                                                                0x0040663c
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406646
                                                                                                                                                                                                                                0x00406649
                                                                                                                                                                                                                                0x00406650
                                                                                                                                                                                                                                0x00406653
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406683
                                                                                                                                                                                                                                0x00406686
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00406688
                                                                                                                                                                                                                                0x0040668e
                                                                                                                                                                                                                                0x00406691
                                                                                                                                                                                                                                0x00406694
                                                                                                                                                                                                                                0x00406697
                                                                                                                                                                                                                                0x0040669a
                                                                                                                                                                                                                                0x0040669d
                                                                                                                                                                                                                                0x004066a0
                                                                                                                                                                                                                                0x004066a3
                                                                                                                                                                                                                                0x004066a6
                                                                                                                                                                                                                                0x004066a9
                                                                                                                                                                                                                                0x004066c2
                                                                                                                                                                                                                                0x004066c4
                                                                                                                                                                                                                                0x004066c7
                                                                                                                                                                                                                                0x004066c8
                                                                                                                                                                                                                                0x004066cb
                                                                                                                                                                                                                                0x004066cd
                                                                                                                                                                                                                                0x004066d0
                                                                                                                                                                                                                                0x004066d2
                                                                                                                                                                                                                                0x004066d4
                                                                                                                                                                                                                                0x004066d7
                                                                                                                                                                                                                                0x004066d9
                                                                                                                                                                                                                                0x004066dc
                                                                                                                                                                                                                                0x004066e0
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e3
                                                                                                                                                                                                                                0x004066e6
                                                                                                                                                                                                                                0x004066e9
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066b3
                                                                                                                                                                                                                                0x004066b8
                                                                                                                                                                                                                                0x004066ba
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066ec
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x00406606
                                                                                                                                                                                                                                0x00406609
                                                                                                                                                                                                                                0x0040660b
                                                                                                                                                                                                                                0x0040660e
                                                                                                                                                                                                                                0x00406611
                                                                                                                                                                                                                                0x00406614
                                                                                                                                                                                                                                0x00406616
                                                                                                                                                                                                                                0x00406619
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x00406622
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065af
                                                                                                                                                                                                                                0x004065b2
                                                                                                                                                                                                                                0x004065b4
                                                                                                                                                                                                                                0x004065b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x0040631a
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00406320
                                                                                                                                                                                                                                0x00406323
                                                                                                                                                                                                                                0x00406326
                                                                                                                                                                                                                                0x00406329
                                                                                                                                                                                                                                0x0040632c
                                                                                                                                                                                                                                0x0040632f
                                                                                                                                                                                                                                0x00406332
                                                                                                                                                                                                                                0x00406334
                                                                                                                                                                                                                                0x00406337
                                                                                                                                                                                                                                0x0040633a
                                                                                                                                                                                                                                0x0040633d
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a5
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x004064ab
                                                                                                                                                                                                                                0x004064ae
                                                                                                                                                                                                                                0x004064b1
                                                                                                                                                                                                                                0x004064b4
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b9
                                                                                                                                                                                                                                0x004064bc
                                                                                                                                                                                                                                0x004064bf
                                                                                                                                                                                                                                0x004064c2
                                                                                                                                                                                                                                0x004064c5
                                                                                                                                                                                                                                0x004064c8
                                                                                                                                                                                                                                0x004064c9
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064ce
                                                                                                                                                                                                                                0x004064d1
                                                                                                                                                                                                                                0x004064d4
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064da
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x00406722
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406728
                                                                                                                                                                                                                                0x0040672b
                                                                                                                                                                                                                                0x0040672e
                                                                                                                                                                                                                                0x00406731
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406736
                                                                                                                                                                                                                                0x00406739
                                                                                                                                                                                                                                0x0040673c
                                                                                                                                                                                                                                0x0040673f
                                                                                                                                                                                                                                0x00406742
                                                                                                                                                                                                                                0x00406745
                                                                                                                                                                                                                                0x00406746
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x0040674b
                                                                                                                                                                                                                                0x0040674e
                                                                                                                                                                                                                                0x00406751
                                                                                                                                                                                                                                0x00406754
                                                                                                                                                                                                                                0x00406757
                                                                                                                                                                                                                                0x0040675b
                                                                                                                                                                                                                                0x0040675d
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406762
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00406995
                                                                                                                                                                                                                                0x004069b7
                                                                                                                                                                                                                                0x004069bd
                                                                                                                                                                                                                                0x004069bf
                                                                                                                                                                                                                                0x004069c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                                                                                                                                                • Instruction ID: 3ccfc7c80e99de65fa6db0e0edc8679980b1d0ea62cd2807200041591328ae3c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D98187B1D00229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1C7785A96CF44
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004063D0, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                                                                			E004063D0() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063d0
                                                                                                                                                                                                                                0x004063d0
                                                                                                                                                                                                                                0x004063d4
                                                                                                                                                                                                                                0x004063f5
                                                                                                                                                                                                                                0x004063fc
                                                                                                                                                                                                                                0x00406402
                                                                                                                                                                                                                                0x00406408
                                                                                                                                                                                                                                0x0040641a
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063d6
                                                                                                                                                                                                                                0x004063dc
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a6
                                                                                                                                                                                                                                0x004067ac
                                                                                                                                                                                                                                0x004067b2
                                                                                                                                                                                                                                0x004067cc
                                                                                                                                                                                                                                0x004067cf
                                                                                                                                                                                                                                0x004067d5
                                                                                                                                                                                                                                0x004067e0
                                                                                                                                                                                                                                0x004067e2
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067c3
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004067ee
                                                                                                                                                                                                                                0x004067f2
                                                                                                                                                                                                                                0x004069a1
                                                                                                                                                                                                                                0x004069b7
                                                                                                                                                                                                                                0x004069bf
                                                                                                                                                                                                                                0x004069c6
                                                                                                                                                                                                                                0x004069c8
                                                                                                                                                                                                                                0x004069cf
                                                                                                                                                                                                                                0x004069d3
                                                                                                                                                                                                                                0x004069d3
                                                                                                                                                                                                                                0x004067fe
                                                                                                                                                                                                                                0x00406805
                                                                                                                                                                                                                                0x0040680d
                                                                                                                                                                                                                                0x00406810
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fcf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fd8
                                                                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                                                                0x00405fde
                                                                                                                                                                                                                                0x00405fe2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fe8
                                                                                                                                                                                                                                0x00405feb
                                                                                                                                                                                                                                0x00405fed
                                                                                                                                                                                                                                0x00405fee
                                                                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                                                                0x00405ff3
                                                                                                                                                                                                                                0x00405ff4
                                                                                                                                                                                                                                0x00405ff6
                                                                                                                                                                                                                                0x00405ff9
                                                                                                                                                                                                                                0x00405ffe
                                                                                                                                                                                                                                0x00406003
                                                                                                                                                                                                                                0x0040600c
                                                                                                                                                                                                                                0x0040601f
                                                                                                                                                                                                                                0x00406022
                                                                                                                                                                                                                                0x0040602e
                                                                                                                                                                                                                                0x00406056
                                                                                                                                                                                                                                0x00406058
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x0040606a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605d
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x00406034
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406042
                                                                                                                                                                                                                                0x0040604a
                                                                                                                                                                                                                                0x0040604d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406074
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x0040607d
                                                                                                                                                                                                                                0x0040608d
                                                                                                                                                                                                                                0x00406090
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406096
                                                                                                                                                                                                                                0x0040609a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040609c
                                                                                                                                                                                                                                0x004060a2
                                                                                                                                                                                                                                0x004060cc
                                                                                                                                                                                                                                0x004060d2
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x004060a8
                                                                                                                                                                                                                                0x004060ab
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060bb
                                                                                                                                                                                                                                0x004060c3
                                                                                                                                                                                                                                0x004060c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040610b
                                                                                                                                                                                                                                0x00406111
                                                                                                                                                                                                                                0x00406114
                                                                                                                                                                                                                                0x00406121
                                                                                                                                                                                                                                0x00406129
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e4
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x004060f0
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fe
                                                                                                                                                                                                                                0x00406101
                                                                                                                                                                                                                                0x00406104
                                                                                                                                                                                                                                0x00406109
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a6
                                                                                                                                                                                                                                0x004067ac
                                                                                                                                                                                                                                0x004067b2
                                                                                                                                                                                                                                0x004067cc
                                                                                                                                                                                                                                0x004067cf
                                                                                                                                                                                                                                0x004067d5
                                                                                                                                                                                                                                0x004067e0
                                                                                                                                                                                                                                0x004067e2
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067c3
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406131
                                                                                                                                                                                                                                0x00406133
                                                                                                                                                                                                                                0x00406136
                                                                                                                                                                                                                                0x004061a7
                                                                                                                                                                                                                                0x004061aa
                                                                                                                                                                                                                                0x004061ad
                                                                                                                                                                                                                                0x004061b4
                                                                                                                                                                                                                                0x004061be
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00406138
                                                                                                                                                                                                                                0x0040613c
                                                                                                                                                                                                                                0x0040613f
                                                                                                                                                                                                                                0x00406141
                                                                                                                                                                                                                                0x00406144
                                                                                                                                                                                                                                0x00406147
                                                                                                                                                                                                                                0x00406149
                                                                                                                                                                                                                                0x0040614c
                                                                                                                                                                                                                                0x0040614e
                                                                                                                                                                                                                                0x00406153
                                                                                                                                                                                                                                0x00406156
                                                                                                                                                                                                                                0x00406159
                                                                                                                                                                                                                                0x0040615d
                                                                                                                                                                                                                                0x00406164
                                                                                                                                                                                                                                0x00406167
                                                                                                                                                                                                                                0x0040616e
                                                                                                                                                                                                                                0x00406172
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x0040617e
                                                                                                                                                                                                                                0x00406181
                                                                                                                                                                                                                                0x0040619f
                                                                                                                                                                                                                                0x004061a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406186
                                                                                                                                                                                                                                0x00406189
                                                                                                                                                                                                                                0x0040618c
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x00406191
                                                                                                                                                                                                                                0x00406194
                                                                                                                                                                                                                                0x00406196
                                                                                                                                                                                                                                0x00406197
                                                                                                                                                                                                                                0x0040619a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040619a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040643a
                                                                                                                                                                                                                                0x0040643e
                                                                                                                                                                                                                                0x00406461
                                                                                                                                                                                                                                0x00406464
                                                                                                                                                                                                                                0x00406467
                                                                                                                                                                                                                                0x00406471
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406443
                                                                                                                                                                                                                                0x00406446
                                                                                                                                                                                                                                0x00406449
                                                                                                                                                                                                                                0x00406456
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040647d
                                                                                                                                                                                                                                0x00406481
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406487
                                                                                                                                                                                                                                0x0040648b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406491
                                                                                                                                                                                                                                0x00406493
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x0040649a
                                                                                                                                                                                                                                0x0040649e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064ee
                                                                                                                                                                                                                                0x004064f2
                                                                                                                                                                                                                                0x004064f9
                                                                                                                                                                                                                                0x004064fc
                                                                                                                                                                                                                                0x004064ff
                                                                                                                                                                                                                                0x00406509
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x004064f4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406515
                                                                                                                                                                                                                                0x00406519
                                                                                                                                                                                                                                0x00406520
                                                                                                                                                                                                                                0x00406523
                                                                                                                                                                                                                                0x00406526
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x00406529
                                                                                                                                                                                                                                0x0040652c
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x00406532
                                                                                                                                                                                                                                0x00406535
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x0040653b
                                                                                                                                                                                                                                0x00406542
                                                                                                                                                                                                                                0x00406547
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d9
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x004065df
                                                                                                                                                                                                                                0x004065e2
                                                                                                                                                                                                                                0x004065e5
                                                                                                                                                                                                                                0x004065e9
                                                                                                                                                                                                                                0x004065ec
                                                                                                                                                                                                                                0x004065f2
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f7
                                                                                                                                                                                                                                0x004065fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ce
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x004061d4
                                                                                                                                                                                                                                0x004061d7
                                                                                                                                                                                                                                0x004061da
                                                                                                                                                                                                                                0x004061de
                                                                                                                                                                                                                                0x004061e1
                                                                                                                                                                                                                                0x004061e7
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061ec
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061f2
                                                                                                                                                                                                                                0x004061f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061fb
                                                                                                                                                                                                                                0x00406201
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x0040620b
                                                                                                                                                                                                                                0x0040620e
                                                                                                                                                                                                                                0x00406211
                                                                                                                                                                                                                                0x00406214
                                                                                                                                                                                                                                0x00406217
                                                                                                                                                                                                                                0x00406218
                                                                                                                                                                                                                                0x0040621b
                                                                                                                                                                                                                                0x0040621d
                                                                                                                                                                                                                                0x00406223
                                                                                                                                                                                                                                0x00406226
                                                                                                                                                                                                                                0x00406229
                                                                                                                                                                                                                                0x0040622c
                                                                                                                                                                                                                                0x0040622f
                                                                                                                                                                                                                                0x00406232
                                                                                                                                                                                                                                0x00406235
                                                                                                                                                                                                                                0x00406251
                                                                                                                                                                                                                                0x00406254
                                                                                                                                                                                                                                0x00406257
                                                                                                                                                                                                                                0x0040625a
                                                                                                                                                                                                                                0x00406261
                                                                                                                                                                                                                                0x00406265
                                                                                                                                                                                                                                0x00406267
                                                                                                                                                                                                                                0x0040626b
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x0040623b
                                                                                                                                                                                                                                0x00406243
                                                                                                                                                                                                                                0x00406248
                                                                                                                                                                                                                                0x0040624a
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040626e
                                                                                                                                                                                                                                0x00406275
                                                                                                                                                                                                                                0x00406278
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406287
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x0040628d
                                                                                                                                                                                                                                0x00406290
                                                                                                                                                                                                                                0x00406293
                                                                                                                                                                                                                                0x00406297
                                                                                                                                                                                                                                0x0040629a
                                                                                                                                                                                                                                0x004062a0
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a5
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062ae
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004062b0
                                                                                                                                                                                                                                0x004062b3
                                                                                                                                                                                                                                0x004062b6
                                                                                                                                                                                                                                0x004062b9
                                                                                                                                                                                                                                0x004062bc
                                                                                                                                                                                                                                0x004062bf
                                                                                                                                                                                                                                0x004062c2
                                                                                                                                                                                                                                0x004062c5
                                                                                                                                                                                                                                0x004062c8
                                                                                                                                                                                                                                0x004062cb
                                                                                                                                                                                                                                0x004062ce
                                                                                                                                                                                                                                0x004062e6
                                                                                                                                                                                                                                0x004062e9
                                                                                                                                                                                                                                0x004062ec
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062f2
                                                                                                                                                                                                                                0x004062f6
                                                                                                                                                                                                                                0x004062f8
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d8
                                                                                                                                                                                                                                0x004062dd
                                                                                                                                                                                                                                0x004062df
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062fb
                                                                                                                                                                                                                                0x00406302
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x0040634b
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00406351
                                                                                                                                                                                                                                0x00406354
                                                                                                                                                                                                                                0x00406357
                                                                                                                                                                                                                                0x0040635b
                                                                                                                                                                                                                                0x0040635e
                                                                                                                                                                                                                                0x00406364
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406369
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x00406372
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406377
                                                                                                                                                                                                                                0x0040637a
                                                                                                                                                                                                                                0x0040637d
                                                                                                                                                                                                                                0x00406380
                                                                                                                                                                                                                                0x00406383
                                                                                                                                                                                                                                0x00406386
                                                                                                                                                                                                                                0x00406389
                                                                                                                                                                                                                                0x0040638c
                                                                                                                                                                                                                                0x0040638f
                                                                                                                                                                                                                                0x00406392
                                                                                                                                                                                                                                0x004063aa
                                                                                                                                                                                                                                0x004063ad
                                                                                                                                                                                                                                0x004063b0
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b6
                                                                                                                                                                                                                                0x004063ba
                                                                                                                                                                                                                                0x004063bc
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x0040639c
                                                                                                                                                                                                                                0x004063a1
                                                                                                                                                                                                                                0x004063a3
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063bf
                                                                                                                                                                                                                                0x004063c6
                                                                                                                                                                                                                                0x004063c9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x0040665c
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00406662
                                                                                                                                                                                                                                0x00406665
                                                                                                                                                                                                                                0x00406668
                                                                                                                                                                                                                                0x0040666c
                                                                                                                                                                                                                                0x0040666f
                                                                                                                                                                                                                                0x00406675
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x0040667a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x0040642b
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406767
                                                                                                                                                                                                                                0x0040676b
                                                                                                                                                                                                                                0x0040678d
                                                                                                                                                                                                                                0x00406790
                                                                                                                                                                                                                                0x0040679a
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040676d
                                                                                                                                                                                                                                0x00406770
                                                                                                                                                                                                                                0x00406774
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x0040677a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406824
                                                                                                                                                                                                                                0x00406828
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x0040684d
                                                                                                                                                                                                                                0x00406854
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x0040682a
                                                                                                                                                                                                                                0x0040682d
                                                                                                                                                                                                                                0x00406830
                                                                                                                                                                                                                                0x00406833
                                                                                                                                                                                                                                0x0040683a
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x00406781
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406915
                                                                                                                                                                                                                                0x00406918
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040654f
                                                                                                                                                                                                                                0x00406551
                                                                                                                                                                                                                                0x00406558
                                                                                                                                                                                                                                0x00406559
                                                                                                                                                                                                                                0x0040655b
                                                                                                                                                                                                                                0x0040655e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406566
                                                                                                                                                                                                                                0x00406569
                                                                                                                                                                                                                                0x0040656c
                                                                                                                                                                                                                                0x0040656e
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406571
                                                                                                                                                                                                                                0x00406574
                                                                                                                                                                                                                                0x0040657b
                                                                                                                                                                                                                                0x0040657e
                                                                                                                                                                                                                                0x0040658c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406865
                                                                                                                                                                                                                                0x0040686c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406875
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x0040687b
                                                                                                                                                                                                                                0x0040687e
                                                                                                                                                                                                                                0x00406881
                                                                                                                                                                                                                                0x00406885
                                                                                                                                                                                                                                0x00406888
                                                                                                                                                                                                                                0x0040688e
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406893
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x0040689d
                                                                                                                                                                                                                                0x004068fd
                                                                                                                                                                                                                                0x00406900
                                                                                                                                                                                                                                0x00406905
                                                                                                                                                                                                                                0x00406906
                                                                                                                                                                                                                                0x00406908
                                                                                                                                                                                                                                0x0040690a
                                                                                                                                                                                                                                0x0040690d
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040681f
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x0040689f
                                                                                                                                                                                                                                0x004068a5
                                                                                                                                                                                                                                0x004068a8
                                                                                                                                                                                                                                0x004068ab
                                                                                                                                                                                                                                0x004068ae
                                                                                                                                                                                                                                0x004068b1
                                                                                                                                                                                                                                0x004068b4
                                                                                                                                                                                                                                0x004068b7
                                                                                                                                                                                                                                0x004068ba
                                                                                                                                                                                                                                0x004068bd
                                                                                                                                                                                                                                0x004068c0
                                                                                                                                                                                                                                0x004068d9
                                                                                                                                                                                                                                0x004068dc
                                                                                                                                                                                                                                0x004068df
                                                                                                                                                                                                                                0x004068e2
                                                                                                                                                                                                                                0x004068e6
                                                                                                                                                                                                                                0x004068e8
                                                                                                                                                                                                                                0x004068e8
                                                                                                                                                                                                                                0x004068e9
                                                                                                                                                                                                                                0x004068ec
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068ca
                                                                                                                                                                                                                                0x004068cf
                                                                                                                                                                                                                                0x004068d1
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068ef
                                                                                                                                                                                                                                0x004068f6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406594
                                                                                                                                                                                                                                0x00406597
                                                                                                                                                                                                                                0x004065cd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406703
                                                                                                                                                                                                                                0x00406705
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x0040670b
                                                                                                                                                                                                                                0x0040670e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406714
                                                                                                                                                                                                                                0x00406718
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00406599
                                                                                                                                                                                                                                0x0040659b
                                                                                                                                                                                                                                0x0040659d
                                                                                                                                                                                                                                0x0040659f
                                                                                                                                                                                                                                0x004065a2
                                                                                                                                                                                                                                0x004065a3
                                                                                                                                                                                                                                0x004065a5
                                                                                                                                                                                                                                0x004065a7
                                                                                                                                                                                                                                0x004065aa
                                                                                                                                                                                                                                0x004065ad
                                                                                                                                                                                                                                0x004065c3
                                                                                                                                                                                                                                0x004065c8
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406604
                                                                                                                                                                                                                                0x00406630
                                                                                                                                                                                                                                0x00406632
                                                                                                                                                                                                                                0x00406639
                                                                                                                                                                                                                                0x0040663c
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406646
                                                                                                                                                                                                                                0x00406649
                                                                                                                                                                                                                                0x00406650
                                                                                                                                                                                                                                0x00406653
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406683
                                                                                                                                                                                                                                0x00406686
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00406688
                                                                                                                                                                                                                                0x0040668e
                                                                                                                                                                                                                                0x00406691
                                                                                                                                                                                                                                0x00406694
                                                                                                                                                                                                                                0x00406697
                                                                                                                                                                                                                                0x0040669a
                                                                                                                                                                                                                                0x0040669d
                                                                                                                                                                                                                                0x004066a0
                                                                                                                                                                                                                                0x004066a3
                                                                                                                                                                                                                                0x004066a6
                                                                                                                                                                                                                                0x004066a9
                                                                                                                                                                                                                                0x004066c2
                                                                                                                                                                                                                                0x004066c4
                                                                                                                                                                                                                                0x004066c7
                                                                                                                                                                                                                                0x004066c8
                                                                                                                                                                                                                                0x004066cb
                                                                                                                                                                                                                                0x004066cd
                                                                                                                                                                                                                                0x004066d0
                                                                                                                                                                                                                                0x004066d2
                                                                                                                                                                                                                                0x004066d4
                                                                                                                                                                                                                                0x004066d7
                                                                                                                                                                                                                                0x004066d9
                                                                                                                                                                                                                                0x004066dc
                                                                                                                                                                                                                                0x004066e0
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e3
                                                                                                                                                                                                                                0x004066e6
                                                                                                                                                                                                                                0x004066e9
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066b3
                                                                                                                                                                                                                                0x004066b8
                                                                                                                                                                                                                                0x004066ba
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066ec
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x00406606
                                                                                                                                                                                                                                0x00406609
                                                                                                                                                                                                                                0x0040660b
                                                                                                                                                                                                                                0x0040660e
                                                                                                                                                                                                                                0x00406611
                                                                                                                                                                                                                                0x00406614
                                                                                                                                                                                                                                0x00406616
                                                                                                                                                                                                                                0x00406619
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x00406622
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065af
                                                                                                                                                                                                                                0x004065b2
                                                                                                                                                                                                                                0x004065b4
                                                                                                                                                                                                                                0x004065b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x0040631a
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00406320
                                                                                                                                                                                                                                0x00406323
                                                                                                                                                                                                                                0x00406326
                                                                                                                                                                                                                                0x00406329
                                                                                                                                                                                                                                0x0040632c
                                                                                                                                                                                                                                0x0040632f
                                                                                                                                                                                                                                0x00406332
                                                                                                                                                                                                                                0x00406334
                                                                                                                                                                                                                                0x00406337
                                                                                                                                                                                                                                0x0040633a
                                                                                                                                                                                                                                0x0040633d
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a5
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x004064ab
                                                                                                                                                                                                                                0x004064ae
                                                                                                                                                                                                                                0x004064b1
                                                                                                                                                                                                                                0x004064b4
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b9
                                                                                                                                                                                                                                0x004064bc
                                                                                                                                                                                                                                0x004064bf
                                                                                                                                                                                                                                0x004064c2
                                                                                                                                                                                                                                0x004064c5
                                                                                                                                                                                                                                0x004064c8
                                                                                                                                                                                                                                0x004064c9
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064ce
                                                                                                                                                                                                                                0x004064d1
                                                                                                                                                                                                                                0x004064d4
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064da
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x00406722
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406728
                                                                                                                                                                                                                                0x0040672b
                                                                                                                                                                                                                                0x0040672e
                                                                                                                                                                                                                                0x00406731
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406736
                                                                                                                                                                                                                                0x00406739
                                                                                                                                                                                                                                0x0040673c
                                                                                                                                                                                                                                0x0040673f
                                                                                                                                                                                                                                0x00406742
                                                                                                                                                                                                                                0x00406745
                                                                                                                                                                                                                                0x00406746
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x0040674b
                                                                                                                                                                                                                                0x0040674e
                                                                                                                                                                                                                                0x00406751
                                                                                                                                                                                                                                0x00406754
                                                                                                                                                                                                                                0x00406757
                                                                                                                                                                                                                                0x0040675b
                                                                                                                                                                                                                                0x0040675d
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406762
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00406995
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063d4

                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                                                                                                                                                • Instruction ID: 235c9a1f152390887c8e3346b3cf8cf745e7d176c25095dba4735a56a8f4339d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80714371D00229CBDF28CFA8C8447ADBBF1FB48305F15806AD846BB281D7395A96DF54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004064EE, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                                                                			E004064EE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064ee
                                                                                                                                                                                                                                0x004064ee
                                                                                                                                                                                                                                0x004064f2
                                                                                                                                                                                                                                0x004064ff
                                                                                                                                                                                                                                0x00406509
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064f4
                                                                                                                                                                                                                                0x004064f4
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x00406532
                                                                                                                                                                                                                                0x00406535
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x0040653b
                                                                                                                                                                                                                                0x00406542
                                                                                                                                                                                                                                0x00406547
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x0040642b
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a6
                                                                                                                                                                                                                                0x004067ac
                                                                                                                                                                                                                                0x004067b2
                                                                                                                                                                                                                                0x004067cc
                                                                                                                                                                                                                                0x004067cf
                                                                                                                                                                                                                                0x004067d5
                                                                                                                                                                                                                                0x004067e0
                                                                                                                                                                                                                                0x004067e2
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067c3
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004067ee
                                                                                                                                                                                                                                0x004067f2
                                                                                                                                                                                                                                0x004069a1
                                                                                                                                                                                                                                0x004069b7
                                                                                                                                                                                                                                0x004069bf
                                                                                                                                                                                                                                0x004069c6
                                                                                                                                                                                                                                0x004069c8
                                                                                                                                                                                                                                0x004069cf
                                                                                                                                                                                                                                0x004069d3
                                                                                                                                                                                                                                0x004069d3
                                                                                                                                                                                                                                0x004067fe
                                                                                                                                                                                                                                0x00406805
                                                                                                                                                                                                                                0x0040680d
                                                                                                                                                                                                                                0x00406810
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fcf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fd8
                                                                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                                                                0x00405fde
                                                                                                                                                                                                                                0x00405fe2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fe8
                                                                                                                                                                                                                                0x00405feb
                                                                                                                                                                                                                                0x00405fed
                                                                                                                                                                                                                                0x00405fee
                                                                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                                                                0x00405ff3
                                                                                                                                                                                                                                0x00405ff4
                                                                                                                                                                                                                                0x00405ff6
                                                                                                                                                                                                                                0x00405ff9
                                                                                                                                                                                                                                0x00405ffe
                                                                                                                                                                                                                                0x00406003
                                                                                                                                                                                                                                0x0040600c
                                                                                                                                                                                                                                0x0040601f
                                                                                                                                                                                                                                0x00406022
                                                                                                                                                                                                                                0x0040602e
                                                                                                                                                                                                                                0x00406056
                                                                                                                                                                                                                                0x00406058
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x0040606a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605d
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x00406034
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406042
                                                                                                                                                                                                                                0x0040604a
                                                                                                                                                                                                                                0x0040604d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406074
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x0040607d
                                                                                                                                                                                                                                0x0040608d
                                                                                                                                                                                                                                0x00406090
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406096
                                                                                                                                                                                                                                0x0040609a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040609c
                                                                                                                                                                                                                                0x004060a2
                                                                                                                                                                                                                                0x004060cc
                                                                                                                                                                                                                                0x004060d2
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x004060a8
                                                                                                                                                                                                                                0x004060ab
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060bb
                                                                                                                                                                                                                                0x004060c3
                                                                                                                                                                                                                                0x004060c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040610b
                                                                                                                                                                                                                                0x00406111
                                                                                                                                                                                                                                0x00406114
                                                                                                                                                                                                                                0x00406121
                                                                                                                                                                                                                                0x00406129
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e4
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x004060f0
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fe
                                                                                                                                                                                                                                0x00406101
                                                                                                                                                                                                                                0x00406104
                                                                                                                                                                                                                                0x00406109
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a6
                                                                                                                                                                                                                                0x004067ac
                                                                                                                                                                                                                                0x004067b2
                                                                                                                                                                                                                                0x004067cc
                                                                                                                                                                                                                                0x004067cf
                                                                                                                                                                                                                                0x004067d5
                                                                                                                                                                                                                                0x004067e0
                                                                                                                                                                                                                                0x004067e2
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067c3
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406131
                                                                                                                                                                                                                                0x00406133
                                                                                                                                                                                                                                0x00406136
                                                                                                                                                                                                                                0x004061a7
                                                                                                                                                                                                                                0x004061aa
                                                                                                                                                                                                                                0x004061ad
                                                                                                                                                                                                                                0x004061b4
                                                                                                                                                                                                                                0x004061be
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00406138
                                                                                                                                                                                                                                0x0040613c
                                                                                                                                                                                                                                0x0040613f
                                                                                                                                                                                                                                0x00406141
                                                                                                                                                                                                                                0x00406144
                                                                                                                                                                                                                                0x00406147
                                                                                                                                                                                                                                0x00406149
                                                                                                                                                                                                                                0x0040614c
                                                                                                                                                                                                                                0x0040614e
                                                                                                                                                                                                                                0x00406153
                                                                                                                                                                                                                                0x00406156
                                                                                                                                                                                                                                0x00406159
                                                                                                                                                                                                                                0x0040615d
                                                                                                                                                                                                                                0x00406164
                                                                                                                                                                                                                                0x00406167
                                                                                                                                                                                                                                0x0040616e
                                                                                                                                                                                                                                0x00406172
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x0040617e
                                                                                                                                                                                                                                0x00406181
                                                                                                                                                                                                                                0x0040619f
                                                                                                                                                                                                                                0x004061a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406186
                                                                                                                                                                                                                                0x00406189
                                                                                                                                                                                                                                0x0040618c
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x00406191
                                                                                                                                                                                                                                0x00406194
                                                                                                                                                                                                                                0x00406196
                                                                                                                                                                                                                                0x00406197
                                                                                                                                                                                                                                0x0040619a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040619a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063d0
                                                                                                                                                                                                                                0x004063d4
                                                                                                                                                                                                                                0x004063f2
                                                                                                                                                                                                                                0x004063f5
                                                                                                                                                                                                                                0x004063fc
                                                                                                                                                                                                                                0x004063ff
                                                                                                                                                                                                                                0x00406402
                                                                                                                                                                                                                                0x00406405
                                                                                                                                                                                                                                0x00406408
                                                                                                                                                                                                                                0x0040640b
                                                                                                                                                                                                                                0x0040640d
                                                                                                                                                                                                                                0x00406414
                                                                                                                                                                                                                                0x00406415
                                                                                                                                                                                                                                0x00406417
                                                                                                                                                                                                                                0x0040641a
                                                                                                                                                                                                                                0x0040641d
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x004063d6
                                                                                                                                                                                                                                0x004063d9
                                                                                                                                                                                                                                0x004063dc
                                                                                                                                                                                                                                0x004063e6
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040643a
                                                                                                                                                                                                                                0x0040643e
                                                                                                                                                                                                                                0x00406461
                                                                                                                                                                                                                                0x00406464
                                                                                                                                                                                                                                0x00406467
                                                                                                                                                                                                                                0x00406471
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406443
                                                                                                                                                                                                                                0x00406446
                                                                                                                                                                                                                                0x00406449
                                                                                                                                                                                                                                0x00406456
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040647d
                                                                                                                                                                                                                                0x00406481
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406487
                                                                                                                                                                                                                                0x0040648b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406491
                                                                                                                                                                                                                                0x00406493
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x0040649a
                                                                                                                                                                                                                                0x0040649e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406515
                                                                                                                                                                                                                                0x00406519
                                                                                                                                                                                                                                0x00406520
                                                                                                                                                                                                                                0x00406523
                                                                                                                                                                                                                                0x00406526
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x00406529
                                                                                                                                                                                                                                0x0040652c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d9
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x004065df
                                                                                                                                                                                                                                0x004065e2
                                                                                                                                                                                                                                0x004065e5
                                                                                                                                                                                                                                0x004065e9
                                                                                                                                                                                                                                0x004065ec
                                                                                                                                                                                                                                0x004065f2
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f7
                                                                                                                                                                                                                                0x004065fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ce
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x004061d4
                                                                                                                                                                                                                                0x004061d7
                                                                                                                                                                                                                                0x004061da
                                                                                                                                                                                                                                0x004061de
                                                                                                                                                                                                                                0x004061e1
                                                                                                                                                                                                                                0x004061e7
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061ec
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061f2
                                                                                                                                                                                                                                0x004061f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061fb
                                                                                                                                                                                                                                0x00406201
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x0040620b
                                                                                                                                                                                                                                0x0040620e
                                                                                                                                                                                                                                0x00406211
                                                                                                                                                                                                                                0x00406214
                                                                                                                                                                                                                                0x00406217
                                                                                                                                                                                                                                0x00406218
                                                                                                                                                                                                                                0x0040621b
                                                                                                                                                                                                                                0x0040621d
                                                                                                                                                                                                                                0x00406223
                                                                                                                                                                                                                                0x00406226
                                                                                                                                                                                                                                0x00406229
                                                                                                                                                                                                                                0x0040622c
                                                                                                                                                                                                                                0x0040622f
                                                                                                                                                                                                                                0x00406232
                                                                                                                                                                                                                                0x00406235
                                                                                                                                                                                                                                0x00406251
                                                                                                                                                                                                                                0x00406254
                                                                                                                                                                                                                                0x00406257
                                                                                                                                                                                                                                0x0040625a
                                                                                                                                                                                                                                0x00406261
                                                                                                                                                                                                                                0x00406265
                                                                                                                                                                                                                                0x00406267
                                                                                                                                                                                                                                0x0040626b
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x0040623b
                                                                                                                                                                                                                                0x00406243
                                                                                                                                                                                                                                0x00406248
                                                                                                                                                                                                                                0x0040624a
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040626e
                                                                                                                                                                                                                                0x00406275
                                                                                                                                                                                                                                0x00406278
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406287
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x0040628d
                                                                                                                                                                                                                                0x00406290
                                                                                                                                                                                                                                0x00406293
                                                                                                                                                                                                                                0x00406297
                                                                                                                                                                                                                                0x0040629a
                                                                                                                                                                                                                                0x004062a0
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a5
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062ae
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004062b0
                                                                                                                                                                                                                                0x004062b3
                                                                                                                                                                                                                                0x004062b6
                                                                                                                                                                                                                                0x004062b9
                                                                                                                                                                                                                                0x004062bc
                                                                                                                                                                                                                                0x004062bf
                                                                                                                                                                                                                                0x004062c2
                                                                                                                                                                                                                                0x004062c5
                                                                                                                                                                                                                                0x004062c8
                                                                                                                                                                                                                                0x004062cb
                                                                                                                                                                                                                                0x004062ce
                                                                                                                                                                                                                                0x004062e6
                                                                                                                                                                                                                                0x004062e9
                                                                                                                                                                                                                                0x004062ec
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062f2
                                                                                                                                                                                                                                0x004062f6
                                                                                                                                                                                                                                0x004062f8
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d8
                                                                                                                                                                                                                                0x004062dd
                                                                                                                                                                                                                                0x004062df
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062fb
                                                                                                                                                                                                                                0x00406302
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x0040634b
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00406351
                                                                                                                                                                                                                                0x00406354
                                                                                                                                                                                                                                0x00406357
                                                                                                                                                                                                                                0x0040635b
                                                                                                                                                                                                                                0x0040635e
                                                                                                                                                                                                                                0x00406364
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406369
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x00406372
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406377
                                                                                                                                                                                                                                0x0040637a
                                                                                                                                                                                                                                0x0040637d
                                                                                                                                                                                                                                0x00406380
                                                                                                                                                                                                                                0x00406383
                                                                                                                                                                                                                                0x00406386
                                                                                                                                                                                                                                0x00406389
                                                                                                                                                                                                                                0x0040638c
                                                                                                                                                                                                                                0x0040638f
                                                                                                                                                                                                                                0x00406392
                                                                                                                                                                                                                                0x004063aa
                                                                                                                                                                                                                                0x004063ad
                                                                                                                                                                                                                                0x004063b0
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b6
                                                                                                                                                                                                                                0x004063ba
                                                                                                                                                                                                                                0x004063bc
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x0040639c
                                                                                                                                                                                                                                0x004063a1
                                                                                                                                                                                                                                0x004063a3
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063bf
                                                                                                                                                                                                                                0x004063c6
                                                                                                                                                                                                                                0x004063c9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x0040665c
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00406662
                                                                                                                                                                                                                                0x00406665
                                                                                                                                                                                                                                0x00406668
                                                                                                                                                                                                                                0x0040666c
                                                                                                                                                                                                                                0x0040666f
                                                                                                                                                                                                                                0x00406675
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x0040667a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406767
                                                                                                                                                                                                                                0x0040676b
                                                                                                                                                                                                                                0x0040678d
                                                                                                                                                                                                                                0x00406790
                                                                                                                                                                                                                                0x0040679a
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040676d
                                                                                                                                                                                                                                0x00406770
                                                                                                                                                                                                                                0x00406774
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x0040677a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406824
                                                                                                                                                                                                                                0x00406828
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x0040684d
                                                                                                                                                                                                                                0x00406854
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x0040682a
                                                                                                                                                                                                                                0x0040682d
                                                                                                                                                                                                                                0x00406830
                                                                                                                                                                                                                                0x00406833
                                                                                                                                                                                                                                0x0040683a
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x00406781
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406915
                                                                                                                                                                                                                                0x00406918
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040654f
                                                                                                                                                                                                                                0x00406551
                                                                                                                                                                                                                                0x00406558
                                                                                                                                                                                                                                0x00406559
                                                                                                                                                                                                                                0x0040655b
                                                                                                                                                                                                                                0x0040655e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406566
                                                                                                                                                                                                                                0x00406569
                                                                                                                                                                                                                                0x0040656c
                                                                                                                                                                                                                                0x0040656e
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406571
                                                                                                                                                                                                                                0x00406574
                                                                                                                                                                                                                                0x0040657b
                                                                                                                                                                                                                                0x0040657e
                                                                                                                                                                                                                                0x0040658c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406865
                                                                                                                                                                                                                                0x0040686c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406875
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x0040687b
                                                                                                                                                                                                                                0x0040687e
                                                                                                                                                                                                                                0x00406881
                                                                                                                                                                                                                                0x00406885
                                                                                                                                                                                                                                0x00406888
                                                                                                                                                                                                                                0x0040688e
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406893
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x0040689d
                                                                                                                                                                                                                                0x004068fd
                                                                                                                                                                                                                                0x00406900
                                                                                                                                                                                                                                0x00406905
                                                                                                                                                                                                                                0x00406906
                                                                                                                                                                                                                                0x00406908
                                                                                                                                                                                                                                0x0040690a
                                                                                                                                                                                                                                0x0040690d
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040681f
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x0040689f
                                                                                                                                                                                                                                0x004068a5
                                                                                                                                                                                                                                0x004068a8
                                                                                                                                                                                                                                0x004068ab
                                                                                                                                                                                                                                0x004068ae
                                                                                                                                                                                                                                0x004068b1
                                                                                                                                                                                                                                0x004068b4
                                                                                                                                                                                                                                0x004068b7
                                                                                                                                                                                                                                0x004068ba
                                                                                                                                                                                                                                0x004068bd
                                                                                                                                                                                                                                0x004068c0
                                                                                                                                                                                                                                0x004068d9
                                                                                                                                                                                                                                0x004068dc
                                                                                                                                                                                                                                0x004068df
                                                                                                                                                                                                                                0x004068e2
                                                                                                                                                                                                                                0x004068e6
                                                                                                                                                                                                                                0x004068e8
                                                                                                                                                                                                                                0x004068e8
                                                                                                                                                                                                                                0x004068e9
                                                                                                                                                                                                                                0x004068ec
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068ca
                                                                                                                                                                                                                                0x004068cf
                                                                                                                                                                                                                                0x004068d1
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068ef
                                                                                                                                                                                                                                0x004068f6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406594
                                                                                                                                                                                                                                0x00406597
                                                                                                                                                                                                                                0x004065cd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406703
                                                                                                                                                                                                                                0x00406705
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x0040670b
                                                                                                                                                                                                                                0x0040670e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406714
                                                                                                                                                                                                                                0x00406718
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00406599
                                                                                                                                                                                                                                0x0040659b
                                                                                                                                                                                                                                0x0040659d
                                                                                                                                                                                                                                0x0040659f
                                                                                                                                                                                                                                0x004065a2
                                                                                                                                                                                                                                0x004065a3
                                                                                                                                                                                                                                0x004065a5
                                                                                                                                                                                                                                0x004065a7
                                                                                                                                                                                                                                0x004065aa
                                                                                                                                                                                                                                0x004065ad
                                                                                                                                                                                                                                0x004065c3
                                                                                                                                                                                                                                0x004065c8
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406604
                                                                                                                                                                                                                                0x00406630
                                                                                                                                                                                                                                0x00406632
                                                                                                                                                                                                                                0x00406639
                                                                                                                                                                                                                                0x0040663c
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406646
                                                                                                                                                                                                                                0x00406649
                                                                                                                                                                                                                                0x00406650
                                                                                                                                                                                                                                0x00406653
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406683
                                                                                                                                                                                                                                0x00406686
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00406688
                                                                                                                                                                                                                                0x0040668e
                                                                                                                                                                                                                                0x00406691
                                                                                                                                                                                                                                0x00406694
                                                                                                                                                                                                                                0x00406697
                                                                                                                                                                                                                                0x0040669a
                                                                                                                                                                                                                                0x0040669d
                                                                                                                                                                                                                                0x004066a0
                                                                                                                                                                                                                                0x004066a3
                                                                                                                                                                                                                                0x004066a6
                                                                                                                                                                                                                                0x004066a9
                                                                                                                                                                                                                                0x004066c2
                                                                                                                                                                                                                                0x004066c4
                                                                                                                                                                                                                                0x004066c7
                                                                                                                                                                                                                                0x004066c8
                                                                                                                                                                                                                                0x004066cb
                                                                                                                                                                                                                                0x004066cd
                                                                                                                                                                                                                                0x004066d0
                                                                                                                                                                                                                                0x004066d2
                                                                                                                                                                                                                                0x004066d4
                                                                                                                                                                                                                                0x004066d7
                                                                                                                                                                                                                                0x004066d9
                                                                                                                                                                                                                                0x004066dc
                                                                                                                                                                                                                                0x004066e0
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e3
                                                                                                                                                                                                                                0x004066e6
                                                                                                                                                                                                                                0x004066e9
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066b3
                                                                                                                                                                                                                                0x004066b8
                                                                                                                                                                                                                                0x004066ba
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066ec
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x00406606
                                                                                                                                                                                                                                0x00406609
                                                                                                                                                                                                                                0x0040660b
                                                                                                                                                                                                                                0x0040660e
                                                                                                                                                                                                                                0x00406611
                                                                                                                                                                                                                                0x00406614
                                                                                                                                                                                                                                0x00406616
                                                                                                                                                                                                                                0x00406619
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x00406622
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065af
                                                                                                                                                                                                                                0x004065b2
                                                                                                                                                                                                                                0x004065b4
                                                                                                                                                                                                                                0x004065b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x0040631a
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00406320
                                                                                                                                                                                                                                0x00406323
                                                                                                                                                                                                                                0x00406326
                                                                                                                                                                                                                                0x00406329
                                                                                                                                                                                                                                0x0040632c
                                                                                                                                                                                                                                0x0040632f
                                                                                                                                                                                                                                0x00406332
                                                                                                                                                                                                                                0x00406334
                                                                                                                                                                                                                                0x00406337
                                                                                                                                                                                                                                0x0040633a
                                                                                                                                                                                                                                0x0040633d
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a5
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x004064ab
                                                                                                                                                                                                                                0x004064ae
                                                                                                                                                                                                                                0x004064b1
                                                                                                                                                                                                                                0x004064b4
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b9
                                                                                                                                                                                                                                0x004064bc
                                                                                                                                                                                                                                0x004064bf
                                                                                                                                                                                                                                0x004064c2
                                                                                                                                                                                                                                0x004064c5
                                                                                                                                                                                                                                0x004064c8
                                                                                                                                                                                                                                0x004064c9
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064ce
                                                                                                                                                                                                                                0x004064d1
                                                                                                                                                                                                                                0x004064d4
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064da
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x00406722
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406728
                                                                                                                                                                                                                                0x0040672b
                                                                                                                                                                                                                                0x0040672e
                                                                                                                                                                                                                                0x00406731
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406736
                                                                                                                                                                                                                                0x00406739
                                                                                                                                                                                                                                0x0040673c
                                                                                                                                                                                                                                0x0040673f
                                                                                                                                                                                                                                0x00406742
                                                                                                                                                                                                                                0x00406745
                                                                                                                                                                                                                                0x00406746
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x0040674b
                                                                                                                                                                                                                                0x0040674e
                                                                                                                                                                                                                                0x00406751
                                                                                                                                                                                                                                0x00406754
                                                                                                                                                                                                                                0x00406757
                                                                                                                                                                                                                                0x0040675b
                                                                                                                                                                                                                                0x0040675d
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406762
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00406995
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064f2

                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                                                                                                                                                • Instruction ID: 067b91939e33353516387f96afd3df60e22fb0a2a23546be1218d687de4ca84d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14715371E00229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7799996DF54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040643A, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                                                                			E0040643A() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040643a
                                                                                                                                                                                                                                0x0040643a
                                                                                                                                                                                                                                0x0040643e
                                                                                                                                                                                                                                0x00406467
                                                                                                                                                                                                                                0x00406471
                                                                                                                                                                                                                                0x00406440
                                                                                                                                                                                                                                0x00406449
                                                                                                                                                                                                                                0x00406456
                                                                                                                                                                                                                                0x00406459
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a6
                                                                                                                                                                                                                                0x004067ac
                                                                                                                                                                                                                                0x004067b2
                                                                                                                                                                                                                                0x004067cc
                                                                                                                                                                                                                                0x004067cf
                                                                                                                                                                                                                                0x004067d5
                                                                                                                                                                                                                                0x004067e0
                                                                                                                                                                                                                                0x004067e2
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067c3
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004067ee
                                                                                                                                                                                                                                0x004067f2
                                                                                                                                                                                                                                0x004069a1
                                                                                                                                                                                                                                0x004069b7
                                                                                                                                                                                                                                0x004069bf
                                                                                                                                                                                                                                0x004069c6
                                                                                                                                                                                                                                0x004069c8
                                                                                                                                                                                                                                0x004069cf
                                                                                                                                                                                                                                0x004069d3
                                                                                                                                                                                                                                0x004069d3
                                                                                                                                                                                                                                0x004067fe
                                                                                                                                                                                                                                0x00406805
                                                                                                                                                                                                                                0x0040680d
                                                                                                                                                                                                                                0x00406810
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00406813
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fb5
                                                                                                                                                                                                                                0x00405fbe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fcf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fd8
                                                                                                                                                                                                                                0x00405fdb
                                                                                                                                                                                                                                0x00405fde
                                                                                                                                                                                                                                0x00405fe2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fe8
                                                                                                                                                                                                                                0x00405feb
                                                                                                                                                                                                                                0x00405fed
                                                                                                                                                                                                                                0x00405fee
                                                                                                                                                                                                                                0x00405ff1
                                                                                                                                                                                                                                0x00405ff3
                                                                                                                                                                                                                                0x00405ff4
                                                                                                                                                                                                                                0x00405ff6
                                                                                                                                                                                                                                0x00405ff9
                                                                                                                                                                                                                                0x00405ffe
                                                                                                                                                                                                                                0x00406003
                                                                                                                                                                                                                                0x0040600c
                                                                                                                                                                                                                                0x0040601f
                                                                                                                                                                                                                                0x00406022
                                                                                                                                                                                                                                0x0040602e
                                                                                                                                                                                                                                0x00406056
                                                                                                                                                                                                                                0x00406058
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x00406066
                                                                                                                                                                                                                                0x0040606a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x0040605d
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x0040605e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040605a
                                                                                                                                                                                                                                0x00406034
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406039
                                                                                                                                                                                                                                0x00406042
                                                                                                                                                                                                                                0x0040604a
                                                                                                                                                                                                                                0x0040604d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406070
                                                                                                                                                                                                                                0x00406074
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406920
                                                                                                                                                                                                                                0x0040607d
                                                                                                                                                                                                                                0x0040608d
                                                                                                                                                                                                                                0x00406090
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406093
                                                                                                                                                                                                                                0x00406096
                                                                                                                                                                                                                                0x0040609a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040609c
                                                                                                                                                                                                                                0x004060a2
                                                                                                                                                                                                                                0x004060cc
                                                                                                                                                                                                                                0x004060d2
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060d9
                                                                                                                                                                                                                                0x004060a8
                                                                                                                                                                                                                                0x004060ab
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060b0
                                                                                                                                                                                                                                0x004060bb
                                                                                                                                                                                                                                0x004060c3
                                                                                                                                                                                                                                0x004060c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040610b
                                                                                                                                                                                                                                0x00406111
                                                                                                                                                                                                                                0x00406114
                                                                                                                                                                                                                                0x00406121
                                                                                                                                                                                                                                0x00406129
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e0
                                                                                                                                                                                                                                0x004060e4
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040692f
                                                                                                                                                                                                                                0x004060f0
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fb
                                                                                                                                                                                                                                0x004060fe
                                                                                                                                                                                                                                0x00406101
                                                                                                                                                                                                                                0x00406104
                                                                                                                                                                                                                                0x00406109
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x004067a6
                                                                                                                                                                                                                                0x004067ac
                                                                                                                                                                                                                                0x004067b2
                                                                                                                                                                                                                                0x004067cc
                                                                                                                                                                                                                                0x004067cf
                                                                                                                                                                                                                                0x004067d5
                                                                                                                                                                                                                                0x004067e0
                                                                                                                                                                                                                                0x004067e2
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067b4
                                                                                                                                                                                                                                0x004067c3
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067c7
                                                                                                                                                                                                                                0x004067ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406131
                                                                                                                                                                                                                                0x00406133
                                                                                                                                                                                                                                0x00406136
                                                                                                                                                                                                                                0x004061a7
                                                                                                                                                                                                                                0x004061aa
                                                                                                                                                                                                                                0x004061ad
                                                                                                                                                                                                                                0x004061b4
                                                                                                                                                                                                                                0x004061be
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00406138
                                                                                                                                                                                                                                0x0040613c
                                                                                                                                                                                                                                0x0040613f
                                                                                                                                                                                                                                0x00406141
                                                                                                                                                                                                                                0x00406144
                                                                                                                                                                                                                                0x00406147
                                                                                                                                                                                                                                0x00406149
                                                                                                                                                                                                                                0x0040614c
                                                                                                                                                                                                                                0x0040614e
                                                                                                                                                                                                                                0x00406153
                                                                                                                                                                                                                                0x00406156
                                                                                                                                                                                                                                0x00406159
                                                                                                                                                                                                                                0x0040615d
                                                                                                                                                                                                                                0x00406164
                                                                                                                                                                                                                                0x00406167
                                                                                                                                                                                                                                0x0040616e
                                                                                                                                                                                                                                0x00406172
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x0040617a
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406174
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x00406169
                                                                                                                                                                                                                                0x0040617e
                                                                                                                                                                                                                                0x00406181
                                                                                                                                                                                                                                0x0040619f
                                                                                                                                                                                                                                0x004061a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406183
                                                                                                                                                                                                                                0x00406186
                                                                                                                                                                                                                                0x00406189
                                                                                                                                                                                                                                0x0040618c
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x0040618e
                                                                                                                                                                                                                                0x00406191
                                                                                                                                                                                                                                0x00406194
                                                                                                                                                                                                                                0x00406196
                                                                                                                                                                                                                                0x00406197
                                                                                                                                                                                                                                0x0040619a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040619a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063d0
                                                                                                                                                                                                                                0x004063d4
                                                                                                                                                                                                                                0x004063f2
                                                                                                                                                                                                                                0x004063f5
                                                                                                                                                                                                                                0x004063fc
                                                                                                                                                                                                                                0x004063ff
                                                                                                                                                                                                                                0x00406402
                                                                                                                                                                                                                                0x00406405
                                                                                                                                                                                                                                0x00406408
                                                                                                                                                                                                                                0x0040640b
                                                                                                                                                                                                                                0x0040640d
                                                                                                                                                                                                                                0x00406414
                                                                                                                                                                                                                                0x00406415
                                                                                                                                                                                                                                0x00406417
                                                                                                                                                                                                                                0x0040641a
                                                                                                                                                                                                                                0x0040641d
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406420
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406425
                                                                                                                                                                                                                                0x004063d6
                                                                                                                                                                                                                                0x004063d9
                                                                                                                                                                                                                                0x004063dc
                                                                                                                                                                                                                                0x004063e6
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040647d
                                                                                                                                                                                                                                0x00406481
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406487
                                                                                                                                                                                                                                0x0040648b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406491
                                                                                                                                                                                                                                0x00406493
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x00406497
                                                                                                                                                                                                                                0x0040649a
                                                                                                                                                                                                                                0x0040649e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064ee
                                                                                                                                                                                                                                0x004064f2
                                                                                                                                                                                                                                0x004064f9
                                                                                                                                                                                                                                0x004064fc
                                                                                                                                                                                                                                0x004064ff
                                                                                                                                                                                                                                0x00406509
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x004064f4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406515
                                                                                                                                                                                                                                0x00406519
                                                                                                                                                                                                                                0x00406520
                                                                                                                                                                                                                                0x00406523
                                                                                                                                                                                                                                0x00406526
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x0040651b
                                                                                                                                                                                                                                0x00406529
                                                                                                                                                                                                                                0x0040652c
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x0040652f
                                                                                                                                                                                                                                0x00406532
                                                                                                                                                                                                                                0x00406535
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x00406538
                                                                                                                                                                                                                                0x0040653b
                                                                                                                                                                                                                                0x00406542
                                                                                                                                                                                                                                0x00406547
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d5
                                                                                                                                                                                                                                0x004065d9
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406977
                                                                                                                                                                                                                                0x004065df
                                                                                                                                                                                                                                0x004065e2
                                                                                                                                                                                                                                0x004065e5
                                                                                                                                                                                                                                0x004065e9
                                                                                                                                                                                                                                0x004065ec
                                                                                                                                                                                                                                0x004065f2
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f4
                                                                                                                                                                                                                                0x004065f7
                                                                                                                                                                                                                                0x004065fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ca
                                                                                                                                                                                                                                0x004061ce
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040693b
                                                                                                                                                                                                                                0x004061d4
                                                                                                                                                                                                                                0x004061d7
                                                                                                                                                                                                                                0x004061da
                                                                                                                                                                                                                                0x004061de
                                                                                                                                                                                                                                0x004061e1
                                                                                                                                                                                                                                0x004061e7
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061e9
                                                                                                                                                                                                                                0x004061ec
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061ef
                                                                                                                                                                                                                                0x004061f2
                                                                                                                                                                                                                                0x004061f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004061fb
                                                                                                                                                                                                                                0x00406201
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x00406207
                                                                                                                                                                                                                                0x0040620b
                                                                                                                                                                                                                                0x0040620e
                                                                                                                                                                                                                                0x00406211
                                                                                                                                                                                                                                0x00406214
                                                                                                                                                                                                                                0x00406217
                                                                                                                                                                                                                                0x00406218
                                                                                                                                                                                                                                0x0040621b
                                                                                                                                                                                                                                0x0040621d
                                                                                                                                                                                                                                0x00406223
                                                                                                                                                                                                                                0x00406226
                                                                                                                                                                                                                                0x00406229
                                                                                                                                                                                                                                0x0040622c
                                                                                                                                                                                                                                0x0040622f
                                                                                                                                                                                                                                0x00406232
                                                                                                                                                                                                                                0x00406235
                                                                                                                                                                                                                                0x00406251
                                                                                                                                                                                                                                0x00406254
                                                                                                                                                                                                                                0x00406257
                                                                                                                                                                                                                                0x0040625a
                                                                                                                                                                                                                                0x00406261
                                                                                                                                                                                                                                0x00406265
                                                                                                                                                                                                                                0x00406267
                                                                                                                                                                                                                                0x0040626b
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x00406237
                                                                                                                                                                                                                                0x0040623b
                                                                                                                                                                                                                                0x00406243
                                                                                                                                                                                                                                0x00406248
                                                                                                                                                                                                                                0x0040624a
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040624c
                                                                                                                                                                                                                                0x0040626e
                                                                                                                                                                                                                                0x00406275
                                                                                                                                                                                                                                0x00406278
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040627e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406283
                                                                                                                                                                                                                                0x00406287
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406947
                                                                                                                                                                                                                                0x0040628d
                                                                                                                                                                                                                                0x00406290
                                                                                                                                                                                                                                0x00406293
                                                                                                                                                                                                                                0x00406297
                                                                                                                                                                                                                                0x0040629a
                                                                                                                                                                                                                                0x004062a0
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a2
                                                                                                                                                                                                                                0x004062a5
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062a8
                                                                                                                                                                                                                                0x004062ae
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004062b0
                                                                                                                                                                                                                                0x004062b3
                                                                                                                                                                                                                                0x004062b6
                                                                                                                                                                                                                                0x004062b9
                                                                                                                                                                                                                                0x004062bc
                                                                                                                                                                                                                                0x004062bf
                                                                                                                                                                                                                                0x004062c2
                                                                                                                                                                                                                                0x004062c5
                                                                                                                                                                                                                                0x004062c8
                                                                                                                                                                                                                                0x004062cb
                                                                                                                                                                                                                                0x004062ce
                                                                                                                                                                                                                                0x004062e6
                                                                                                                                                                                                                                0x004062e9
                                                                                                                                                                                                                                0x004062ec
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062ef
                                                                                                                                                                                                                                0x004062f2
                                                                                                                                                                                                                                0x004062f6
                                                                                                                                                                                                                                0x004062f8
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d0
                                                                                                                                                                                                                                0x004062d8
                                                                                                                                                                                                                                0x004062dd
                                                                                                                                                                                                                                0x004062df
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062e1
                                                                                                                                                                                                                                0x004062fb
                                                                                                                                                                                                                                0x00406302
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406307
                                                                                                                                                                                                                                0x00406305
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x0040630c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x00406347
                                                                                                                                                                                                                                0x0040634b
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406953
                                                                                                                                                                                                                                0x00406351
                                                                                                                                                                                                                                0x00406354
                                                                                                                                                                                                                                0x00406357
                                                                                                                                                                                                                                0x0040635b
                                                                                                                                                                                                                                0x0040635e
                                                                                                                                                                                                                                0x00406364
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406366
                                                                                                                                                                                                                                0x00406369
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x0040636c
                                                                                                                                                                                                                                0x00406372
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406310
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406313
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406374
                                                                                                                                                                                                                                0x00406377
                                                                                                                                                                                                                                0x0040637a
                                                                                                                                                                                                                                0x0040637d
                                                                                                                                                                                                                                0x00406380
                                                                                                                                                                                                                                0x00406383
                                                                                                                                                                                                                                0x00406386
                                                                                                                                                                                                                                0x00406389
                                                                                                                                                                                                                                0x0040638c
                                                                                                                                                                                                                                0x0040638f
                                                                                                                                                                                                                                0x00406392
                                                                                                                                                                                                                                0x004063aa
                                                                                                                                                                                                                                0x004063ad
                                                                                                                                                                                                                                0x004063b0
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b3
                                                                                                                                                                                                                                0x004063b6
                                                                                                                                                                                                                                0x004063ba
                                                                                                                                                                                                                                0x004063bc
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x00406394
                                                                                                                                                                                                                                0x0040639c
                                                                                                                                                                                                                                0x004063a1
                                                                                                                                                                                                                                0x004063a3
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063a5
                                                                                                                                                                                                                                0x004063bf
                                                                                                                                                                                                                                0x004063c6
                                                                                                                                                                                                                                0x004063c9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004063cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x00406658
                                                                                                                                                                                                                                0x0040665c
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406983
                                                                                                                                                                                                                                0x00406662
                                                                                                                                                                                                                                0x00406665
                                                                                                                                                                                                                                0x00406668
                                                                                                                                                                                                                                0x0040666c
                                                                                                                                                                                                                                0x0040666f
                                                                                                                                                                                                                                0x00406675
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x00406677
                                                                                                                                                                                                                                0x0040667a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x00406428
                                                                                                                                                                                                                                0x0040642b
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406767
                                                                                                                                                                                                                                0x0040676b
                                                                                                                                                                                                                                0x0040678d
                                                                                                                                                                                                                                0x00406790
                                                                                                                                                                                                                                0x0040679a
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040679d
                                                                                                                                                                                                                                0x0040676d
                                                                                                                                                                                                                                0x00406770
                                                                                                                                                                                                                                0x00406774
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x00406777
                                                                                                                                                                                                                                0x0040677a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406824
                                                                                                                                                                                                                                0x00406828
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x00406846
                                                                                                                                                                                                                                0x0040684d
                                                                                                                                                                                                                                0x00406854
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040685b
                                                                                                                                                                                                                                0x0040682a
                                                                                                                                                                                                                                0x0040682d
                                                                                                                                                                                                                                0x00406830
                                                                                                                                                                                                                                0x00406833
                                                                                                                                                                                                                                0x0040683a
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x0040677e
                                                                                                                                                                                                                                0x00406781
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406915
                                                                                                                                                                                                                                0x00406918
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040654f
                                                                                                                                                                                                                                0x00406551
                                                                                                                                                                                                                                0x00406558
                                                                                                                                                                                                                                0x00406559
                                                                                                                                                                                                                                0x0040655b
                                                                                                                                                                                                                                0x0040655e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406566
                                                                                                                                                                                                                                0x00406569
                                                                                                                                                                                                                                0x0040656c
                                                                                                                                                                                                                                0x0040656e
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406570
                                                                                                                                                                                                                                0x00406571
                                                                                                                                                                                                                                0x00406574
                                                                                                                                                                                                                                0x0040657b
                                                                                                                                                                                                                                0x0040657e
                                                                                                                                                                                                                                0x0040658c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406862
                                                                                                                                                                                                                                0x00406865
                                                                                                                                                                                                                                0x0040686c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406871
                                                                                                                                                                                                                                0x00406875
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069ad
                                                                                                                                                                                                                                0x0040687b
                                                                                                                                                                                                                                0x0040687e
                                                                                                                                                                                                                                0x00406881
                                                                                                                                                                                                                                0x00406885
                                                                                                                                                                                                                                0x00406888
                                                                                                                                                                                                                                0x0040688e
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406890
                                                                                                                                                                                                                                0x00406893
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406896
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x00406899
                                                                                                                                                                                                                                0x0040689d
                                                                                                                                                                                                                                0x004068fd
                                                                                                                                                                                                                                0x00406900
                                                                                                                                                                                                                                0x00406905
                                                                                                                                                                                                                                0x00406906
                                                                                                                                                                                                                                0x00406908
                                                                                                                                                                                                                                0x0040690a
                                                                                                                                                                                                                                0x0040690d
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040681f
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x0040689f
                                                                                                                                                                                                                                0x004068a5
                                                                                                                                                                                                                                0x004068a8
                                                                                                                                                                                                                                0x004068ab
                                                                                                                                                                                                                                0x004068ae
                                                                                                                                                                                                                                0x004068b1
                                                                                                                                                                                                                                0x004068b4
                                                                                                                                                                                                                                0x004068b7
                                                                                                                                                                                                                                0x004068ba
                                                                                                                                                                                                                                0x004068bd
                                                                                                                                                                                                                                0x004068c0
                                                                                                                                                                                                                                0x004068d9
                                                                                                                                                                                                                                0x004068dc
                                                                                                                                                                                                                                0x004068df
                                                                                                                                                                                                                                0x004068e2
                                                                                                                                                                                                                                0x004068e6
                                                                                                                                                                                                                                0x004068e8
                                                                                                                                                                                                                                0x004068e8
                                                                                                                                                                                                                                0x004068e9
                                                                                                                                                                                                                                0x004068ec
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068c2
                                                                                                                                                                                                                                0x004068ca
                                                                                                                                                                                                                                0x004068cf
                                                                                                                                                                                                                                0x004068d1
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068d4
                                                                                                                                                                                                                                0x004068ef
                                                                                                                                                                                                                                0x004068f6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004068f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406594
                                                                                                                                                                                                                                0x00406597
                                                                                                                                                                                                                                0x004065cd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x004066fd
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406700
                                                                                                                                                                                                                                0x00406703
                                                                                                                                                                                                                                0x00406705
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040698f
                                                                                                                                                                                                                                0x0040670b
                                                                                                                                                                                                                                0x0040670e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406714
                                                                                                                                                                                                                                0x00406718
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671b
                                                                                                                                                                                                                                0x00406599
                                                                                                                                                                                                                                0x0040659b
                                                                                                                                                                                                                                0x0040659d
                                                                                                                                                                                                                                0x0040659f
                                                                                                                                                                                                                                0x004065a2
                                                                                                                                                                                                                                0x004065a3
                                                                                                                                                                                                                                0x004065a5
                                                                                                                                                                                                                                0x004065a7
                                                                                                                                                                                                                                0x004065aa
                                                                                                                                                                                                                                0x004065ad
                                                                                                                                                                                                                                0x004065c3
                                                                                                                                                                                                                                0x004065c8
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406600
                                                                                                                                                                                                                                0x00406604
                                                                                                                                                                                                                                0x00406630
                                                                                                                                                                                                                                0x00406632
                                                                                                                                                                                                                                0x00406639
                                                                                                                                                                                                                                0x0040663c
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x0040663f
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406644
                                                                                                                                                                                                                                0x00406646
                                                                                                                                                                                                                                0x00406649
                                                                                                                                                                                                                                0x00406650
                                                                                                                                                                                                                                0x00406653
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406680
                                                                                                                                                                                                                                0x00406683
                                                                                                                                                                                                                                0x00406686
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066fa
                                                                                                                                                                                                                                0x00406688
                                                                                                                                                                                                                                0x0040668e
                                                                                                                                                                                                                                0x00406691
                                                                                                                                                                                                                                0x00406694
                                                                                                                                                                                                                                0x00406697
                                                                                                                                                                                                                                0x0040669a
                                                                                                                                                                                                                                0x0040669d
                                                                                                                                                                                                                                0x004066a0
                                                                                                                                                                                                                                0x004066a3
                                                                                                                                                                                                                                0x004066a6
                                                                                                                                                                                                                                0x004066a9
                                                                                                                                                                                                                                0x004066c2
                                                                                                                                                                                                                                0x004066c4
                                                                                                                                                                                                                                0x004066c7
                                                                                                                                                                                                                                0x004066c8
                                                                                                                                                                                                                                0x004066cb
                                                                                                                                                                                                                                0x004066cd
                                                                                                                                                                                                                                0x004066d0
                                                                                                                                                                                                                                0x004066d2
                                                                                                                                                                                                                                0x004066d4
                                                                                                                                                                                                                                0x004066d7
                                                                                                                                                                                                                                0x004066d9
                                                                                                                                                                                                                                0x004066dc
                                                                                                                                                                                                                                0x004066e0
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e2
                                                                                                                                                                                                                                0x004066e3
                                                                                                                                                                                                                                0x004066e6
                                                                                                                                                                                                                                0x004066e9
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066ab
                                                                                                                                                                                                                                0x004066b3
                                                                                                                                                                                                                                0x004066b8
                                                                                                                                                                                                                                0x004066ba
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066bd
                                                                                                                                                                                                                                0x004066ec
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x0040667d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004066f5
                                                                                                                                                                                                                                0x004066f3
                                                                                                                                                                                                                                0x00406606
                                                                                                                                                                                                                                0x00406609
                                                                                                                                                                                                                                0x0040660b
                                                                                                                                                                                                                                0x0040660e
                                                                                                                                                                                                                                0x00406611
                                                                                                                                                                                                                                0x00406614
                                                                                                                                                                                                                                0x00406616
                                                                                                                                                                                                                                0x00406619
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661c
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x0040661f
                                                                                                                                                                                                                                0x00406622
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x004065fd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040662b
                                                                                                                                                                                                                                0x00406629
                                                                                                                                                                                                                                0x004065af
                                                                                                                                                                                                                                0x004065b2
                                                                                                                                                                                                                                0x004065b4
                                                                                                                                                                                                                                0x004065b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x00406316
                                                                                                                                                                                                                                0x0040631a
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040695f
                                                                                                                                                                                                                                0x00406320
                                                                                                                                                                                                                                0x00406323
                                                                                                                                                                                                                                0x00406326
                                                                                                                                                                                                                                0x00406329
                                                                                                                                                                                                                                0x0040632c
                                                                                                                                                                                                                                0x0040632f
                                                                                                                                                                                                                                0x00406332
                                                                                                                                                                                                                                0x00406334
                                                                                                                                                                                                                                0x00406337
                                                                                                                                                                                                                                0x0040633a
                                                                                                                                                                                                                                0x0040633d
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x0040633f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a1
                                                                                                                                                                                                                                0x004064a5
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040696b
                                                                                                                                                                                                                                0x004064ab
                                                                                                                                                                                                                                0x004064ae
                                                                                                                                                                                                                                0x004064b1
                                                                                                                                                                                                                                0x004064b4
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b6
                                                                                                                                                                                                                                0x004064b9
                                                                                                                                                                                                                                0x004064bc
                                                                                                                                                                                                                                0x004064bf
                                                                                                                                                                                                                                0x004064c2
                                                                                                                                                                                                                                0x004064c5
                                                                                                                                                                                                                                0x004064c8
                                                                                                                                                                                                                                0x004064c9
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064cb
                                                                                                                                                                                                                                0x004064ce
                                                                                                                                                                                                                                0x004064d1
                                                                                                                                                                                                                                0x004064d4
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064d7
                                                                                                                                                                                                                                0x004064da
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x004064dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x0040671e
                                                                                                                                                                                                                                0x00406722
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406728
                                                                                                                                                                                                                                0x0040672b
                                                                                                                                                                                                                                0x0040672e
                                                                                                                                                                                                                                0x00406731
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406733
                                                                                                                                                                                                                                0x00406736
                                                                                                                                                                                                                                0x00406739
                                                                                                                                                                                                                                0x0040673c
                                                                                                                                                                                                                                0x0040673f
                                                                                                                                                                                                                                0x00406742
                                                                                                                                                                                                                                0x00406745
                                                                                                                                                                                                                                0x00406746
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x00406748
                                                                                                                                                                                                                                0x0040674b
                                                                                                                                                                                                                                0x0040674e
                                                                                                                                                                                                                                0x00406751
                                                                                                                                                                                                                                0x00406754
                                                                                                                                                                                                                                0x00406757
                                                                                                                                                                                                                                0x0040675b
                                                                                                                                                                                                                                0x0040675d
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00406762
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004064df
                                                                                                                                                                                                                                0x00406760
                                                                                                                                                                                                                                0x00406995
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405fc4
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004069cc
                                                                                                                                                                                                                                0x00406819
                                                                                                                                                                                                                                0x004067a0
                                                                                                                                                                                                                                0x0040679d

                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                                                                                                                                                • Instruction ID: fa01dbb36adddbb747bc37ce8d7c8691094d52a97b4972d7f98645f49a39bfe1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3715671D00229CBEF28CF98C844BADBBB1FF44305F11816AD856BB281C7795A56DF54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401B06, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 59%
                                                                                                                                                                                                                                			E00401B06(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x1c));
				_t30 =  *0x40af70; // 0x0
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E00405B88(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x24)));
						_t11 =  *0x40af70; // 0x0
						 *_t34 = _t11;
						 *0x40af70 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x4
							E00405B66(_t33, _t2);
							_push(_t30);
							 *0x40af70 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E00405B66(0x409b70, _t30 + 4);
								_t21 =  *0x40af70; // 0x0
								E00405B66(_t32, _t21 + 4);
								_t24 =  *0x40af70; // 0x0
								_push(0x409b70);
								_push(_t24 + 4);
								E00405B66();
								L15:
								 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00405B88(_t27, _t30, _t33, _t27, 0xffffffe8));
					E00405427();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                                                                                                                                                                                                                0x00401b06
                                                                                                                                                                                                                                0x00401b06
                                                                                                                                                                                                                                0x00401b09
                                                                                                                                                                                                                                0x00401b11
                                                                                                                                                                                                                                0x00401b59
                                                                                                                                                                                                                                0x00401b87
                                                                                                                                                                                                                                0x00401b90
                                                                                                                                                                                                                                0x00401b92
                                                                                                                                                                                                                                0x00401b96
                                                                                                                                                                                                                                0x00401b9b
                                                                                                                                                                                                                                0x00401ba0
                                                                                                                                                                                                                                0x00401ba2
                                                                                                                                                                                                                                0x00401b5b
                                                                                                                                                                                                                                0x00401b5d
                                                                                                                                                                                                                                0x0040265c
                                                                                                                                                                                                                                0x00401b63
                                                                                                                                                                                                                                0x00401b63
                                                                                                                                                                                                                                0x00401b68
                                                                                                                                                                                                                                0x00401b6f
                                                                                                                                                                                                                                0x00401b70
                                                                                                                                                                                                                                0x00401b75
                                                                                                                                                                                                                                0x00401b75
                                                                                                                                                                                                                                0x00401b5d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00401b13
                                                                                                                                                                                                                                0x00401b13
                                                                                                                                                                                                                                0x00401b13
                                                                                                                                                                                                                                0x00401b16
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00401b1c
                                                                                                                                                                                                                                0x00401b20
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00401b22
                                                                                                                                                                                                                                0x00401b24
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00401b2a
                                                                                                                                                                                                                                0x00401b2a
                                                                                                                                                                                                                                0x00401b34
                                                                                                                                                                                                                                0x00401b39
                                                                                                                                                                                                                                0x00401b43
                                                                                                                                                                                                                                0x00401b48
                                                                                                                                                                                                                                0x00401b4d
                                                                                                                                                                                                                                0x00401b51
                                                                                                                                                                                                                                0x004027b1
                                                                                                                                                                                                                                0x0040288b
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x00402894
                                                                                                                                                                                                                                0x00402894
                                                                                                                                                                                                                                0x00401b24
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00401b20
                                                                                                                                                                                                                                0x004021fb
                                                                                                                                                                                                                                0x00402208
                                                                                                                                                                                                                                0x00402209
                                                                                                                                                                                                                                0x0040220e
                                                                                                                                                                                                                                0x0040220e
                                                                                                                                                                                                                                0x00402896
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 00401B75
                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401B87
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$AllocFree
                                                                                                                                                                                                                                • String ID: Show_UI
                                                                                                                                                                                                                                • API String ID: 3394109436-693166194
                                                                                                                                                                                                                                • Opcode ID: 5747e91741e3fb9927a96d57e63499978fea871437ab26d6890173ae8e86a1be
                                                                                                                                                                                                                                • Instruction ID: f6df762d61d54559a5bd4bb911f236f7c2d089bf7a2c1af573ad77b5def0dbe6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5747e91741e3fb9927a96d57e63499978fea871437ab26d6890173ae8e86a1be
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F2181B2A006169BC710AFA4DE85D5E73B4EB44318724463BF502F32D0DB7CB9129B5E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401E1B, Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                			E00401E1B() {
				void* _t15;
				void* _t24;
				void* _t26;
				void* _t31;

				_t28 = E004029F6(_t24);
				E00404F04(0xffffffeb, _t13);
				_t15 = E004053C6(_t28); // executed
				 *(_t31 + 8) = _t15;
				if(_t15 == _t24) {
					 *((intOrPtr*)(_t31 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t31 - 0x1c)) != _t24) {
						while(WaitForSingleObject( *(_t31 + 8), 0x64) == 0x102) {
							E00405EC1(0xf);
						}
						GetExitCodeProcess( *(_t31 + 8), _t31 - 8);
						if( *((intOrPtr*)(_t31 - 0x20)) < _t24) {
							if( *(_t31 - 8) != _t24) {
								 *((intOrPtr*)(_t31 - 4)) = 1;
							}
						} else {
							E00405AC4(_t26,  *(_t31 - 8));
						}
					}
					_push( *(_t31 + 8));
					CloseHandle();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t31 - 4));
				return 0;
			}







                                                                                                                                                                                                                                0x00401e21
                                                                                                                                                                                                                                0x00401e26
                                                                                                                                                                                                                                0x00401e2c
                                                                                                                                                                                                                                0x00401e33
                                                                                                                                                                                                                                0x00401e36
                                                                                                                                                                                                                                0x0040265c
                                                                                                                                                                                                                                0x00401e3c
                                                                                                                                                                                                                                0x00401e3f
                                                                                                                                                                                                                                0x00401e50
                                                                                                                                                                                                                                0x00401e4b
                                                                                                                                                                                                                                0x00401e4b
                                                                                                                                                                                                                                0x00401e65
                                                                                                                                                                                                                                0x00401e6e
                                                                                                                                                                                                                                0x00401e7e
                                                                                                                                                                                                                                0x00401e80
                                                                                                                                                                                                                                0x00401e80
                                                                                                                                                                                                                                0x00401e70
                                                                                                                                                                                                                                0x00401e74
                                                                                                                                                                                                                                0x00401e74
                                                                                                                                                                                                                                0x00401e6e
                                                                                                                                                                                                                                0x00401e87
                                                                                                                                                                                                                                0x00401e8a
                                                                                                                                                                                                                                0x00401e8a
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404F98
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FB2
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FC0
                                                                                                                                                                                                                                  • Part of subcall function 004053C6: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                                                                                                                                                                                                                  • Part of subcall function 004053C6: CloseHandle.KERNEL32(?), ref: 004053F8
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E55
                                                                                                                                                                                                                                • GetExitCodeProcess.KERNEL32 ref: 00401E65
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401E8A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3521207402-0
                                                                                                                                                                                                                                • Opcode ID: 45ab694d93d3c8083ca874a04595ab13abe68012b6660c3dff7b3237667625b0
                                                                                                                                                                                                                                • Instruction ID: 355628b0c836e6669011c6779fae97b23835f6d082b04fdd633ca662238f37b1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45ab694d93d3c8083ca874a04595ab13abe68012b6660c3dff7b3237667625b0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19019271D04215EBCF11AF91CD8599E7A75EB40358F20403BFA05B51E1C3794A82DBDE
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405A4D, Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 90%
                                                                                                                                                                                                                                			E00405A4D(void* _a4, int _a8, char* _a12, int _a16, void* _a20) {
				long _t20;
				long _t23;
				long _t24;
				char* _t26;

				asm("sbb eax, eax");
				_t26 = _a16;
				 *_t26 = 0;
				_t20 = RegOpenKeyExA(_a4, _a8, 0,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				if(_t20 == 0) {
					_a8 = 0x400;
					_t23 = RegQueryValueExA(_a20, _a12, 0,  &_a16, _t26,  &_a8); // executed
					if(_t23 != 0 || _a16 != 1 && _a16 != 2) {
						 *_t26 = 0;
					}
					_t26[0x3ff] = 0;
					_t24 = RegCloseKey(_a20); // executed
					return _t24;
				}
				return _t20;
			}







                                                                                                                                                                                                                                0x00405a5d
                                                                                                                                                                                                                                0x00405a5f
                                                                                                                                                                                                                                0x00405a6c
                                                                                                                                                                                                                                0x00405a76
                                                                                                                                                                                                                                0x00405a7e
                                                                                                                                                                                                                                0x00405a83
                                                                                                                                                                                                                                0x00405a97
                                                                                                                                                                                                                                0x00405a9f
                                                                                                                                                                                                                                0x00405aad
                                                                                                                                                                                                                                0x00405aad
                                                                                                                                                                                                                                0x00405ab2
                                                                                                                                                                                                                                0x00405ab8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405ab8
                                                                                                                                                                                                                                0x00405ac1

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,00405C89,00000000,00000002,?,00000002,0012A4E9,?,00405C89,80000002,Software\Microsoft\Windows\CurrentVersion,0012A4E9,100,0054E3C1), ref: 00405A76
                                                                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(0012A4E9,?,00000000,00405C89,0012A4E9,00405C89), ref: 00405A97
                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?), ref: 00405AB8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3677997916-0
                                                                                                                                                                                                                                • Opcode ID: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                                                                                                                                                                                                                                • Instruction ID: 1f5187eb0d206272966296eac295dca0b6851c7ebc3b2299c22a00064415c0d3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E01487114020AEFDB128F64EC84AEB3FACEF14394F004526F945E6120D335D964DFA5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402427, Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                			E00402427(int* __ebx, char* __esi) {
				int _t8;
				long _t11;
				int* _t14;
				void* _t18;
				char* _t20;
				void* _t22;
				void* _t25;

				_t20 = __esi;
				_t14 = __ebx;
				_t18 = E00402B00(_t25, 0x20019);
				_t8 = E004029D9(3);
				 *__esi = __ebx;
				if(_t18 == __ebx) {
					L7:
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					 *(_t22 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t22 - 0x14)) == __ebx) {
						_t11 = RegEnumValueA(_t18, _t8, __esi, _t22 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t11;
						if(_t11 != 0) {
							goto L7;
						} else {
							goto L4;
						}
					} else {
						RegEnumKeyA(_t18, _t8, __esi, 0x3ff);
						L4:
						_t20[0x3ff] = _t14;
						_push(_t18); // executed
						RegCloseKey(); // executed
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}










                                                                                                                                                                                                                                0x00402427
                                                                                                                                                                                                                                0x00402427
                                                                                                                                                                                                                                0x00402433
                                                                                                                                                                                                                                0x00402435
                                                                                                                                                                                                                                0x0040243c
                                                                                                                                                                                                                                0x0040243e
                                                                                                                                                                                                                                0x0040265c
                                                                                                                                                                                                                                0x0040265c
                                                                                                                                                                                                                                0x00402444
                                                                                                                                                                                                                                0x0040244c
                                                                                                                                                                                                                                0x0040244f
                                                                                                                                                                                                                                0x00402468
                                                                                                                                                                                                                                0x0040246e
                                                                                                                                                                                                                                0x00402470
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402451
                                                                                                                                                                                                                                0x00402455
                                                                                                                                                                                                                                0x00402476
                                                                                                                                                                                                                                0x00402476
                                                                                                                                                                                                                                0x0040247c
                                                                                                                                                                                                                                0x0040247d
                                                                                                                                                                                                                                0x0040247d
                                                                                                                                                                                                                                0x0040244f
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00402B00: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                                                                                                • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402455
                                                                                                                                                                                                                                • RegEnumValueA.ADVAPI32 ref: 00402468
                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,Software\APN PIP\MP3R7,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Enum$CloseOpenValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 167947723-0
                                                                                                                                                                                                                                • Opcode ID: 6a21badf5a871955e3ace1afb9f593eb2e60632fa136461b3b888f04c3496c79
                                                                                                                                                                                                                                • Instruction ID: ca0bea074700aed3f6d5cd19b6a76ded14fd7da9354d4d4a85815760a07b6232
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a21badf5a871955e3ace1afb9f593eb2e60632fa136461b3b888f04c3496c79
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31F0A271A04201EFE715AF659E88EBB7A6CDB40398F10443FF406A61C0D6B85D42967A
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403EF1, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00403EF1(int _a4) {
				long _t3;

				if(_a4 == 0x78) {
					 *0x42366c =  *0x42366c + 1;
				}
				_t3 = SendMessageA( *0x423ea8, 0x408, _a4, 0); // executed
				return _t3;
			}




                                                                                                                                                                                                                                0x00403ef6
                                                                                                                                                                                                                                0x00403ef8
                                                                                                                                                                                                                                0x00403ef8
                                                                                                                                                                                                                                0x00403f0f
                                                                                                                                                                                                                                0x00403f15

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                • String ID: x
                                                                                                                                                                                                                                • API String ID: 3850602802-2363233923
                                                                                                                                                                                                                                • Opcode ID: 46d605fedc9b17ed3aa99e624faff798016ffe450984ce7ce2feb54509c3447d
                                                                                                                                                                                                                                • Instruction ID: 0a00224ba8322c10e7c5ad3fa7d0cdf23506fb3b21bf1cf3cfca3f20ccc8a775
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 46d605fedc9b17ed3aa99e624faff798016ffe450984ce7ce2feb54509c3447d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29C012B2688200BECB205F12DE01F06BA31E7A0703F109039F344200B4C2B86622EB0D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 1000120C, Relevance: 3.2, APIs: 2, Instructions: 156synchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 26%
                                                                                                                                                                                                                                			E1000120C(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t31;
				void* _t32;
				void* _t36;
				void* _t40;
				void* _t49;
				void* _t54;
				void* _t58;
				signed int _t65;
				void* _t70;
				void* _t79;
				intOrPtr _t81;
				signed int _t88;
				intOrPtr _t90;
				intOrPtr _t91;
				void* _t92;
				void* _t94;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				intOrPtr _t106;
				intOrPtr _t107;

				if( *0x10004040 != 0 && E10002987(_a4) == 0) {
					 *0x10004044 = _t106;
					if( *0x1000403c != 0) {
						_t106 =  *0x1000403c;
					} else {
						E10002A10(E10002981(), __ecx);
						 *0x1000403c = _t106;
					}
				}
				_t31 = E100029C3(_a4);
				_t107 = _t106 + 4;
				if(_t31 <= 0) {
					L9:
					_t32 = E100029B7();
					_t81 = _a4;
					_t90 =  *0x10004048;
					 *((intOrPtr*)(_t32 + _t81)) = _t90;
					 *0x10004048 = _t81;
					E100029B1();
					_t36 = CreateMutexA(??, ??, ??); // executed
					 *0x10004000 = _t36;
					 *0x10004004 = _t90;
					if( *0x10004040 != 0 && E10002987( *0x10004048) == 0) {
						 *0x1000403c = _t107;
						_t107 =  *0x10004044;
					}
					_t91 =  *0x10004048;
					_a4 = _t91;
					 *0x10004048 =  *((intOrPtr*)(E100029B7() + _t91));
					_t40 = E10002995(_t91);
					_pop(_t92);
					if(_t40 != 0) {
						_t49 = E100029C3(_t92);
						if(_t49 > 0) {
							_push(_t49);
							_push(E100029CE() + _a4 + _v8);
							_push(E100029D8());
							if( *0x10004040 <= 0 || E10002987(_a4) != 0) {
								_pop(_t101);
								_pop(_t54);
								if( *((intOrPtr*)(_t101 + _t54)) == 2) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t102);
								_pop(_t58);
								 *0x1000403c =  *0x1000403c +  *(_t102 + _t58) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					if( *0x10004048 == 0) {
						 *0x1000403c = 0;
					}
					_t94 = _a4 + E100029CE();
					 *(E100029DC() + _t94) =  *0x10004000;
					 *((intOrPtr*)(E100029E0() + _t94)) =  *0x10004004;
					E100029F0(_a4);
					if(E100029A3() != 0) {
						 *0x10004054 = GetLastError();
					}
					return _a4;
				}
				_push(E100029CE() + _a4);
				_t65 = E100029D4();
				_v8 = _t65;
				_t88 = _t31;
				_push(_t77 + _t65 * _t88);
				_t79 = E100029E0();
				_t100 = E100029DC();
				_t103 = E100029D8();
				_t70 = _t88;
				if( *((intOrPtr*)(_t103 + _t70)) == 2) {
					_push( *((intOrPtr*)(_t79 + _t70)));
				}
				_push( *((intOrPtr*)(_t100 + _t70)));
				asm("loop 0xfffffff1");
				goto L9;
			}


























                                                                                                                                                                                                                                0x1000121c
                                                                                                                                                                                                                                0x1000122d
                                                                                                                                                                                                                                0x1000123a
                                                                                                                                                                                                                                0x1000124e
                                                                                                                                                                                                                                0x1000123c
                                                                                                                                                                                                                                0x10001241
                                                                                                                                                                                                                                0x10001246
                                                                                                                                                                                                                                0x10001246
                                                                                                                                                                                                                                0x1000123a
                                                                                                                                                                                                                                0x10001257
                                                                                                                                                                                                                                0x1000125c
                                                                                                                                                                                                                                0x10001262
                                                                                                                                                                                                                                0x100012a6
                                                                                                                                                                                                                                0x100012a6
                                                                                                                                                                                                                                0x100012ab
                                                                                                                                                                                                                                0x100012b0
                                                                                                                                                                                                                                0x100012b6
                                                                                                                                                                                                                                0x100012b8
                                                                                                                                                                                                                                0x100012be
                                                                                                                                                                                                                                0x100012cb
                                                                                                                                                                                                                                0x100012cd
                                                                                                                                                                                                                                0x100012d2
                                                                                                                                                                                                                                0x100012df
                                                                                                                                                                                                                                0x100012f2
                                                                                                                                                                                                                                0x100012f8
                                                                                                                                                                                                                                0x100012fe
                                                                                                                                                                                                                                0x100012ff
                                                                                                                                                                                                                                0x10001305
                                                                                                                                                                                                                                0x10001311
                                                                                                                                                                                                                                0x10001317
                                                                                                                                                                                                                                0x1000131f
                                                                                                                                                                                                                                0x10001320
                                                                                                                                                                                                                                0x10001323
                                                                                                                                                                                                                                0x1000132e
                                                                                                                                                                                                                                0x10001330
                                                                                                                                                                                                                                0x1000133c
                                                                                                                                                                                                                                0x10001342
                                                                                                                                                                                                                                0x1000134a
                                                                                                                                                                                                                                0x10001376
                                                                                                                                                                                                                                0x10001377
                                                                                                                                                                                                                                0x1000137d
                                                                                                                                                                                                                                0x1000137d
                                                                                                                                                                                                                                0x10001384
                                                                                                                                                                                                                                0x1000135a
                                                                                                                                                                                                                                0x1000135a
                                                                                                                                                                                                                                0x1000135b
                                                                                                                                                                                                                                0x10001369
                                                                                                                                                                                                                                0x10001372
                                                                                                                                                                                                                                0x10001372
                                                                                                                                                                                                                                0x1000134a
                                                                                                                                                                                                                                0x1000132e
                                                                                                                                                                                                                                0x1000138d
                                                                                                                                                                                                                                0x1000138f
                                                                                                                                                                                                                                0x1000138f
                                                                                                                                                                                                                                0x100013a1
                                                                                                                                                                                                                                0x100013ae
                                                                                                                                                                                                                                0x100013bc
                                                                                                                                                                                                                                0x100013c2
                                                                                                                                                                                                                                0x100013d0
                                                                                                                                                                                                                                0x100013d8
                                                                                                                                                                                                                                0x100013d8
                                                                                                                                                                                                                                0x100013e6
                                                                                                                                                                                                                                0x100013e6
                                                                                                                                                                                                                                0x1000126d
                                                                                                                                                                                                                                0x1000126e
                                                                                                                                                                                                                                0x10001273
                                                                                                                                                                                                                                0x10001277
                                                                                                                                                                                                                                0x1000127c
                                                                                                                                                                                                                                0x10001290
                                                                                                                                                                                                                                0x10001291
                                                                                                                                                                                                                                0x10001292
                                                                                                                                                                                                                                0x10001294
                                                                                                                                                                                                                                0x10001299
                                                                                                                                                                                                                                0x1000129b
                                                                                                                                                                                                                                0x1000129b
                                                                                                                                                                                                                                0x1000129e
                                                                                                                                                                                                                                0x100012a4
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateMutexA.KERNELBASE(00000000), ref: 100012CB
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 100013D2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1690752483.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690732782.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690765129.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690776803.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateErrorLastMutex
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1925916568-0
                                                                                                                                                                                                                                • Opcode ID: e37e7e391b3a2b8b5636dc6aebf24869d58b81a53228d5294debfeeb9962e7db
                                                                                                                                                                                                                                • Instruction ID: f07c43787ce958523a2b1e991860d2c35ff6be18a2ffa2491c02e46e3495c162
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e37e7e391b3a2b8b5636dc6aebf24869d58b81a53228d5294debfeeb9962e7db
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B75183FA904214DFFB20DFA4DC8279977A4EB443D4F21842AFA04E721DDB34A990CB55
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004023AF, Relevance: 3.1, APIs: 2, Instructions: 57registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                			E004023AF(int* __ebx, char* __esi) {
				void* _t18;
				char* _t19;
				long _t22;
				void* _t35;
				void* _t39;
				void* _t42;

				_t37 = __esi;
				_t29 = __ebx;
				_t18 = E00402B00(_t42, 0x20019); // executed
				_t35 = _t18;
				_t19 = E004029F6(0x33);
				 *__esi = __ebx;
				if(_t35 == __ebx) {
					 *(_t39 - 4) = 1;
				} else {
					 *(_t39 - 8) = 0x3ff;
					_t22 = RegQueryValueExA(_t35, _t19, __ebx, _t39 + 8, __esi, _t39 - 8); // executed
					if(_t22 != 0) {
						L7:
						 *_t37 = _t29;
						 *(_t39 - 4) = 1;
					} else {
						if( *(_t39 + 8) == 4) {
							__eflags =  *(_t39 - 0x14) - __ebx;
							 *(_t39 - 4) = 0 |  *(_t39 - 0x14) == __ebx;
							E00405AC4(__esi,  *__esi);
						} else {
							if( *(_t39 + 8) == 1 ||  *(_t39 + 8) == 2) {
								 *(_t39 - 4) =  *(_t39 - 0x14);
								_t37[ *(_t39 - 8)] = _t29;
							} else {
								goto L7;
							}
						}
					}
					_push(_t35); // executed
					RegCloseKey(); // executed
				}
				 *0x423f28 =  *0x423f28 +  *(_t39 - 4);
				return 0;
			}









                                                                                                                                                                                                                                0x004023af
                                                                                                                                                                                                                                0x004023af
                                                                                                                                                                                                                                0x004023b4
                                                                                                                                                                                                                                0x004023bb
                                                                                                                                                                                                                                0x004023bd
                                                                                                                                                                                                                                0x004023c4
                                                                                                                                                                                                                                0x004023c6
                                                                                                                                                                                                                                0x0040265c
                                                                                                                                                                                                                                0x004023cc
                                                                                                                                                                                                                                0x004023cf
                                                                                                                                                                                                                                0x004023df
                                                                                                                                                                                                                                0x004023ea
                                                                                                                                                                                                                                0x00402420
                                                                                                                                                                                                                                0x00402420
                                                                                                                                                                                                                                0x00402422
                                                                                                                                                                                                                                0x004023ec
                                                                                                                                                                                                                                0x004023f0
                                                                                                                                                                                                                                0x0040240f
                                                                                                                                                                                                                                0x00402416
                                                                                                                                                                                                                                0x00402419
                                                                                                                                                                                                                                0x004023f2
                                                                                                                                                                                                                                0x004023f5
                                                                                                                                                                                                                                0x00402400
                                                                                                                                                                                                                                0x00402406
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004023f5
                                                                                                                                                                                                                                0x004023f0
                                                                                                                                                                                                                                0x0040247c
                                                                                                                                                                                                                                0x0040247d
                                                                                                                                                                                                                                0x0040247d
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00402B00: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(00000000,00000000,?,000003FF,?,?,?,?,00000033), ref: 004023DF
                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,Software\APN PIP\MP3R7,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3677997916-0
                                                                                                                                                                                                                                • Opcode ID: eab15ab1fb9436d0461565b65d9f839641e6776e667b8b400d8ef67e93707a70
                                                                                                                                                                                                                                • Instruction ID: 12193c1ceb89264442681d64ce78cd47003ed4e83c7ffe784dc41c43057f06db
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eab15ab1fb9436d0461565b65d9f839641e6776e667b8b400d8ef67e93707a70
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C111E371900205EFDB15DF64CA889AF7BB4EF14348F20807FE442B72C1D2B88A45EB5A
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402866, Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00402866(signed int __eax) {
				RECT* _t10;
				signed int _t12;
				void* _t16;

				_t12 =  *0x4214a0; // 0x1
				SendMessageA( *(_t16 - 0x34), 0xb, _t12 & __eax, _t10); // executed
				if( *((intOrPtr*)(_t16 - 0x24)) != _t10) {
					InvalidateRect( *(_t16 - 0x34), _t10, _t10);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}






                                                                                                                                                                                                                                0x00402866
                                                                                                                                                                                                                                0x00402875
                                                                                                                                                                                                                                0x0040287e
                                                                                                                                                                                                                                0x00402885
                                                                                                                                                                                                                                0x00402885
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InvalidateMessageRectSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 909852535-0
                                                                                                                                                                                                                                • Opcode ID: 46d6f11c940701ec0eb3576edbaf6f76ecda1d887e6a847d8cdde8d99bec7f9f
                                                                                                                                                                                                                                • Instruction ID: bcd717e7596d016e205178ba64243b8d7c77eee19d70b8784ae4534d65a4b435
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 46d6f11c940701ec0eb3576edbaf6f76ecda1d887e6a847d8cdde8d99bec7f9f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2AE08C72B00104FFDB10DF94FE959AE77BAEB44359B10007AF201F10A0D2341D00CA28
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401D95, Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DAB
                                                                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 00401DB6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$EnableShow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1136574915-0
                                                                                                                                                                                                                                • Opcode ID: 01184a99a098fa4f7b5ffd0caf4b96e4eb64a91bfbc6cfc84e1934e58c82cbe0
                                                                                                                                                                                                                                • Instruction ID: 0a77d41913575adca2a7ede6e8d56263b744db67c7fbf003078f88b8ecd5966f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 01184a99a098fa4f7b5ffd0caf4b96e4eb64a91bfbc6cfc84e1934e58c82cbe0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24E0C272F08210DBD710FBB4AE899AE3274DB403A9B10453BF503F20C1D6B89C8196EE
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040583D, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                                                                			E0040583D(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                                                                                                                                0x00405841
                                                                                                                                                                                                                                0x0040584e
                                                                                                                                                                                                                                0x00405863
                                                                                                                                                                                                                                0x00405869

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\mp3rocket.exe,80000000,00000003), ref: 00405841
                                                                                                                                                                                                                                • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                                                                                                • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                                                                                                                                                • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040581E, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E0040581E(CHAR* _a4) {
				signed char _t3;
				int _t5;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					_t5 = SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
					return _t5;
				}
				return _t3;
			}





                                                                                                                                                                                                                                0x00405822
                                                                                                                                                                                                                                0x0040582b
                                                                                                                                                                                                                                0x00405834
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405834
                                                                                                                                                                                                                                0x0040583a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,00405629,?,?,?), ref: 00405822
                                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405834
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                                                                                                                                • Instruction ID: 89544605ef234ac14ed66c3b065a2d642d1346908a696065e0ba681aeed38476
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8C04CB1808501ABD7056B24EF0D81F7B66EF50325B108B35F5A9E00F0C7355C66DA1A
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402B00, Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                                                                			E00402B00(void* __eflags, void* _a4) {
				signed int _t6;
				char* _t8;
				intOrPtr _t9;
				signed int _t11;

				_t6 =  *0x423f50; // 0x0
				_t8 = E004029F6(0x22);
				_t9 =  *0x409b68; // 0x19f24c
				_t11 = RegOpenKeyExA(E00402AEB( *((intOrPtr*)(_t9 + 4))), _t8, 0, _t6 | _a4,  &_a4); // executed
				asm("sbb eax, eax");
				return  !( ~_t11) & _a4;
			}







                                                                                                                                                                                                                                0x00402b07
                                                                                                                                                                                                                                0x00402b14
                                                                                                                                                                                                                                0x00402b1a
                                                                                                                                                                                                                                0x00402b28
                                                                                                                                                                                                                                0x00402b30
                                                                                                                                                                                                                                0x00402b38

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                                                                • Opcode ID: b5dfad00fa1cd151fd60990f5b06a3c2bada7c6ed29f77274f64d0dacc55a64b
                                                                                                                                                                                                                                • Instruction ID: c0cb2249de0b0b7c7cf81be38287cf815beb59390f5746c35b3b1e544e0707b9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5dfad00fa1cd151fd60990f5b06a3c2bada7c6ed29f77274f64d0dacc55a64b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BFE08676640108BFDB50DFA4ED4BFD637ECB704340F008421B608D7091C678F5409B68
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004031BF, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E004031BF(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                                                                                                0x004031c3
                                                                                                                                                                                                                                0x004031d6
                                                                                                                                                                                                                                0x004031de
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004031e5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004031e7

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00413040,0040B040,004030C4,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000), ref: 004031D6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                                                                                                                                • Instruction ID: 4c5c04567c480c11bae84e94003d2882b37cb3083c3cc1db03504fe221b835f3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DAE08631500119BBCF215E619C00A973B5CEB09362F008033FA04E9190D532DB109BA5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 10002930, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x10004038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x1000404c, 4, 0x40, 0x1000403c); // executed
					 *0x1000404c = 0xc2;
					 *0x1000403c = 0;
					 *0x10004044 = 0;
					 *0x10004054 = 0;
					 *0x10004048 = 0;
					 *0x10004040 = 0;
					 *0x1000404e = 0;
				}
				return 1;
			}



                                                                                                                                                                                                                                0x10002939
                                                                                                                                                                                                                                0x1000293e
                                                                                                                                                                                                                                0x1000294e
                                                                                                                                                                                                                                0x10002956
                                                                                                                                                                                                                                0x1000295d
                                                                                                                                                                                                                                0x10002962
                                                                                                                                                                                                                                0x10002967
                                                                                                                                                                                                                                0x1000296c
                                                                                                                                                                                                                                0x10002971
                                                                                                                                                                                                                                0x10002976
                                                                                                                                                                                                                                0x10002976
                                                                                                                                                                                                                                0x1000297e

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 1000294E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1690752483.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690732782.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690765129.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690776803.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                • Opcode ID: 34d967791fa0c81937acb5e832d60935bd6fac481f559dacb71f15d92aed8369
                                                                                                                                                                                                                                • Instruction ID: 48d6293a520ab1310b80528f385a012c899c9e0ceb66e9e696cbd892b99779f9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34d967791fa0c81937acb5e832d60935bd6fac481f559dacb71f15d92aed8369
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BE0AEF15092A0DEF360DF688CC47023EE4A3983C5B03842AE348F6269EB3841448B19
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403F18, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00403F18(intOrPtr _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_t7 = SetDlgItemTextA(_v4, _v0 + 0x3e8, E00405B88(_t8, _t9, _t10, 0, _a12)); // executed
				return _t7;
			}









                                                                                                                                                                                                                                0x00403f32
                                                                                                                                                                                                                                0x00403f37

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,?,00000000), ref: 00403F32
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ItemText
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3367045223-0
                                                                                                                                                                                                                                • Opcode ID: e65bc35160ed5513600404499191e6285347109cacf77d99fb514981775c36ca
                                                                                                                                                                                                                                • Instruction ID: 32956ba5a052c000d200729fffd4f2c944d874cb1110b62223aa4bdd109d9e57
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e65bc35160ed5513600404499191e6285347109cacf77d99fb514981775c36ca
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4C08C31048200BFD241AB04CC42F1FB3A8EFA0327F00C92EB05CE00D2C634D420CE2A
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403F4D, Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00403F4D(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x423ea8, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                                                                                                                                0x00403f5b
                                                                                                                                                                                                                                0x00403f61

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                • Opcode ID: 5380ca26047a56ac044db27ec5452a3d407db4c462228856e9187df95d64c5b6
                                                                                                                                                                                                                                • Instruction ID: 0662716cb4741bc9db58cdf5bc89cb1196afa115b106f7c4ea820954fb206898
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5380ca26047a56ac044db27ec5452a3d407db4c462228856e9187df95d64c5b6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17B09276685201BADA215B10DE09F457E62E764702F018064B204240B0C6B200A5DB09
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004031F1, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E004031F1(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                                                                                                                                0x004031ff
                                                                                                                                                                                                                                0x00403205

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,000113E4), ref: 004031FF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                                                                • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                                                                                                                                • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004014D6, Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E004014D6() {
				long _t2;
				void* _t6;
				void* _t10;

				_t2 = E004029D9(_t6);
				if(_t2 <= 1) {
					_t2 = 1;
				}
				Sleep(_t2); // executed
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t10 - 4));
				return 0;
			}






                                                                                                                                                                                                                                0x004014d7
                                                                                                                                                                                                                                0x004014df
                                                                                                                                                                                                                                0x004014e3
                                                                                                                                                                                                                                0x004014e3
                                                                                                                                                                                                                                0x004014e5
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • Sleep.KERNELBASE(00000000), ref: 004014E5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                                • Opcode ID: 7f2b96c0ac7e3adfbfa05993655b8384a5a1308702b52abfe92519b2179cd3a1
                                                                                                                                                                                                                                • Instruction ID: 0e7ad585a1f0adefe16d4622bd579cc52ea23b171ff9c05291141f9a24cab872
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f2b96c0ac7e3adfbfa05993655b8384a5a1308702b52abfe92519b2179cd3a1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5D0C977B146009BD750EBB8AE8945A73A8EB5136A3204937D903E20D2E57CC942965D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 10001541, Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E10001541() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x10004058); // executed
				return _t1;
			}




                                                                                                                                                                                                                                0x10001549
                                                                                                                                                                                                                                0x1000154f

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,10001577,?,?,10001804,?,10001017), ref: 10001549
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1690752483.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690732782.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690765129.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690776803.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocGlobal
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3761449716-0
                                                                                                                                                                                                                                • Opcode ID: 7b5eed81e2901482d8b61a1c6600ff8eb3952a21cb33a114867dcac47047f9af
                                                                                                                                                                                                                                • Instruction ID: 305db27d9feb3ad942446de8fc5e9d5ce911d10906235a569225c64140842302
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b5eed81e2901482d8b61a1c6600ff8eb3952a21cb33a114867dcac47047f9af
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86A002B25415609BFE466BD08D9EF463F25F744781F128040E719650B8CA750064DF19
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 00405042, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                			E00405042(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t112;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423684; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404FD6, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405B88(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x4204a0;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42366c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423ea8, 8);
							__eflags =  *0x423f2c - _t149; // 0x0
							if(__eflags == 0) {
								_t112 =  *0x41fc70; // 0x54071c
								E00404F04( *((intOrPtr*)(_t112 + 0x34)), _t149);
							}
							E00403EF1(1);
							goto L25;
						}
						 *0x41f868 = 2;
						E00403EF1(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403F7F(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t149);
						ShowWindow(_t154, 8);
						E00403F4D(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423eb0; // 0x5405b0
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t127;
				_v8 = _t127;
				E00403F4D( *0x423670);
				 *0x423674 = E004047A6(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403F18(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t149);
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403F4D( *0x423668);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}



































                                                                                                                                                                                                                                0x0040504b
                                                                                                                                                                                                                                0x00405051
                                                                                                                                                                                                                                0x0040505a
                                                                                                                                                                                                                                0x0040505d
                                                                                                                                                                                                                                0x004051ee
                                                                                                                                                                                                                                0x004051f5
                                                                                                                                                                                                                                0x00405219
                                                                                                                                                                                                                                0x00405219
                                                                                                                                                                                                                                0x0040521f
                                                                                                                                                                                                                                0x0040522c
                                                                                                                                                                                                                                0x0040524a
                                                                                                                                                                                                                                0x0040524a
                                                                                                                                                                                                                                0x00405251
                                                                                                                                                                                                                                0x004052a8
                                                                                                                                                                                                                                0x004052a8
                                                                                                                                                                                                                                0x004052ac
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004052ae
                                                                                                                                                                                                                                0x004052b1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004052bb
                                                                                                                                                                                                                                0x004052c1
                                                                                                                                                                                                                                0x004052c3
                                                                                                                                                                                                                                0x004052c6
                                                                                                                                                                                                                                0x004053bf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004053bf
                                                                                                                                                                                                                                0x004052d5
                                                                                                                                                                                                                                0x004052e1
                                                                                                                                                                                                                                0x004052e7
                                                                                                                                                                                                                                0x004052ea
                                                                                                                                                                                                                                0x004052ed
                                                                                                                                                                                                                                0x00405302
                                                                                                                                                                                                                                0x00405305
                                                                                                                                                                                                                                0x00405305
                                                                                                                                                                                                                                0x00405308
                                                                                                                                                                                                                                0x004052ef
                                                                                                                                                                                                                                0x004052f4
                                                                                                                                                                                                                                0x004052fa
                                                                                                                                                                                                                                0x004052fd
                                                                                                                                                                                                                                0x004052fd
                                                                                                                                                                                                                                0x00405318
                                                                                                                                                                                                                                0x00405320
                                                                                                                                                                                                                                0x00405321
                                                                                                                                                                                                                                0x00405323
                                                                                                                                                                                                                                0x0040532c
                                                                                                                                                                                                                                0x0040532f
                                                                                                                                                                                                                                0x00405336
                                                                                                                                                                                                                                0x0040533d
                                                                                                                                                                                                                                0x00405345
                                                                                                                                                                                                                                0x00405345
                                                                                                                                                                                                                                0x00405353
                                                                                                                                                                                                                                0x00405359
                                                                                                                                                                                                                                0x0040535c
                                                                                                                                                                                                                                0x0040535c
                                                                                                                                                                                                                                0x00405363
                                                                                                                                                                                                                                0x00405369
                                                                                                                                                                                                                                0x00405372
                                                                                                                                                                                                                                0x00405379
                                                                                                                                                                                                                                0x00405382
                                                                                                                                                                                                                                0x00405384
                                                                                                                                                                                                                                0x00405387
                                                                                                                                                                                                                                0x00405396
                                                                                                                                                                                                                                0x00405398
                                                                                                                                                                                                                                0x0040539e
                                                                                                                                                                                                                                0x0040539f
                                                                                                                                                                                                                                0x004053a0
                                                                                                                                                                                                                                0x004053a0
                                                                                                                                                                                                                                0x004053a8
                                                                                                                                                                                                                                0x004053b3
                                                                                                                                                                                                                                0x004053b9
                                                                                                                                                                                                                                0x004053b9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405323
                                                                                                                                                                                                                                0x00405253
                                                                                                                                                                                                                                0x00405259
                                                                                                                                                                                                                                0x00405289
                                                                                                                                                                                                                                0x0040528b
                                                                                                                                                                                                                                0x00405291
                                                                                                                                                                                                                                0x00405293
                                                                                                                                                                                                                                0x0040529c
                                                                                                                                                                                                                                0x0040529c
                                                                                                                                                                                                                                0x004052a3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004052a3
                                                                                                                                                                                                                                0x0040525d
                                                                                                                                                                                                                                0x00405267
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040522e
                                                                                                                                                                                                                                0x0040522e
                                                                                                                                                                                                                                0x00405234
                                                                                                                                                                                                                                0x0040526c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405275
                                                                                                                                                                                                                                0x0040523d
                                                                                                                                                                                                                                0x00405242
                                                                                                                                                                                                                                0x00405245
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405245
                                                                                                                                                                                                                                0x0040522c
                                                                                                                                                                                                                                0x00405063
                                                                                                                                                                                                                                0x00405067
                                                                                                                                                                                                                                0x00405070
                                                                                                                                                                                                                                0x00405077
                                                                                                                                                                                                                                0x0040507a
                                                                                                                                                                                                                                0x0040507d
                                                                                                                                                                                                                                0x00405080
                                                                                                                                                                                                                                0x00405081
                                                                                                                                                                                                                                0x00405082
                                                                                                                                                                                                                                0x0040509b
                                                                                                                                                                                                                                0x0040509e
                                                                                                                                                                                                                                0x004050a8
                                                                                                                                                                                                                                0x004050b7
                                                                                                                                                                                                                                0x004050bf
                                                                                                                                                                                                                                0x004050c7
                                                                                                                                                                                                                                0x004050cc
                                                                                                                                                                                                                                0x004050cf
                                                                                                                                                                                                                                0x004050db
                                                                                                                                                                                                                                0x004050e4
                                                                                                                                                                                                                                0x004050ed
                                                                                                                                                                                                                                0x00405110
                                                                                                                                                                                                                                0x00405116
                                                                                                                                                                                                                                0x00405127
                                                                                                                                                                                                                                0x0040512c
                                                                                                                                                                                                                                0x0040513a
                                                                                                                                                                                                                                0x00405148
                                                                                                                                                                                                                                0x00405148
                                                                                                                                                                                                                                0x0040514d
                                                                                                                                                                                                                                0x0040515b
                                                                                                                                                                                                                                0x0040515b
                                                                                                                                                                                                                                0x00405160
                                                                                                                                                                                                                                0x00405163
                                                                                                                                                                                                                                0x00405168
                                                                                                                                                                                                                                0x00405174
                                                                                                                                                                                                                                0x0040517d
                                                                                                                                                                                                                                0x0040518a
                                                                                                                                                                                                                                0x00405199
                                                                                                                                                                                                                                0x0040518c
                                                                                                                                                                                                                                0x00405191
                                                                                                                                                                                                                                0x00405191
                                                                                                                                                                                                                                0x004051a5
                                                                                                                                                                                                                                0x004051a5
                                                                                                                                                                                                                                0x004051b9
                                                                                                                                                                                                                                0x004051c2
                                                                                                                                                                                                                                0x004051cb
                                                                                                                                                                                                                                0x004051db
                                                                                                                                                                                                                                0x004051e7
                                                                                                                                                                                                                                0x004051e7
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 004050A1
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 004050B0
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 004050ED
                                                                                                                                                                                                                                • GetSystemMetrics.USER32 ref: 004050F5
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 00405116
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 00405127
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 0040513A
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 00405148
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 0040515B
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040517D
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405191
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 004051B2
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 004051C2
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 004051DB
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 004051E7
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 004050BF
                                                                                                                                                                                                                                  • Part of subcall function 00403F4D: SendMessageA.USER32 ref: 00403F5B
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 00405204
                                                                                                                                                                                                                                • CreateThread.KERNEL32 ref: 00405212
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00405219
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 0040523D
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000008), ref: 00405242
                                                                                                                                                                                                                                • ShowWindow.USER32(00000008), ref: 00405289
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 004052BB
                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 004052CC
                                                                                                                                                                                                                                • AppendMenuA.USER32 ref: 004052E1
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 004052F4
                                                                                                                                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405318
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 00405353
                                                                                                                                                                                                                                • OpenClipboard.USER32 ref: 00405363
                                                                                                                                                                                                                                • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405369
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405372
                                                                                                                                                                                                                                • GlobalLock.KERNEL32 ref: 0040537C
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 00405390
                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004053A8
                                                                                                                                                                                                                                • SetClipboardData.USER32 ref: 004053B3
                                                                                                                                                                                                                                • CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 004053B9
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                • String ID: {
                                                                                                                                                                                                                                • API String ID: 590372296-366298937
                                                                                                                                                                                                                                • Opcode ID: 15bcaaf7b9c2500fdfc7a15f58e923324fe2155ddd01929f033f26ccd8a03658
                                                                                                                                                                                                                                • Instruction ID: b28aa7ce0402c6385ba5b6cd868a6258f1d07b471923b7bae974b2a68da01879
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15bcaaf7b9c2500fdfc7a15f58e923324fe2155ddd01929f033f26ccd8a03658
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34A14870904208FFDB219F60DD89AAE7F79FB08355F00417AFA05BA2A0C7795A41DF69
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404853, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                                                                			E00404853(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8; // 0x54089c
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423eb0; // 0x5405b0
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423eb9 & 0x00000002;
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004047D3(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423eb8; // 0x81
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x42047c;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x420494;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x42047c = _t315;
									 *0x420494 = _t315;
									 *0x423f00 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423eb9 & 0x00000001;
										if(( *0x423eb9 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423ecc - _t315; // 0x6
										_v32 =  *0x420494;
										_t196 =  *0x423ec8; // 0x54089c
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42367c; // 0x559062
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E004046F1(0x3ff, 0xfffffffb, E004047A6(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x5408a4
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x5408b4
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423ecc; // 0x6
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x420494);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423f00 = _a4;
					_t247 =  *0x423ecc; // 0x6
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420494 = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420488 =  *0x420488 | 0xffffffff;
					_v24 = _t250;
					 *0x420490 = SetWindowLongA(_v8, 0xfffffffc, E00404E54);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42047c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42047c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405B88(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403F18(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403F18(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423ecc - _t318; // 0x6
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420494 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420494 + _t318 * 4) = _t274;
									_t288 =  *( *0x420494 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423ecc; // 0x6
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403F4D(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403F4D(_v12);
								L89:
								return E00403F7F(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                                                                                                                                                                                                                                0x00404871
                                                                                                                                                                                                                                0x00404877
                                                                                                                                                                                                                                0x00404879
                                                                                                                                                                                                                                0x0040487f
                                                                                                                                                                                                                                0x00404885
                                                                                                                                                                                                                                0x00404888
                                                                                                                                                                                                                                0x00404892
                                                                                                                                                                                                                                0x0040489b
                                                                                                                                                                                                                                0x0040489e
                                                                                                                                                                                                                                0x004048a1
                                                                                                                                                                                                                                0x00404ac9
                                                                                                                                                                                                                                0x00404ac9
                                                                                                                                                                                                                                0x00404ad0
                                                                                                                                                                                                                                0x00404ae4
                                                                                                                                                                                                                                0x00404ad2
                                                                                                                                                                                                                                0x00404ad4
                                                                                                                                                                                                                                0x00404ad7
                                                                                                                                                                                                                                0x00404ad8
                                                                                                                                                                                                                                0x00404adf
                                                                                                                                                                                                                                0x00404adf
                                                                                                                                                                                                                                0x00404ae7
                                                                                                                                                                                                                                0x00404af0
                                                                                                                                                                                                                                0x00404afb
                                                                                                                                                                                                                                0x00404afb
                                                                                                                                                                                                                                0x00404afe
                                                                                                                                                                                                                                0x00404b01
                                                                                                                                                                                                                                0x00404b10
                                                                                                                                                                                                                                0x00404b10
                                                                                                                                                                                                                                0x00404b17
                                                                                                                                                                                                                                0x00404b8f
                                                                                                                                                                                                                                0x00404b8f
                                                                                                                                                                                                                                0x00404b92
                                                                                                                                                                                                                                0x00404b94
                                                                                                                                                                                                                                0x00404b97
                                                                                                                                                                                                                                0x00404b9e
                                                                                                                                                                                                                                0x00404bac
                                                                                                                                                                                                                                0x00404bac
                                                                                                                                                                                                                                0x00404bae
                                                                                                                                                                                                                                0x00404bb1
                                                                                                                                                                                                                                0x00404bb8
                                                                                                                                                                                                                                0x00404bba
                                                                                                                                                                                                                                0x00404bbe
                                                                                                                                                                                                                                0x00404bdb
                                                                                                                                                                                                                                0x00404bdf
                                                                                                                                                                                                                                0x00404bdf
                                                                                                                                                                                                                                0x00404bc0
                                                                                                                                                                                                                                0x00404bcd
                                                                                                                                                                                                                                0x00404bcd
                                                                                                                                                                                                                                0x00404bbe
                                                                                                                                                                                                                                0x00404bb8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404b92
                                                                                                                                                                                                                                0x00404b19
                                                                                                                                                                                                                                0x00404b1c
                                                                                                                                                                                                                                0x00404b27
                                                                                                                                                                                                                                0x00404b29
                                                                                                                                                                                                                                0x00404b2c
                                                                                                                                                                                                                                0x00404b33
                                                                                                                                                                                                                                0x00404b38
                                                                                                                                                                                                                                0x00404b3a
                                                                                                                                                                                                                                0x00404b44
                                                                                                                                                                                                                                0x00404b44
                                                                                                                                                                                                                                0x00404b48
                                                                                                                                                                                                                                0x00404b4a
                                                                                                                                                                                                                                0x00404b4d
                                                                                                                                                                                                                                0x00404b4f
                                                                                                                                                                                                                                0x00404b52
                                                                                                                                                                                                                                0x00404b68
                                                                                                                                                                                                                                0x00404b68
                                                                                                                                                                                                                                0x00404b54
                                                                                                                                                                                                                                0x00404b54
                                                                                                                                                                                                                                0x00404b5a
                                                                                                                                                                                                                                0x00404b5c
                                                                                                                                                                                                                                0x00404b63
                                                                                                                                                                                                                                0x00404b5e
                                                                                                                                                                                                                                0x00404b5e
                                                                                                                                                                                                                                0x00404b5e
                                                                                                                                                                                                                                0x00404b5c
                                                                                                                                                                                                                                0x00404b6c
                                                                                                                                                                                                                                0x00404b6e
                                                                                                                                                                                                                                0x00404b73
                                                                                                                                                                                                                                0x00404b7c
                                                                                                                                                                                                                                0x00404b7d
                                                                                                                                                                                                                                0x00404b87
                                                                                                                                                                                                                                0x00404b87
                                                                                                                                                                                                                                0x00404b89
                                                                                                                                                                                                                                0x00404b8c
                                                                                                                                                                                                                                0x00404b8c
                                                                                                                                                                                                                                0x00404b4d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404b3a
                                                                                                                                                                                                                                0x00404b1e
                                                                                                                                                                                                                                0x00404b21
                                                                                                                                                                                                                                0x00404b25
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404b25
                                                                                                                                                                                                                                0x00404b03
                                                                                                                                                                                                                                0x00404b0a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404af2
                                                                                                                                                                                                                                0x00404af2
                                                                                                                                                                                                                                0x00404af5
                                                                                                                                                                                                                                0x00404be2
                                                                                                                                                                                                                                0x00404be2
                                                                                                                                                                                                                                0x00404be9
                                                                                                                                                                                                                                0x00404c5d
                                                                                                                                                                                                                                0x00404c5d
                                                                                                                                                                                                                                0x00404c64
                                                                                                                                                                                                                                0x00404c70
                                                                                                                                                                                                                                0x00404c70
                                                                                                                                                                                                                                0x00404c72
                                                                                                                                                                                                                                0x00404c79
                                                                                                                                                                                                                                0x00404c7b
                                                                                                                                                                                                                                0x00404c80
                                                                                                                                                                                                                                0x00404c82
                                                                                                                                                                                                                                0x00404c85
                                                                                                                                                                                                                                0x00404c85
                                                                                                                                                                                                                                0x00404c8b
                                                                                                                                                                                                                                0x00404c90
                                                                                                                                                                                                                                0x00404c92
                                                                                                                                                                                                                                0x00404c95
                                                                                                                                                                                                                                0x00404c95
                                                                                                                                                                                                                                0x00404c9b
                                                                                                                                                                                                                                0x00404ca1
                                                                                                                                                                                                                                0x00404ca7
                                                                                                                                                                                                                                0x00404ca7
                                                                                                                                                                                                                                0x00404cad
                                                                                                                                                                                                                                0x00404cb4
                                                                                                                                                                                                                                0x00404e01
                                                                                                                                                                                                                                0x00404e01
                                                                                                                                                                                                                                0x00404e08
                                                                                                                                                                                                                                0x00404e0a
                                                                                                                                                                                                                                0x00404e11
                                                                                                                                                                                                                                0x00404e15
                                                                                                                                                                                                                                0x00404e22
                                                                                                                                                                                                                                0x00404e22
                                                                                                                                                                                                                                0x00404e25
                                                                                                                                                                                                                                0x00404e2b
                                                                                                                                                                                                                                0x00404e3d
                                                                                                                                                                                                                                0x00404e3d
                                                                                                                                                                                                                                0x00404e11
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404cba
                                                                                                                                                                                                                                0x00404cbc
                                                                                                                                                                                                                                0x00404cc1
                                                                                                                                                                                                                                0x00404cc4
                                                                                                                                                                                                                                0x00404cc8
                                                                                                                                                                                                                                0x00404cc8
                                                                                                                                                                                                                                0x00404ccd
                                                                                                                                                                                                                                0x00404cd0
                                                                                                                                                                                                                                0x00404d11
                                                                                                                                                                                                                                0x00404d13
                                                                                                                                                                                                                                0x00404d1d
                                                                                                                                                                                                                                0x00404d23
                                                                                                                                                                                                                                0x00404d26
                                                                                                                                                                                                                                0x00404d2b
                                                                                                                                                                                                                                0x00404d32
                                                                                                                                                                                                                                0x00404d35
                                                                                                                                                                                                                                0x00404dd7
                                                                                                                                                                                                                                0x00404ddd
                                                                                                                                                                                                                                0x00404de3
                                                                                                                                                                                                                                0x00404de8
                                                                                                                                                                                                                                0x00404deb
                                                                                                                                                                                                                                0x00404dfc
                                                                                                                                                                                                                                0x00404dfc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404d3b
                                                                                                                                                                                                                                0x00404d3b
                                                                                                                                                                                                                                0x00404d3b
                                                                                                                                                                                                                                0x00404d3e
                                                                                                                                                                                                                                0x00404d44
                                                                                                                                                                                                                                0x00404d47
                                                                                                                                                                                                                                0x00404d49
                                                                                                                                                                                                                                0x00404d4b
                                                                                                                                                                                                                                0x00404d4d
                                                                                                                                                                                                                                0x00404d50
                                                                                                                                                                                                                                0x00404d53
                                                                                                                                                                                                                                0x00404d5a
                                                                                                                                                                                                                                0x00404d5c
                                                                                                                                                                                                                                0x00404d5f
                                                                                                                                                                                                                                0x00404d66
                                                                                                                                                                                                                                0x00404d69
                                                                                                                                                                                                                                0x00404d69
                                                                                                                                                                                                                                0x00404d69
                                                                                                                                                                                                                                0x00404d69
                                                                                                                                                                                                                                0x00404d6d
                                                                                                                                                                                                                                0x00404d70
                                                                                                                                                                                                                                0x00404d7c
                                                                                                                                                                                                                                0x00404d7d
                                                                                                                                                                                                                                0x00404d80
                                                                                                                                                                                                                                0x00404d82
                                                                                                                                                                                                                                0x00404d82
                                                                                                                                                                                                                                0x00404d82
                                                                                                                                                                                                                                0x00404d72
                                                                                                                                                                                                                                0x00404d74
                                                                                                                                                                                                                                0x00404d74
                                                                                                                                                                                                                                0x00404da1
                                                                                                                                                                                                                                0x00404da1
                                                                                                                                                                                                                                0x00404da2
                                                                                                                                                                                                                                0x00404dae
                                                                                                                                                                                                                                0x00404dbd
                                                                                                                                                                                                                                0x00404dbd
                                                                                                                                                                                                                                0x00404dbf
                                                                                                                                                                                                                                0x00404dc2
                                                                                                                                                                                                                                0x00404dcb
                                                                                                                                                                                                                                0x00404dcb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404d3e
                                                                                                                                                                                                                                0x00404cd2
                                                                                                                                                                                                                                0x00404cdd
                                                                                                                                                                                                                                0x00404ce0
                                                                                                                                                                                                                                0x00404ce5
                                                                                                                                                                                                                                0x00404ce7
                                                                                                                                                                                                                                0x00404ce9
                                                                                                                                                                                                                                0x00404ceb
                                                                                                                                                                                                                                0x00404cfb
                                                                                                                                                                                                                                0x00404d05
                                                                                                                                                                                                                                0x00404d07
                                                                                                                                                                                                                                0x00404d0a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404ced
                                                                                                                                                                                                                                0x00404ced
                                                                                                                                                                                                                                0x00404ced
                                                                                                                                                                                                                                0x00404cf0
                                                                                                                                                                                                                                0x00404cf3
                                                                                                                                                                                                                                0x00404cf5
                                                                                                                                                                                                                                0x00404cf5
                                                                                                                                                                                                                                0x00404cf5
                                                                                                                                                                                                                                0x00404cf6
                                                                                                                                                                                                                                0x00404cf7
                                                                                                                                                                                                                                0x00404cf7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404ced
                                                                                                                                                                                                                                0x00404cd0
                                                                                                                                                                                                                                0x00404cb4
                                                                                                                                                                                                                                0x00404beb
                                                                                                                                                                                                                                0x00404bf1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404bfd
                                                                                                                                                                                                                                0x00404c01
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404c11
                                                                                                                                                                                                                                0x00404c13
                                                                                                                                                                                                                                0x00404c16
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404c28
                                                                                                                                                                                                                                0x00404c2a
                                                                                                                                                                                                                                0x00404c2d
                                                                                                                                                                                                                                0x00404c37
                                                                                                                                                                                                                                0x00404c39
                                                                                                                                                                                                                                0x00404c3a
                                                                                                                                                                                                                                0x00404c3b
                                                                                                                                                                                                                                0x00404c4a
                                                                                                                                                                                                                                0x00404c4c
                                                                                                                                                                                                                                0x00404c53
                                                                                                                                                                                                                                0x00404c56
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404c56
                                                                                                                                                                                                                                0x00404c2f
                                                                                                                                                                                                                                0x00404c32
                                                                                                                                                                                                                                0x00404c35
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404c35
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404af5
                                                                                                                                                                                                                                0x004048a7
                                                                                                                                                                                                                                0x004048ac
                                                                                                                                                                                                                                0x004048b1
                                                                                                                                                                                                                                0x004048b6
                                                                                                                                                                                                                                0x004048b7
                                                                                                                                                                                                                                0x004048c0
                                                                                                                                                                                                                                0x004048cb
                                                                                                                                                                                                                                0x004048d6
                                                                                                                                                                                                                                0x004048dc
                                                                                                                                                                                                                                0x004048ea
                                                                                                                                                                                                                                0x004048ff
                                                                                                                                                                                                                                0x00404904
                                                                                                                                                                                                                                0x0040490f
                                                                                                                                                                                                                                0x00404918
                                                                                                                                                                                                                                0x0040492d
                                                                                                                                                                                                                                0x0040493e
                                                                                                                                                                                                                                0x0040494b
                                                                                                                                                                                                                                0x0040494b
                                                                                                                                                                                                                                0x00404950
                                                                                                                                                                                                                                0x00404956
                                                                                                                                                                                                                                0x00404958
                                                                                                                                                                                                                                0x0040495b
                                                                                                                                                                                                                                0x00404960
                                                                                                                                                                                                                                0x00404965
                                                                                                                                                                                                                                0x00404967
                                                                                                                                                                                                                                0x00404967
                                                                                                                                                                                                                                0x00404987
                                                                                                                                                                                                                                0x00404987
                                                                                                                                                                                                                                0x00404989
                                                                                                                                                                                                                                0x0040498a
                                                                                                                                                                                                                                0x0040498f
                                                                                                                                                                                                                                0x00404992
                                                                                                                                                                                                                                0x00404995
                                                                                                                                                                                                                                0x00404999
                                                                                                                                                                                                                                0x0040499e
                                                                                                                                                                                                                                0x004049a3
                                                                                                                                                                                                                                0x004049a7
                                                                                                                                                                                                                                0x004049ac
                                                                                                                                                                                                                                0x004049b1
                                                                                                                                                                                                                                0x004049b3
                                                                                                                                                                                                                                0x004049b5
                                                                                                                                                                                                                                0x004049bb
                                                                                                                                                                                                                                0x00404a85
                                                                                                                                                                                                                                0x00404a98
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004049c1
                                                                                                                                                                                                                                0x004049c4
                                                                                                                                                                                                                                0x004049c7
                                                                                                                                                                                                                                0x004049ca
                                                                                                                                                                                                                                0x004049ca
                                                                                                                                                                                                                                0x004049d0
                                                                                                                                                                                                                                0x004049d6
                                                                                                                                                                                                                                0x004049d9
                                                                                                                                                                                                                                0x004049df
                                                                                                                                                                                                                                0x004049e0
                                                                                                                                                                                                                                0x004049e5
                                                                                                                                                                                                                                0x004049ee
                                                                                                                                                                                                                                0x004049f5
                                                                                                                                                                                                                                0x004049f8
                                                                                                                                                                                                                                0x004049fb
                                                                                                                                                                                                                                0x004049fe
                                                                                                                                                                                                                                0x00404a38
                                                                                                                                                                                                                                0x00404a3a
                                                                                                                                                                                                                                0x00404a63
                                                                                                                                                                                                                                0x00404a3c
                                                                                                                                                                                                                                0x00404a49
                                                                                                                                                                                                                                0x00404a49
                                                                                                                                                                                                                                0x00404a00
                                                                                                                                                                                                                                0x00404a03
                                                                                                                                                                                                                                0x00404a12
                                                                                                                                                                                                                                0x00404a1c
                                                                                                                                                                                                                                0x00404a24
                                                                                                                                                                                                                                0x00404a2b
                                                                                                                                                                                                                                0x00404a33
                                                                                                                                                                                                                                0x00404a33
                                                                                                                                                                                                                                0x004049fe
                                                                                                                                                                                                                                0x00404a69
                                                                                                                                                                                                                                0x00404a6a
                                                                                                                                                                                                                                0x00404a70
                                                                                                                                                                                                                                0x00404a76
                                                                                                                                                                                                                                0x00404a76
                                                                                                                                                                                                                                0x00404a83
                                                                                                                                                                                                                                0x00404a9e
                                                                                                                                                                                                                                0x00404aa2
                                                                                                                                                                                                                                0x00404abf
                                                                                                                                                                                                                                0x00404ac4
                                                                                                                                                                                                                                0x00404ac7
                                                                                                                                                                                                                                0x00404ac7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404aa4
                                                                                                                                                                                                                                0x00404aa9
                                                                                                                                                                                                                                0x00404ab2
                                                                                                                                                                                                                                0x00404e3f
                                                                                                                                                                                                                                0x00404e51
                                                                                                                                                                                                                                0x00404e51
                                                                                                                                                                                                                                0x00404aa2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404a83
                                                                                                                                                                                                                                0x004049bb

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                • String ID: $M$N
                                                                                                                                                                                                                                • API String ID: 1638840714-813528018
                                                                                                                                                                                                                                • Opcode ID: bc836f97d9874f4f727094095d6c382577d8705a5fdd7ffcfefc5c205b7b8112
                                                                                                                                                                                                                                • Instruction ID: 91af9d563adbb526dddc39620d8b288a2aea1bcbb5731436b9e02a5cfbe7d22d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc836f97d9874f4f727094095d6c382577d8705a5fdd7ffcfefc5c205b7b8112
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB029FB0E00209AFDB21DF54DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404356, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                                                			E00404356(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				signed int* _t145;
				intOrPtr _t147;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc70; // 0x54071c
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040540B(0x3fb, _t162);
					E00405DC8(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040540B(0x3fb, _t162);
							if(E0040573A(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E00405B66(0x41f468, _t162);
							_t145 = 0;
							_t86 = E00405E88(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405B66(0x41f468, _t162);
								_t88 = E004056ED(0x41f468);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f468,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f468) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f468,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E004056A0(0x41f468) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f468) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E004047A6(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								_t147 =  *0x42367c; // 0x559062
								if( *((intOrPtr*)(_t147 + 0x10)) != _t145) {
									E004046F1(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f458);
									} else {
										E004046F1(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403F3A(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x42048c == _t145) {
									E004042EB();
								}
								 *0x42048c = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x4204a0;
							_v56 = E0040468B;
							_v52 = _t162;
							_v64 = E00405B88(0x3fb, 0x4204a0, _t162, 0x41f870, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405659(_t162);
								_t124 =  *0x423eb0; // 0x5405b0
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t162 == "C:\\Program Files (x86)\\MP3 Rocket") {
									E00405B88(0x3fb, 0x4204a0, _t162, 0, _t125);
									if(lstrcmpiA(0x422e40, 0x4204a0) != 0) {
										lstrcatA(_t162, 0x422e40);
									}
								}
								 *0x42048c =  &(( *0x42048c)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E004056C6(_t162) != 0 && E004056ED(_t162) == 0) {
						E00405659(_t162);
					}
					 *0x423678 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403F18(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403F18(_t159);
					E00403F4D(_v12);
					_t138 = E00405E88(7);
					if(_t138 == 0) {
						L53:
						return E00403F7F(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}








































                                                                                                                                                                                                                                0x0040435c
                                                                                                                                                                                                                                0x00404363
                                                                                                                                                                                                                                0x0040436f
                                                                                                                                                                                                                                0x0040437d
                                                                                                                                                                                                                                0x00404385
                                                                                                                                                                                                                                0x00404389
                                                                                                                                                                                                                                0x0040438f
                                                                                                                                                                                                                                0x0040438f
                                                                                                                                                                                                                                0x0040439b
                                                                                                                                                                                                                                0x0040440f
                                                                                                                                                                                                                                0x00404416
                                                                                                                                                                                                                                0x004044eb
                                                                                                                                                                                                                                0x004044f2
                                                                                                                                                                                                                                0x00404501
                                                                                                                                                                                                                                0x00404501
                                                                                                                                                                                                                                0x00404505
                                                                                                                                                                                                                                0x0040450b
                                                                                                                                                                                                                                0x00404518
                                                                                                                                                                                                                                0x0040451a
                                                                                                                                                                                                                                0x0040451a
                                                                                                                                                                                                                                0x00404528
                                                                                                                                                                                                                                0x0040452d
                                                                                                                                                                                                                                0x00404530
                                                                                                                                                                                                                                0x00404537
                                                                                                                                                                                                                                0x0040453a
                                                                                                                                                                                                                                0x00404571
                                                                                                                                                                                                                                0x00404573
                                                                                                                                                                                                                                0x00404579
                                                                                                                                                                                                                                0x00404580
                                                                                                                                                                                                                                0x00404582
                                                                                                                                                                                                                                0x00404582
                                                                                                                                                                                                                                0x0040459e
                                                                                                                                                                                                                                0x004045da
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004045a0
                                                                                                                                                                                                                                0x004045a3
                                                                                                                                                                                                                                0x004045b7
                                                                                                                                                                                                                                0x004045b9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004045b9
                                                                                                                                                                                                                                0x0040453c
                                                                                                                                                                                                                                0x00404540
                                                                                                                                                                                                                                0x0040456f
                                                                                                                                                                                                                                0x0040456f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404542
                                                                                                                                                                                                                                0x00404542
                                                                                                                                                                                                                                0x0040454f
                                                                                                                                                                                                                                0x00404554
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404558
                                                                                                                                                                                                                                0x0040455a
                                                                                                                                                                                                                                0x0040455a
                                                                                                                                                                                                                                0x00404565
                                                                                                                                                                                                                                0x00404568
                                                                                                                                                                                                                                0x0040456d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040456d
                                                                                                                                                                                                                                0x004045c8
                                                                                                                                                                                                                                0x004045cf
                                                                                                                                                                                                                                0x004045d6
                                                                                                                                                                                                                                0x004045dd
                                                                                                                                                                                                                                0x004045dd
                                                                                                                                                                                                                                0x004045e2
                                                                                                                                                                                                                                0x004045e4
                                                                                                                                                                                                                                0x004045ec
                                                                                                                                                                                                                                0x004045f2
                                                                                                                                                                                                                                0x004045f2
                                                                                                                                                                                                                                0x004045f9
                                                                                                                                                                                                                                0x00404602
                                                                                                                                                                                                                                0x0040460c
                                                                                                                                                                                                                                0x00404614
                                                                                                                                                                                                                                0x0040462a
                                                                                                                                                                                                                                0x00404616
                                                                                                                                                                                                                                0x0040461a
                                                                                                                                                                                                                                0x0040461a
                                                                                                                                                                                                                                0x00404614
                                                                                                                                                                                                                                0x0040462f
                                                                                                                                                                                                                                0x00404634
                                                                                                                                                                                                                                0x00404639
                                                                                                                                                                                                                                0x00404642
                                                                                                                                                                                                                                0x00404642
                                                                                                                                                                                                                                0x0040464b
                                                                                                                                                                                                                                0x0040464d
                                                                                                                                                                                                                                0x0040464d
                                                                                                                                                                                                                                0x00404659
                                                                                                                                                                                                                                0x00404661
                                                                                                                                                                                                                                0x0040466b
                                                                                                                                                                                                                                0x0040466b
                                                                                                                                                                                                                                0x00404670
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404670
                                                                                                                                                                                                                                0x0040453a
                                                                                                                                                                                                                                0x004044f4
                                                                                                                                                                                                                                0x004044fb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004044fb
                                                                                                                                                                                                                                0x0040441c
                                                                                                                                                                                                                                0x00404422
                                                                                                                                                                                                                                0x0040443c
                                                                                                                                                                                                                                0x00404441
                                                                                                                                                                                                                                0x0040444b
                                                                                                                                                                                                                                0x00404452
                                                                                                                                                                                                                                0x00404461
                                                                                                                                                                                                                                0x00404464
                                                                                                                                                                                                                                0x00404467
                                                                                                                                                                                                                                0x0040446e
                                                                                                                                                                                                                                0x00404476
                                                                                                                                                                                                                                0x00404479
                                                                                                                                                                                                                                0x0040447d
                                                                                                                                                                                                                                0x00404484
                                                                                                                                                                                                                                0x0040448c
                                                                                                                                                                                                                                0x004044e4
                                                                                                                                                                                                                                0x0040448e
                                                                                                                                                                                                                                0x0040448f
                                                                                                                                                                                                                                0x00404496
                                                                                                                                                                                                                                0x0040449b
                                                                                                                                                                                                                                0x004044a0
                                                                                                                                                                                                                                0x004044a8
                                                                                                                                                                                                                                0x004044b5
                                                                                                                                                                                                                                0x004044c9
                                                                                                                                                                                                                                0x004044cd
                                                                                                                                                                                                                                0x004044cd
                                                                                                                                                                                                                                0x004044c9
                                                                                                                                                                                                                                0x004044d2
                                                                                                                                                                                                                                0x004044dd
                                                                                                                                                                                                                                0x004044dd
                                                                                                                                                                                                                                0x0040448c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404441
                                                                                                                                                                                                                                0x0040442f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404435
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040439d
                                                                                                                                                                                                                                0x0040439d
                                                                                                                                                                                                                                0x004043a9
                                                                                                                                                                                                                                0x004043b3
                                                                                                                                                                                                                                0x004043c0
                                                                                                                                                                                                                                0x004043c0
                                                                                                                                                                                                                                0x004043c6
                                                                                                                                                                                                                                0x004043cf
                                                                                                                                                                                                                                0x004043d8
                                                                                                                                                                                                                                0x004043db
                                                                                                                                                                                                                                0x004043de
                                                                                                                                                                                                                                0x004043e6
                                                                                                                                                                                                                                0x004043e9
                                                                                                                                                                                                                                0x004043ec
                                                                                                                                                                                                                                0x004043f4
                                                                                                                                                                                                                                0x004043fb
                                                                                                                                                                                                                                0x00404402
                                                                                                                                                                                                                                0x00404676
                                                                                                                                                                                                                                0x00404688
                                                                                                                                                                                                                                0x00404688
                                                                                                                                                                                                                                0x0040440d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040440d

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 004043A2
                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,?), ref: 004043CF
                                                                                                                                                                                                                                • SHBrowseForFolderA.SHELL32(?,0041F870,?), ref: 00404484
                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 0040448F
                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(100,004204A0,00000000,?,?), ref: 004044C1
                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,100), ref: 004044CD
                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004044DD
                                                                                                                                                                                                                                  • Part of subcall function 0040540B: GetDlgItemTextA.USER32 ref: 0040541E
                                                                                                                                                                                                                                  • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\mp3rocket.exe" ,C:\Users\user~1\AppData\Local\Temp\,00000000,00403214,C:\Users\user~1\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                                                                                                                                  • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                                                                                                                                  • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\mp3rocket.exe" ,C:\Users\user~1\AppData\Local\Temp\,00000000,00403214,C:\Users\user~1\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                                                                                                                                  • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\mp3rocket.exe" ,C:\Users\user~1\AppData\Local\Temp\,00000000,00403214,C:\Users\user~1\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                                                                                                                                • GetDiskFreeSpaceA.KERNEL32(0041F468,?,?,0000040F,?,0041F468,0041F468,?,00000000,0041F468,?,?,000003FB,?), ref: 00404596
                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B1
                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(00000000,00000400,0041F458), ref: 0040462A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                                                                                                                                                • String ID: 100$A$C:\Program Files (x86)\MP3 Rocket
                                                                                                                                                                                                                                • API String ID: 2246997448-2559841025
                                                                                                                                                                                                                                • Opcode ID: 8a3aad76447270b687e8e1509915f8df1e24d5d4c23db986a95c4726ded8d1ea
                                                                                                                                                                                                                                • Instruction ID: fa341535892c43c3a67d7fcafb17cb6574160925603278dae289bcadb551eaae
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a3aad76447270b687e8e1509915f8df1e24d5d4c23db986a95c4726ded8d1ea
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D9170B1900218BBDB11AFA1CD84AAF7BB8EF45314F10847BF704B6291D77C9A41DB59
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402020, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E004056C6(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\FRONTD~1\\AppData\\Local\\Temp\\nsc308D.tmp");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409368, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409368, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                                                                                                                                                                0x00402029
                                                                                                                                                                                                                                0x00402033
                                                                                                                                                                                                                                0x0040203c
                                                                                                                                                                                                                                0x00402046
                                                                                                                                                                                                                                0x0040204f
                                                                                                                                                                                                                                0x00402059
                                                                                                                                                                                                                                0x0040205d
                                                                                                                                                                                                                                0x0040205d
                                                                                                                                                                                                                                0x00402062
                                                                                                                                                                                                                                0x00402073
                                                                                                                                                                                                                                0x0040207b
                                                                                                                                                                                                                                0x0040215b
                                                                                                                                                                                                                                0x0040215b
                                                                                                                                                                                                                                0x00402162
                                                                                                                                                                                                                                0x00402081
                                                                                                                                                                                                                                0x00402081
                                                                                                                                                                                                                                0x00402092
                                                                                                                                                                                                                                0x00402096
                                                                                                                                                                                                                                0x0040209c
                                                                                                                                                                                                                                0x004020a6
                                                                                                                                                                                                                                0x004020a8
                                                                                                                                                                                                                                0x004020b3
                                                                                                                                                                                                                                0x004020b6
                                                                                                                                                                                                                                0x004020c3
                                                                                                                                                                                                                                0x004020c5
                                                                                                                                                                                                                                0x004020c7
                                                                                                                                                                                                                                0x004020ce
                                                                                                                                                                                                                                0x004020d1
                                                                                                                                                                                                                                0x004020d1
                                                                                                                                                                                                                                0x004020d4
                                                                                                                                                                                                                                0x004020de
                                                                                                                                                                                                                                0x004020e6
                                                                                                                                                                                                                                0x004020eb
                                                                                                                                                                                                                                0x004020f7
                                                                                                                                                                                                                                0x004020f7
                                                                                                                                                                                                                                0x004020fa
                                                                                                                                                                                                                                0x00402103
                                                                                                                                                                                                                                0x00402106
                                                                                                                                                                                                                                0x0040210f
                                                                                                                                                                                                                                0x00402114
                                                                                                                                                                                                                                0x00402126
                                                                                                                                                                                                                                0x00402135
                                                                                                                                                                                                                                0x00402137
                                                                                                                                                                                                                                0x00402143
                                                                                                                                                                                                                                0x00402143
                                                                                                                                                                                                                                0x00402135
                                                                                                                                                                                                                                0x00402145
                                                                                                                                                                                                                                0x0040214b
                                                                                                                                                                                                                                0x0040214b
                                                                                                                                                                                                                                0x0040214e
                                                                                                                                                                                                                                0x00402154
                                                                                                                                                                                                                                0x00402159
                                                                                                                                                                                                                                0x0040216e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402159
                                                                                                                                                                                                                                0x00402164
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409368,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp, xrefs: 004020AB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp
                                                                                                                                                                                                                                • API String ID: 123533781-3177201956
                                                                                                                                                                                                                                • Opcode ID: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                                                                                                                                                                • Instruction ID: 0b92ce9401c32f92a97655b67b17bc3e2e7042a2ba93bb40bff56c30807ccd12
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 39%
                                                                                                                                                                                                                                			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029F6(2), _t19 - 0x1a4) != 0xffffffff) {
					E00405AC4(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405B66();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                                                                                                                                                0x00402656
                                                                                                                                                                                                                                0x0040266a
                                                                                                                                                                                                                                0x00402675
                                                                                                                                                                                                                                0x00402676
                                                                                                                                                                                                                                0x004027b1
                                                                                                                                                                                                                                0x00402658
                                                                                                                                                                                                                                0x00402658
                                                                                                                                                                                                                                0x0040265a
                                                                                                                                                                                                                                0x0040265c
                                                                                                                                                                                                                                0x0040265c
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFindFirst
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                                                                                                                • Opcode ID: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                                                                                                                                                                • Instruction ID: b3d2387cb92b068db8966d6a1439c3c253679041c8135bb289436d91baf53d0e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42F0A072A04201DBD700EBB49A89AEEB7789B51328F60067BE111F20C1C6B85A459B2E
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 90%
                                                                                                                                                                                                                                			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0; // 0x5405b0
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "MP3 Rocket 6.2.4 Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423ea8; // 0xe036e
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                                                                                                                                                                                                                0x0040100a
                                                                                                                                                                                                                                0x00401039
                                                                                                                                                                                                                                0x00401047
                                                                                                                                                                                                                                0x0040104d
                                                                                                                                                                                                                                0x00401051
                                                                                                                                                                                                                                0x0040105b
                                                                                                                                                                                                                                0x00401061
                                                                                                                                                                                                                                0x00401064
                                                                                                                                                                                                                                0x004010f3
                                                                                                                                                                                                                                0x00401089
                                                                                                                                                                                                                                0x0040108c
                                                                                                                                                                                                                                0x004010a6
                                                                                                                                                                                                                                0x004010bd
                                                                                                                                                                                                                                0x004010cc
                                                                                                                                                                                                                                0x004010cf
                                                                                                                                                                                                                                0x004010d5
                                                                                                                                                                                                                                0x004010d9
                                                                                                                                                                                                                                0x004010e4
                                                                                                                                                                                                                                0x004010ed
                                                                                                                                                                                                                                0x004010ef
                                                                                                                                                                                                                                0x004010ef
                                                                                                                                                                                                                                0x00401100
                                                                                                                                                                                                                                0x00401105
                                                                                                                                                                                                                                0x0040110d
                                                                                                                                                                                                                                0x00401110
                                                                                                                                                                                                                                0x00401112
                                                                                                                                                                                                                                0x00401118
                                                                                                                                                                                                                                0x0040111f
                                                                                                                                                                                                                                0x00401126
                                                                                                                                                                                                                                0x00401130
                                                                                                                                                                                                                                0x00401142
                                                                                                                                                                                                                                0x00401156
                                                                                                                                                                                                                                0x00401160
                                                                                                                                                                                                                                0x00401165
                                                                                                                                                                                                                                0x00401165
                                                                                                                                                                                                                                0x00401110
                                                                                                                                                                                                                                0x0040116e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00401178
                                                                                                                                                                                                                                0x00401010
                                                                                                                                                                                                                                0x00401013
                                                                                                                                                                                                                                0x00401015
                                                                                                                                                                                                                                0x00401019
                                                                                                                                                                                                                                0x0040101f
                                                                                                                                                                                                                                0x0040101f
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 0040105B
                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                • FillRect.USER32 ref: 004010E4
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                • DrawTextA.USER32(00000000,MP3 Rocket 6.2.4 Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                • String ID: F$MP3 Rocket 6.2.4 Setup
                                                                                                                                                                                                                                • API String ID: 941294808-98391952
                                                                                                                                                                                                                                • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                                                                                                                                                • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 030C10EF, Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 112stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                                                                                                			E030C10EF(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v12;
				intOrPtr _v36;
				CHAR* _v44;
				long _v56;
				CHAR* _v60;
				CHAR* _v76;
				void _v84;
				char _v88;
				signed int _t33;
				signed char _t34;
				CHAR* _t35;
				int _t38;
				int _t43;
				signed int _t48;
				void* _t55;

				_t48 = 0x12;
				memset( &_v84, 0, _t48 << 2);
				 *0x30c50dc = _a8;
				 *0x30c50e0 = _a16;
				 *0x30c50e4 = _a12;
				_v84 = _a4;
				_v88 = 0x4c;
				_v76 = 0x30c44a0;
				_v60 = 0x30c48a0;
				_v56 = 0x400;
				_v36 = 0x82000;
				E030C1DD9( &_v12, 5);
				E030C1DD9(0x30c48a0, 0x400);
				E030C1DD9(0x30c44a0, 0x400);
				_t33 = lstrcmpiA( &_v12, "save");
				asm("sbb edi, edi");
				_t55 =  ~_t33 + 1;
				_t34 = GetFileAttributesA(0x30c48a0);
				if(_t34 != 0xffffffff && (_t34 & 0x00000010) != 0) {
					lstrcpyA(0x30c4ca0, 0x30c48a0);
					 *0x30c48a0 =  *0x30c48a0 & 0x00000000;
					_v44 = 0x30c4ca0;
				}
				if( *0x30c44a0 == 0) {
					lstrcpyA(0x30c44a0, "All Files|*.*");
				}
				_t35 = 0x30c44a0;
				if( *0x30c44a0 != 0) {
					do {
						if( *_t35 != 0x7c) {
							_t35 = CharNextA(_t35);
						} else {
							 *_t35 =  *_t35 & 0x00000000;
							_t35 =  &(_t35[1]);
						}
					} while ( *_t35 != 0);
				}
				_t35[1] = _t35[1] & 0x00000000;
				GetCurrentDirectoryA(0x400, 0x30c40a0);
				_push( &_v88);
				if(_t55 == 0) {
					_t38 = GetOpenFileNameA();
				} else {
					_t38 = GetSaveFileNameA();
				}
				if(_t38 != 0) {
					L19:
					_push(0x30c48a0);
				} else {
					if(CommDlgExtendedError() != 0x3002) {
						L20:
						_push(0x30c4098);
					} else {
						 *0x30c48a0 =  *0x30c48a0 & 0x00000000;
						_push( &_v88);
						if(_t55 == 0) {
							_t43 = GetOpenFileNameA();
						} else {
							_t43 = GetSaveFileNameA();
						}
						if(_t43 == 0) {
							goto L20;
						} else {
							goto L19;
						}
					}
				}
				E030C1E27();
				return SetCurrentDirectoryA(??);
			}


















                                                                                                                                                                                                                                0x030c10fa
                                                                                                                                                                                                                                0x030c1105
                                                                                                                                                                                                                                0x030c110f
                                                                                                                                                                                                                                0x030c1117
                                                                                                                                                                                                                                0x030c111f
                                                                                                                                                                                                                                0x030c1127
                                                                                                                                                                                                                                0x030c1135
                                                                                                                                                                                                                                0x030c113c
                                                                                                                                                                                                                                0x030c113f
                                                                                                                                                                                                                                0x030c1142
                                                                                                                                                                                                                                0x030c1145
                                                                                                                                                                                                                                0x030c114c
                                                                                                                                                                                                                                0x030c1153
                                                                                                                                                                                                                                0x030c115a
                                                                                                                                                                                                                                0x030c1168
                                                                                                                                                                                                                                0x030c1177
                                                                                                                                                                                                                                0x030c1179
                                                                                                                                                                                                                                0x030c117a
                                                                                                                                                                                                                                0x030c1183
                                                                                                                                                                                                                                0x030c1193
                                                                                                                                                                                                                                0x030c1199
                                                                                                                                                                                                                                0x030c11a0
                                                                                                                                                                                                                                0x030c11a0
                                                                                                                                                                                                                                0x030c11ae
                                                                                                                                                                                                                                0x030c11b6
                                                                                                                                                                                                                                0x030c11b6
                                                                                                                                                                                                                                0x030c11c3
                                                                                                                                                                                                                                0x030c11c5
                                                                                                                                                                                                                                0x030c11c7
                                                                                                                                                                                                                                0x030c11ca
                                                                                                                                                                                                                                0x030c11d3
                                                                                                                                                                                                                                0x030c11cc
                                                                                                                                                                                                                                0x030c11cc
                                                                                                                                                                                                                                0x030c11cf
                                                                                                                                                                                                                                0x030c11cf
                                                                                                                                                                                                                                0x030c11d9
                                                                                                                                                                                                                                0x030c11c7
                                                                                                                                                                                                                                0x030c11de
                                                                                                                                                                                                                                0x030c11e9
                                                                                                                                                                                                                                0x030c11fa
                                                                                                                                                                                                                                0x030c11fb
                                                                                                                                                                                                                                0x030c1205
                                                                                                                                                                                                                                0x030c11fd
                                                                                                                                                                                                                                0x030c11fd
                                                                                                                                                                                                                                0x030c11fd
                                                                                                                                                                                                                                0x030c1209
                                                                                                                                                                                                                                0x030c1235
                                                                                                                                                                                                                                0x030c1235
                                                                                                                                                                                                                                0x030c120b
                                                                                                                                                                                                                                0x030c1216
                                                                                                                                                                                                                                0x030c123c
                                                                                                                                                                                                                                0x030c123c
                                                                                                                                                                                                                                0x030c1218
                                                                                                                                                                                                                                0x030c1218
                                                                                                                                                                                                                                0x030c1224
                                                                                                                                                                                                                                0x030c1225
                                                                                                                                                                                                                                0x030c122f
                                                                                                                                                                                                                                0x030c1227
                                                                                                                                                                                                                                0x030c1227
                                                                                                                                                                                                                                0x030c1227
                                                                                                                                                                                                                                0x030c1233
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c1233
                                                                                                                                                                                                                                0x030c1216
                                                                                                                                                                                                                                0x030c1241
                                                                                                                                                                                                                                0x030c1251

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 030C1DD9: lstrcpynA.KERNEL32(030C1054,?,?,?,030C1054,?), ref: 030C1E06
                                                                                                                                                                                                                                  • Part of subcall function 030C1DD9: GlobalFree.KERNEL32 ref: 030C1E16
                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,save,030C44A0,00000400,030C48A0,00000400,?,00000005), ref: 030C1168
                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(030C48A0), ref: 030C117A
                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(030C4CA0,030C48A0), ref: 030C1193
                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(030C44A0,All Files|*.*), ref: 030C11B6
                                                                                                                                                                                                                                • CharNextA.USER32(030C44A0), ref: 030C11D3
                                                                                                                                                                                                                                • GetCurrentDirectoryA.KERNEL32(00000400,030C40A0), ref: 030C11E9
                                                                                                                                                                                                                                • GetSaveFileNameA.COMDLG32(0000004C), ref: 030C11FD
                                                                                                                                                                                                                                • GetOpenFileNameA.COMDLG32(0000004C), ref: 030C1205
                                                                                                                                                                                                                                • CommDlgExtendedError.COMDLG32 ref: 030C120B
                                                                                                                                                                                                                                • GetSaveFileNameA.COMDLG32(0000004C), ref: 030C1227
                                                                                                                                                                                                                                • GetOpenFileNameA.COMDLG32(0000004C), ref: 030C122F
                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(030C40A0,030C48A0), ref: 030C1247
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1675900869.00000000030C1000.00000020.00020000.sdmp, Offset: 030C0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675875391.00000000030C0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675927376.00000000030C3000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675953768.00000000030C4000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675968346.00000000030C7000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_30c0000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$Name$CurrentDirectoryOpenSavelstrcpy$AttributesCharCommErrorExtendedFreeGlobalNextlstrcmpilstrcpyn
                                                                                                                                                                                                                                • String ID: All Files|*.*$L$save
                                                                                                                                                                                                                                • API String ID: 3853173656-601108453
                                                                                                                                                                                                                                • Opcode ID: 5b6468d1ebca490b779112feee564ebd8ed9ce2f30e3f5b1a9880ef7e8bc72e9
                                                                                                                                                                                                                                • Instruction ID: 834eb27a7b4e9616b624d3ec8424b33c4eadf8ee8bb4b7422fe81d91b64fcd9a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b6468d1ebca490b779112feee564ebd8ed9ce2f30e3f5b1a9880ef7e8bc72e9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2341C3799332C8AFD715EF66E868B9E7FF8BB46310F64404DE451E6146C77C88088761
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004058B4, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                			E004058B4() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405E88(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422630 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca8, "%s=%s\r\n", 0x422630, 0x4220a8);
						_t18 =  *0x423eb0; // 0x5405b0
						_t56 = _t55 + 0x10;
						E00405B88(_t43, 0x400, 0x4220a8, 0x4220a8,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040583D(0x4220a8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057B2(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057B2(_t26 + 0xa, 0x409350);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E004057FE(_t51 + _t29, 0x421ca8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B66(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040583D(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422630, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                                                                                                                                                                                                                0x004058ba
                                                                                                                                                                                                                                0x004058c1
                                                                                                                                                                                                                                0x004058c5
                                                                                                                                                                                                                                0x004058ce
                                                                                                                                                                                                                                0x004058d2
                                                                                                                                                                                                                                0x00405a11
                                                                                                                                                                                                                                0x00405a11
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405a11
                                                                                                                                                                                                                                0x004058d2
                                                                                                                                                                                                                                0x004058de
                                                                                                                                                                                                                                0x004058f4
                                                                                                                                                                                                                                0x0040591c
                                                                                                                                                                                                                                0x00405927
                                                                                                                                                                                                                                0x0040592b
                                                                                                                                                                                                                                0x0040594b
                                                                                                                                                                                                                                0x0040594d
                                                                                                                                                                                                                                0x00405952
                                                                                                                                                                                                                                0x0040595c
                                                                                                                                                                                                                                0x00405969
                                                                                                                                                                                                                                0x0040596e
                                                                                                                                                                                                                                0x00405973
                                                                                                                                                                                                                                0x00405977
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405986
                                                                                                                                                                                                                                0x00405988
                                                                                                                                                                                                                                0x00405995
                                                                                                                                                                                                                                0x00405999
                                                                                                                                                                                                                                0x00405a0a
                                                                                                                                                                                                                                0x00405a0b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004059b5
                                                                                                                                                                                                                                0x004059c2
                                                                                                                                                                                                                                0x00405a27
                                                                                                                                                                                                                                0x00405a2e
                                                                                                                                                                                                                                0x004059d5
                                                                                                                                                                                                                                0x004059d5
                                                                                                                                                                                                                                0x004059d7
                                                                                                                                                                                                                                0x004059e0
                                                                                                                                                                                                                                0x004059eb
                                                                                                                                                                                                                                0x004059fd
                                                                                                                                                                                                                                0x00405a04
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405a04
                                                                                                                                                                                                                                0x00405a30
                                                                                                                                                                                                                                0x00405a31
                                                                                                                                                                                                                                0x00405a36
                                                                                                                                                                                                                                0x00405a38
                                                                                                                                                                                                                                0x00405a45
                                                                                                                                                                                                                                0x00405a45
                                                                                                                                                                                                                                0x00405a49
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405a3a
                                                                                                                                                                                                                                0x00405a3a
                                                                                                                                                                                                                                0x00405a3d
                                                                                                                                                                                                                                0x00405a40
                                                                                                                                                                                                                                0x00405a41
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405a3a
                                                                                                                                                                                                                                0x004059cd
                                                                                                                                                                                                                                0x004059d2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004059d2
                                                                                                                                                                                                                                0x00405999
                                                                                                                                                                                                                                0x004058f6
                                                                                                                                                                                                                                0x00405901
                                                                                                                                                                                                                                0x0040590a
                                                                                                                                                                                                                                0x0040590e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040590e
                                                                                                                                                                                                                                0x00405a1b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                                                                                                                                  • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                                                                                                                                  • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405649,?,00000000,000000F1,?), ref: 00405901
                                                                                                                                                                                                                                • GetShortPathNameA.KERNEL32 ref: 0040590A
                                                                                                                                                                                                                                • GetShortPathNameA.KERNEL32 ref: 00405927
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00405945
                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,004220A8,C0000000,00000004,004220A8,?,?,?,00000000,000000F1,?), ref: 00405980
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 0040598F
                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059A5
                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA8,00000000,-0000000A,00409350,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059EB
                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004059FD
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 00405A04
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A0B
                                                                                                                                                                                                                                  • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                                                                                                                                                  • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                                                                                                                                                • String ID: %s=%s$0&B$[Rename]
                                                                                                                                                                                                                                • API String ID: 3772915668-951905037
                                                                                                                                                                                                                                • Opcode ID: 73d0c5d55c6a66a5fc5f40039b5a9282ef929e2af51c157191695387f36ba956
                                                                                                                                                                                                                                • Instruction ID: 8912a0e40cac8f66f34925055924fb713260e7a12edb00ecfb1cfbef244c1689
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73d0c5d55c6a66a5fc5f40039b5a9282ef929e2af51c157191695387f36ba956
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9411332B05B11BBD3216B61AD88F6B3A5CDB84715F140136FE05F22C2E678A801CEBD
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 100025FE, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                			E100025FE(void* __edx, intOrPtr* _a4) {
				intOrPtr _v4;
				intOrPtr* _t18;
				intOrPtr _t21;
				void* _t23;
				short* _t24;
				void* _t25;
				void* _t30;
				void* _t32;
				void* _t34;
				int _t36;
				void* _t39;
				void* _t42;
				intOrPtr _t52;
				short** _t55;
				void* _t60;
				int _t61;
				int _t62;
				void* _t63;
				short** _t64;
				void* _t65;
				void* _t66;

				_t60 = __edx;
				_t18 = _a4;
				_t52 =  *((intOrPtr*)(_t18 + 0x814));
				_v4 = _t52;
				_t55 = (_t52 + 0x41 << 5) + _t18;
				do {
					if( *((intOrPtr*)(_t55 - 4)) != 0xffffffff) {
						_t64 = _t55;
					} else {
						_t64 =  *_t55;
					}
					_t65 = E10001541();
					_t61 = 0;
					_t21 =  *((intOrPtr*)(_t55 - 8));
					if(_t21 == 0) {
						lstrcpyA(_t65, 0x10004034);
					} else {
						_t30 = _t21 - 1;
						if(_t30 == 0) {
							_push( *_t64);
							goto L12;
						} else {
							_t32 = _t30 - 1;
							if(_t32 == 0) {
								E1000176C(_t60,  *_t64, _t64[1], _t65);
								goto L13;
							} else {
								_t34 = _t32 - 1;
								if(_t34 == 0) {
									_t62 = lstrlenA( *_t64);
									_t36 =  *0x10004058;
									if(_t62 >= _t36) {
										_t62 = _t36 - 1;
									}
									_t7 = _t62 + 1; // 0x1
									lstrcpynA(_t65,  *_t64, _t7);
									 *(_t62 + _t65) =  *(_t62 + _t65) & 0x00000000;
									goto L15;
								} else {
									_t39 = _t34 - 1;
									if(_t39 == 0) {
										WideCharToMultiByte(0, 0,  *_t64,  *0x10004058, _t65,  *0x10004058, 0, 0);
									} else {
										_t42 = _t39 - 1;
										if(_t42 == 0) {
											_t63 = GlobalAlloc(0x40,  *0x10004058 +  *0x10004058);
											__imp__StringFromGUID2( *_t64, _t63,  *0x10004058 +  *0x10004058);
											WideCharToMultiByte(0, 0, _t63,  *0x10004058, _t65,  *0x10004058, 0, 0);
											GlobalFree(_t63);
											L15:
											_t61 = 0;
										} else {
											if(_t42 == 1) {
												_push( *_t55);
												L12:
												wsprintfA(_t65, 0x10004008);
												L13:
												_t66 = _t66 + 0xc;
											}
										}
									}
								}
							}
						}
					}
					_t23 = _t55[5];
					if(_t23 != _t61 && ( *_a4 != 2 ||  *((intOrPtr*)(_t55 - 4)) > _t61)) {
						GlobalFree(_t23);
					}
					_t24 = _t55[4];
					if(_t24 != _t61) {
						if(_t24 != 0xffffffff) {
							if(_t24 > _t61) {
								E1000160E(_t24 - 1, _t65);
								goto L32;
							}
						} else {
							E1000159E(_t65);
							L32:
						}
					}
					_t25 = GlobalFree(_t65);
					_v4 = _v4 - 1;
					_t55 = _t55 - 0x20;
				} while (_v4 >= _t61);
				return _t25;
			}
























                                                                                                                                                                                                                                0x100025fe
                                                                                                                                                                                                                                0x100025ff
                                                                                                                                                                                                                                0x10002606
                                                                                                                                                                                                                                0x1000260d
                                                                                                                                                                                                                                0x10002617
                                                                                                                                                                                                                                0x10002619
                                                                                                                                                                                                                                0x1000261d
                                                                                                                                                                                                                                0x10002623
                                                                                                                                                                                                                                0x1000261f
                                                                                                                                                                                                                                0x1000261f
                                                                                                                                                                                                                                0x1000261f
                                                                                                                                                                                                                                0x1000262a
                                                                                                                                                                                                                                0x1000262f
                                                                                                                                                                                                                                0x10002631
                                                                                                                                                                                                                                0x10002633
                                                                                                                                                                                                                                0x1000270c
                                                                                                                                                                                                                                0x10002639
                                                                                                                                                                                                                                0x10002639
                                                                                                                                                                                                                                0x1000263a
                                                                                                                                                                                                                                0x100026ff
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002640
                                                                                                                                                                                                                                0x10002640
                                                                                                                                                                                                                                0x10002641
                                                                                                                                                                                                                                0x100026f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002647
                                                                                                                                                                                                                                0x10002647
                                                                                                                                                                                                                                0x10002648
                                                                                                                                                                                                                                0x100026ce
                                                                                                                                                                                                                                0x100026d0
                                                                                                                                                                                                                                0x100026d7
                                                                                                                                                                                                                                0x100026d9
                                                                                                                                                                                                                                0x100026d9
                                                                                                                                                                                                                                0x100026dc
                                                                                                                                                                                                                                0x100026e3
                                                                                                                                                                                                                                0x100026e9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000264a
                                                                                                                                                                                                                                0x1000264a
                                                                                                                                                                                                                                0x1000264b
                                                                                                                                                                                                                                0x100026be
                                                                                                                                                                                                                                0x1000264d
                                                                                                                                                                                                                                0x1000264d
                                                                                                                                                                                                                                0x1000264e
                                                                                                                                                                                                                                0x1000267d
                                                                                                                                                                                                                                0x1000268a
                                                                                                                                                                                                                                0x1000269f
                                                                                                                                                                                                                                0x100026a6
                                                                                                                                                                                                                                0x100026ac
                                                                                                                                                                                                                                0x100026ac
                                                                                                                                                                                                                                0x10002650
                                                                                                                                                                                                                                0x10002651
                                                                                                                                                                                                                                0x10002657
                                                                                                                                                                                                                                0x10002659
                                                                                                                                                                                                                                0x1000265f
                                                                                                                                                                                                                                0x10002665
                                                                                                                                                                                                                                0x10002665
                                                                                                                                                                                                                                0x10002665
                                                                                                                                                                                                                                0x10002651
                                                                                                                                                                                                                                0x1000264e
                                                                                                                                                                                                                                0x1000264b
                                                                                                                                                                                                                                0x10002648
                                                                                                                                                                                                                                0x10002641
                                                                                                                                                                                                                                0x1000263a
                                                                                                                                                                                                                                0x10002712
                                                                                                                                                                                                                                0x10002717
                                                                                                                                                                                                                                0x10002728
                                                                                                                                                                                                                                0x10002728
                                                                                                                                                                                                                                0x1000272e
                                                                                                                                                                                                                                0x10002733
                                                                                                                                                                                                                                0x10002738
                                                                                                                                                                                                                                0x10002744
                                                                                                                                                                                                                                0x10002749
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000274e
                                                                                                                                                                                                                                0x1000273a
                                                                                                                                                                                                                                0x1000273b
                                                                                                                                                                                                                                0x1000274f
                                                                                                                                                                                                                                0x1000274f
                                                                                                                                                                                                                                0x10002738
                                                                                                                                                                                                                                0x10002751
                                                                                                                                                                                                                                0x10002757
                                                                                                                                                                                                                                0x1000275b
                                                                                                                                                                                                                                0x1000275e
                                                                                                                                                                                                                                0x1000276d

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 1000265F
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,?,?,?,00000000,00000001,10001A8A,00000000), ref: 10002677
                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,00000000,?,?,?,?,00000000,00000001,10001A8A,00000000), ref: 1000268A
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000000,00000001,10001A8A,00000000), ref: 1000269F
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 100026A6
                                                                                                                                                                                                                                  • Part of subcall function 1000160E: lstrcpyA.KERNEL32(-10004047,00000000,?,1000118F,?,00000000), ref: 10001636
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 10002728
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 10002751
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1690752483.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690732782.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690765129.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690776803.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$Free$AllocByteCharFromMultiStringWidelstrcpywsprintf
                                                                                                                                                                                                                                • String ID: {s@us
                                                                                                                                                                                                                                • API String ID: 2278267121-2578703795
                                                                                                                                                                                                                                • Opcode ID: f2d90fb7604344b88e62606892e29dab83ffb9f5e480ef13eb80547e1e232e8e
                                                                                                                                                                                                                                • Instruction ID: 08b3d8036d164c5881487be7a8a394305a4816547ccba51f0c52e2d45aca7b17
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2d90fb7604344b88e62606892e29dab83ffb9f5e480ef13eb80547e1e232e8e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97419D71109555EFF712DF24CC88E2BBBEDFB843C0B124519FA45C616DDB32AC509A21
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 030C14CA, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 202windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                			E030C14CA(struct HWND__* _a4, int _a8, unsigned int _a12, long _a16) {
				struct tagRECT _v20;
				char _v1044;
				int _t62;
				signed int _t66;
				intOrPtr _t75;
				signed int _t76;
				void* _t88;
				void* _t95;
				intOrPtr* _t101;
				struct HWND__* _t102;
				intOrPtr _t105;
				intOrPtr _t106;
				unsigned int _t110;
				void* _t111;
				void* _t115;
				signed int _t117;
				intOrPtr* _t119;
				intOrPtr* _t120;

				_t62 = _a8;
				if(_t62 == 2) {
					_t111 = 0;
					if( *0x30c50d4 <= 0) {
						L48:
						return 0;
					}
					_t115 = 0;
					do {
						RemovePropA( *(_t115 +  *0x30c50d8), "NSIS: nsControl pointer property");
						_t111 = _t111 + 1;
						_t115 = _t115 + 0x418;
					} while (_t111 <  *0x30c50d4);
					goto L48;
				}
				_t101 = _a16;
				if(_t62 == 0x2b) {
					L28:
					_t66 =  *(_t101 + 0x10);
					_a12 = _t66 & 0x00000100;
					_a16 = _t66 & 0x00000200;
					if(E030C13C6( *(_t101 + 0x14)) == 0) {
						goto L48;
					}
					asm("movsd");
					asm("movsd");
					_v1044 = _v1044 & 0x00000000;
					asm("movsd");
					asm("movsd");
					GetWindowTextA( *(_t101 + 0x14),  &_v1044, 0x400);
					DrawTextA( *(_t101 + 0x18),  &_v1044, 0xffffffff,  &_v20, 0x414);
					_t105 =  *((intOrPtr*)(_t101 + 0x24));
					_t75 = _v20.right + 2;
					_v20.right = _t75;
					if(_t75 >= _t105) {
						_v20.right = _t105;
					}
					_t76 =  *0x30c50cc;
					if(_t76 != 0) {
						_v20.right = _t105;
						_v20.left = _v20.left + _t105 - _v20.right;
					}
					if(( *(_t101 + 0xc) & 0x00000001) != 0) {
						asm("sbb eax, eax");
						_t117 =  ~_t76 & 0x00020000;
						if(_a12 != 0) {
							_t117 = _t117 | 0x00100000;
						}
						if(GetWindowLongA( *(_t101 + 0x14), 0xffffffeb) == 0) {
							SetTextColor( *(_t101 + 0x18), 0xff0000);
						}
						DrawTextA( *(_t101 + 0x18),  &_v1044, 0xffffffff,  &_v20, _t117 | 0x00000015);
					}
					if(( *(_t101 + 0x10) & 0x00000010) == 0 || ( *(_t101 + 0xc) & 0x00000001) == 0) {
						if(( *(_t101 + 0xc) & 0x00000004) == 0) {
							goto L44;
						}
						goto L42;
					} else {
						L42:
						if(_a16 == 0) {
							DrawFocusRect( *(_t101 + 0x18),  &_v20);
						}
						L44:
						return 1;
					}
				}
				if(_t62 == 0x4e) {
					_t88 = E030C13C6( *_t101);
					if(_t88 == 0) {
						goto L48;
					}
					_t16 = _t88 + 0x410; // 0x410
					_t119 = _t16;
					if( *_t119 == 0) {
						goto L48;
					}
					L030C2016();
					L030C2016();
					L030C2016();
					 *((intOrPtr*)( *0x30c50a0 + 4))( *_t119 - 1, 0,  *_t101,  *((intOrPtr*)(_t101 + 8)), _t101);
					goto L28;
				}
				if(_t62 == 0x111) {
					_t102 = GetDlgItem(_a4, _a12 & 0x0000ffff);
					_t95 = E030C13C6(_t102);
					if(_t95 == 0) {
						goto L48;
					}
					_t110 = _a12 >> 0x10;
					if(_t110 != 0) {
						L12:
						if(_t110 != 0x300 ||  *((intOrPtr*)(_t95 + 4)) != 2) {
							if(_t110 != 1 ||  *((intOrPtr*)(_t95 + 4)) != 4) {
								if(_t110 == 6 || _t110 == 1) {
									if( *((intOrPtr*)(_t95 + 4)) != 3) {
										goto L22;
									}
									goto L19;
								} else {
									L22:
									if(_t110 != 0 ||  *((intOrPtr*)(_t95 + 4)) != 7) {
										goto L48;
									} else {
										L24:
										_t15 = _t95 + 0x408; // 0x408
										_t120 = _t15;
										goto L20;
									}
								}
							} else {
								goto L19;
							}
						} else {
							L19:
							_t12 = _t95 + 0x40c; // 0x40c
							_t120 = _t12;
							L20:
							if( *_t120 != 0) {
								L030C2016();
								 *((intOrPtr*)( *0x30c50a0 + 4))( *_t120 - 1, 0, _t102);
							}
							goto L48;
						}
					}
					_t106 =  *((intOrPtr*)(_t95 + 4));
					if(_t106 == 1 || _t106 == 8) {
						goto L24;
					} else {
						goto L12;
					}
				}
				if(_t62 > 0x132 && (_t62 <= 0x136 || _t62 == 0x138)) {
					return SendMessageA( *0x30c50c4, _t62, _a12, _a16);
				}
				goto L48;
			}





















                                                                                                                                                                                                                                0x030c14d3
                                                                                                                                                                                                                                0x030c14dc
                                                                                                                                                                                                                                0x030c1722
                                                                                                                                                                                                                                0x030c172a
                                                                                                                                                                                                                                0x030c1750
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c1750
                                                                                                                                                                                                                                0x030c172c
                                                                                                                                                                                                                                0x030c172e
                                                                                                                                                                                                                                0x030c173b
                                                                                                                                                                                                                                0x030c1741
                                                                                                                                                                                                                                0x030c1742
                                                                                                                                                                                                                                0x030c1748
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c172e
                                                                                                                                                                                                                                0x030c14e2
                                                                                                                                                                                                                                0x030c14e8
                                                                                                                                                                                                                                0x030c1618
                                                                                                                                                                                                                                0x030c1618
                                                                                                                                                                                                                                0x030c162b
                                                                                                                                                                                                                                0x030c162e
                                                                                                                                                                                                                                0x030c1638
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c1644
                                                                                                                                                                                                                                0x030c1645
                                                                                                                                                                                                                                0x030c1646
                                                                                                                                                                                                                                0x030c1653
                                                                                                                                                                                                                                0x030c165d
                                                                                                                                                                                                                                0x030c165e
                                                                                                                                                                                                                                0x030c167f
                                                                                                                                                                                                                                0x030c1684
                                                                                                                                                                                                                                0x030c1687
                                                                                                                                                                                                                                0x030c168c
                                                                                                                                                                                                                                0x030c168f
                                                                                                                                                                                                                                0x030c1691
                                                                                                                                                                                                                                0x030c1691
                                                                                                                                                                                                                                0x030c1694
                                                                                                                                                                                                                                0x030c169b
                                                                                                                                                                                                                                0x030c16a2
                                                                                                                                                                                                                                0x030c16a5
                                                                                                                                                                                                                                0x030c16a5
                                                                                                                                                                                                                                0x030c16ac
                                                                                                                                                                                                                                0x030c16b0
                                                                                                                                                                                                                                0x030c16bb
                                                                                                                                                                                                                                0x030c16bd
                                                                                                                                                                                                                                0x030c16bf
                                                                                                                                                                                                                                0x030c16bf
                                                                                                                                                                                                                                0x030c16d2
                                                                                                                                                                                                                                0x030c16dc
                                                                                                                                                                                                                                0x030c16dc
                                                                                                                                                                                                                                0x030c16f6
                                                                                                                                                                                                                                0x030c16f6
                                                                                                                                                                                                                                0x030c16fc
                                                                                                                                                                                                                                0x030c1708
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c170a
                                                                                                                                                                                                                                0x030c170a
                                                                                                                                                                                                                                0x030c170e
                                                                                                                                                                                                                                0x030c1717
                                                                                                                                                                                                                                0x030c1717
                                                                                                                                                                                                                                0x030c171d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c171f
                                                                                                                                                                                                                                0x030c16fc
                                                                                                                                                                                                                                0x030c14f1
                                                                                                                                                                                                                                0x030c15d9
                                                                                                                                                                                                                                0x030c15e0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c15e6
                                                                                                                                                                                                                                0x030c15e6
                                                                                                                                                                                                                                0x030c15ef
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c15f6
                                                                                                                                                                                                                                0x030c15fe
                                                                                                                                                                                                                                0x030c1605
                                                                                                                                                                                                                                0x030c1615
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c1615
                                                                                                                                                                                                                                0x030c14fc
                                                                                                                                                                                                                                0x030c1541
                                                                                                                                                                                                                                0x030c1544
                                                                                                                                                                                                                                0x030c154d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c1556
                                                                                                                                                                                                                                0x030c155c
                                                                                                                                                                                                                                0x030c156b
                                                                                                                                                                                                                                0x030c1570
                                                                                                                                                                                                                                0x030c157c
                                                                                                                                                                                                                                0x030c1588
                                                                                                                                                                                                                                0x030c1594
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c15bc
                                                                                                                                                                                                                                0x030c15bc
                                                                                                                                                                                                                                0x030c15bf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c15cf
                                                                                                                                                                                                                                0x030c15cf
                                                                                                                                                                                                                                0x030c15cf
                                                                                                                                                                                                                                0x030c15cf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c15cf
                                                                                                                                                                                                                                0x030c15bf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c1596
                                                                                                                                                                                                                                0x030c1596
                                                                                                                                                                                                                                0x030c1596
                                                                                                                                                                                                                                0x030c1596
                                                                                                                                                                                                                                0x030c159c
                                                                                                                                                                                                                                0x030c159e
                                                                                                                                                                                                                                0x030c15a5
                                                                                                                                                                                                                                0x030c15b4
                                                                                                                                                                                                                                0x030c15b4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c159e
                                                                                                                                                                                                                                0x030c1570
                                                                                                                                                                                                                                0x030c155e
                                                                                                                                                                                                                                0x030c1564
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c1564
                                                                                                                                                                                                                                0x030c1503
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c1528
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 030C1528
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 030C153B
                                                                                                                                                                                                                                • GetWindowTextA.USER32 ref: 030C165E
                                                                                                                                                                                                                                • DrawTextA.USER32(?,00000000,000000FF,?,00000414), ref: 030C167F
                                                                                                                                                                                                                                • GetWindowLongA.USER32 ref: 030C16CA
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00FF0000), ref: 030C16DC
                                                                                                                                                                                                                                • DrawTextA.USER32(?,00000000,000000FF,00000000,?), ref: 030C16F6
                                                                                                                                                                                                                                • DrawFocusRect.USER32 ref: 030C1717
                                                                                                                                                                                                                                • RemovePropA.USER32 ref: 030C173B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • NSIS: nsControl pointer property, xrefs: 030C1733
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1675900869.00000000030C1000.00000020.00020000.sdmp, Offset: 030C0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675875391.00000000030C0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675927376.00000000030C3000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675953768.00000000030C4000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675968346.00000000030C7000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_30c0000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Text$Draw$Window$ColorFocusItemLongMessagePropRectRemoveSend
                                                                                                                                                                                                                                • String ID: NSIS: nsControl pointer property
                                                                                                                                                                                                                                • API String ID: 2331901045-1714965683
                                                                                                                                                                                                                                • Opcode ID: eb3c67c5ee4cd55a8e620f0108626cdd7837faa72a68d823fe547f3d0a90f9b8
                                                                                                                                                                                                                                • Instruction ID: 29a0ab5d6ba372421ba28832afd70623c5a7d0f1aee30fbf0a06ecbf04169d0e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb3c67c5ee4cd55a8e620f0108626cdd7837faa72a68d823fe547f3d0a90f9b8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5871C271522285DBDF69DF14CC88BAFB7FAFB04300F1846A9E90196297C775D891CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 10002440, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 136memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                                                                			E10002440(void* __edx, intOrPtr _a4) {
				signed int _v4;
				CHAR* _t32;
				intOrPtr _t33;
				void* _t34;
				void* _t36;
				void* _t43;
				void** _t49;
				CHAR* _t58;
				void* _t59;
				signed int* _t60;
				void* _t61;
				intOrPtr* _t62;
				CHAR* _t63;
				void* _t73;

				_t59 = __edx;
				_v4 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t62 = (_v4 << 5) + _t9;
					_t32 =  *(_t62 + 0x14);
					if(_t32 == 0) {
						goto L9;
					}
					_t58 = 0x1a;
					if(_t32 == _t58) {
						goto L9;
					}
					if(_t32 != 0xffffffff) {
						if(_t32 <= 0 || _t32 > 0x19) {
							 *(_t62 + 0x14) = _t58;
						} else {
							_t32 = E100015E5(_t32 - 1);
							L10:
						}
						goto L11;
					} else {
						_t32 = E10001561();
						L11:
						_t63 = _t32;
						_t13 = _t62 + 8; // 0x820
						_t60 = _t13;
						if( *((intOrPtr*)(_t62 + 4)) != 0xffffffff) {
							_t49 = _t60;
						} else {
							_t49 =  *_t60;
						}
						_t33 =  *_t62;
						 *(_t62 + 0x1c) =  *(_t62 + 0x1c) & 0x00000000;
						if(_t33 == 0) {
							 *_t60 =  *_t60 & 0x00000000;
						} else {
							if(_t33 == 1) {
								_t36 = E10001641(_t63);
								L27:
								 *_t49 = _t36;
								L31:
								_t34 = GlobalFree(_t63);
								if(_v4 == 0) {
									return _t34;
								}
								if(_v4 !=  *((intOrPtr*)(_a4 + 0x814))) {
									_v4 = _v4 + 1;
								} else {
									_v4 = _v4 & 0x00000000;
								}
								continue;
							}
							if(_t33 == 2) {
								 *_t49 = E10001641(_t63);
								_t49[1] = _t59;
								goto L31;
							}
							_t73 = _t33 - 3;
							if(_t73 == 0) {
								_t36 = E10001550(_t63);
								 *(_t62 + 0x1c) = _t36;
								goto L27;
							}
							if(_t73 > 0) {
								if(_t33 <= 5) {
									_t61 = GlobalAlloc(0x40,  *0x10004058 +  *0x10004058);
									 *(_t62 + 0x1c) = _t61;
									MultiByteToWideChar(0, 0, _t63,  *0x10004058, _t61,  *0x10004058);
									if( *_t62 != 5) {
										 *_t49 = _t61;
									} else {
										_t43 = GlobalAlloc(0x40, 0x10);
										 *(_t62 + 0x1c) = _t43;
										 *_t49 = _t43;
										__imp__CLSIDFromString(_t61, _t43);
										GlobalFree(_t61);
									}
								} else {
									if(_t33 == 6 && lstrlenA(_t63) > 0) {
										 *_t60 = E1000276E(E10001641(_t63));
									}
								}
							}
						}
						goto L31;
					}
					L9:
					_t32 = E10001550(0x10004034);
					goto L10;
				}
			}

















                                                                                                                                                                                                                                0x10002440
                                                                                                                                                                                                                                0x10002454
                                                                                                                                                                                                                                0x10002458
                                                                                                                                                                                                                                0x10002463
                                                                                                                                                                                                                                0x10002463
                                                                                                                                                                                                                                0x1000246a
                                                                                                                                                                                                                                0x1000246f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10002473
                                                                                                                                                                                                                                0x10002476
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000247b
                                                                                                                                                                                                                                0x10002486
                                                                                                                                                                                                                                0x10002496
                                                                                                                                                                                                                                0x1000248d
                                                                                                                                                                                                                                0x1000248f
                                                                                                                                                                                                                                0x100024a5
                                                                                                                                                                                                                                0x100024a5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000247d
                                                                                                                                                                                                                                0x1000247d
                                                                                                                                                                                                                                0x100024a6
                                                                                                                                                                                                                                0x100024aa
                                                                                                                                                                                                                                0x100024ac
                                                                                                                                                                                                                                0x100024ac
                                                                                                                                                                                                                                0x100024af
                                                                                                                                                                                                                                0x100024b5
                                                                                                                                                                                                                                0x100024b1
                                                                                                                                                                                                                                0x100024b1
                                                                                                                                                                                                                                0x100024b1
                                                                                                                                                                                                                                0x100024b7
                                                                                                                                                                                                                                0x100024b9
                                                                                                                                                                                                                                0x100024bf
                                                                                                                                                                                                                                0x1000258a
                                                                                                                                                                                                                                0x100024c5
                                                                                                                                                                                                                                0x100024c8
                                                                                                                                                                                                                                0x10002583
                                                                                                                                                                                                                                0x1000256f
                                                                                                                                                                                                                                0x10002570
                                                                                                                                                                                                                                0x1000258d
                                                                                                                                                                                                                                0x1000258e
                                                                                                                                                                                                                                0x10002599
                                                                                                                                                                                                                                0x100025c3
                                                                                                                                                                                                                                0x100025c3
                                                                                                                                                                                                                                0x100025a9
                                                                                                                                                                                                                                0x100025b5
                                                                                                                                                                                                                                0x100025ab
                                                                                                                                                                                                                                0x100025ab
                                                                                                                                                                                                                                0x100025ab
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100025a9
                                                                                                                                                                                                                                0x100024d1
                                                                                                                                                                                                                                0x1000257b
                                                                                                                                                                                                                                0x1000257d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000257d
                                                                                                                                                                                                                                0x100024d7
                                                                                                                                                                                                                                0x100024da
                                                                                                                                                                                                                                0x10002567
                                                                                                                                                                                                                                0x1000256c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000256c
                                                                                                                                                                                                                                0x100024e0
                                                                                                                                                                                                                                0x100024e9
                                                                                                                                                                                                                                0x10002525
                                                                                                                                                                                                                                0x10002527
                                                                                                                                                                                                                                0x10002537
                                                                                                                                                                                                                                0x10002540
                                                                                                                                                                                                                                0x10002562
                                                                                                                                                                                                                                0x10002542
                                                                                                                                                                                                                                0x10002546
                                                                                                                                                                                                                                0x1000254d
                                                                                                                                                                                                                                0x10002551
                                                                                                                                                                                                                                0x10002553
                                                                                                                                                                                                                                0x1000255a
                                                                                                                                                                                                                                0x1000255a
                                                                                                                                                                                                                                0x100024eb
                                                                                                                                                                                                                                0x100024ee
                                                                                                                                                                                                                                0x10002510
                                                                                                                                                                                                                                0x10002512
                                                                                                                                                                                                                                0x100024ee
                                                                                                                                                                                                                                0x100024e9
                                                                                                                                                                                                                                0x100024e0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100024bf
                                                                                                                                                                                                                                0x1000249b
                                                                                                                                                                                                                                0x100024a0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100024a0

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 100024F5
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 1000251F
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 10002537
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000010), ref: 10002546
                                                                                                                                                                                                                                • CLSIDFromString.OLE32(00000000,00000000), ref: 10002553
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 1000255A
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 1000258E
                                                                                                                                                                                                                                  • Part of subcall function 10001550: lstrcpyA.KERNEL32(00000000,?,10001607,?,100011A1,-000000A0), ref: 1000155A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1690752483.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690732782.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690765129.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690776803.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpylstrlen
                                                                                                                                                                                                                                • String ID: @us
                                                                                                                                                                                                                                • API String ID: 520554397-1473371200
                                                                                                                                                                                                                                • Opcode ID: 73698bcf168bc25748ca8d9a57d83aa9733e480b4e517d970f119df6c2bd3c01
                                                                                                                                                                                                                                • Instruction ID: 5e8646e4445d362173c86146a51869b75f136194909619477c3c659b9c9ef311
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73698bcf168bc25748ca8d9a57d83aa9733e480b4e517d970f119df6c2bd3c01
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5041BB71505B02DFF324CF248C94B6AB7F8FB443E2F614919F946DA189DB70E8808B66
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405DC8, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00405DC8(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056C6(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405684("*?|<>/\":", _t5))) == 0) {
							E004057FE(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                                                                                                                                0x00405dca
                                                                                                                                                                                                                                0x00405dd2
                                                                                                                                                                                                                                0x00405de6
                                                                                                                                                                                                                                0x00405de6
                                                                                                                                                                                                                                0x00405dec
                                                                                                                                                                                                                                0x00405df9
                                                                                                                                                                                                                                0x00405df9
                                                                                                                                                                                                                                0x00405dfa
                                                                                                                                                                                                                                0x00405dfc
                                                                                                                                                                                                                                0x00405e00
                                                                                                                                                                                                                                0x00405e02
                                                                                                                                                                                                                                0x00405e0b
                                                                                                                                                                                                                                0x00405e0d
                                                                                                                                                                                                                                0x00405e27
                                                                                                                                                                                                                                0x00405e2f
                                                                                                                                                                                                                                0x00405e2f
                                                                                                                                                                                                                                0x00405e34
                                                                                                                                                                                                                                0x00405e36
                                                                                                                                                                                                                                0x00405e38
                                                                                                                                                                                                                                0x00405e3c
                                                                                                                                                                                                                                0x00405e3d
                                                                                                                                                                                                                                0x00405e40
                                                                                                                                                                                                                                0x00405e48
                                                                                                                                                                                                                                0x00405e4a
                                                                                                                                                                                                                                0x00405e4e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405e54
                                                                                                                                                                                                                                0x00405e59
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405e59
                                                                                                                                                                                                                                0x00405e5e

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\mp3rocket.exe" ,C:\Users\user~1\AppData\Local\Temp\,00000000,00403214,C:\Users\user~1\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                                                                                                                                • CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                                                                                                                                • CharNextA.USER32(?,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\mp3rocket.exe" ,C:\Users\user~1\AppData\Local\Temp\,00000000,00403214,C:\Users\user~1\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                                                                                                                                • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\mp3rocket.exe" ,C:\Users\user~1\AppData\Local\Temp\,00000000,00403214,C:\Users\user~1\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\mp3rocket.exe" $*?|<>/":$C:\Users\user~1\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 589700163-4077594486
                                                                                                                                                                                                                                • Opcode ID: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                                                                                                                                                • Instruction ID: 3b6179abbfe29fc78842bf11aa846075366cc437f950451d76d565b88bc2b460
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0110861805B9129EB3227284C48BBB7F89CF66754F18447FD8C4722C2C67C5D429FAD
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403F7F, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00403F7F(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                                                                                                                                                0x00403f91
                                                                                                                                                                                                                                0x00404025
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404025
                                                                                                                                                                                                                                0x00403fa2
                                                                                                                                                                                                                                0x00403fa6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403fac
                                                                                                                                                                                                                                0x00403fb5
                                                                                                                                                                                                                                0x00403fb8
                                                                                                                                                                                                                                0x00403fb8
                                                                                                                                                                                                                                0x00403fbe
                                                                                                                                                                                                                                0x00403fc4
                                                                                                                                                                                                                                0x00403fc4
                                                                                                                                                                                                                                0x00403fd0
                                                                                                                                                                                                                                0x00403fd6
                                                                                                                                                                                                                                0x00403fdd
                                                                                                                                                                                                                                0x00403fe0
                                                                                                                                                                                                                                0x00403fe3
                                                                                                                                                                                                                                0x00403fe5
                                                                                                                                                                                                                                0x00403fe5
                                                                                                                                                                                                                                0x00403fed
                                                                                                                                                                                                                                0x00403ff3
                                                                                                                                                                                                                                0x00403ff3
                                                                                                                                                                                                                                0x00403ffd
                                                                                                                                                                                                                                0x00404002
                                                                                                                                                                                                                                0x00404005
                                                                                                                                                                                                                                0x0040400a
                                                                                                                                                                                                                                0x0040400d
                                                                                                                                                                                                                                0x0040400d
                                                                                                                                                                                                                                0x0040401d
                                                                                                                                                                                                                                0x0040401d
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                                                                                                • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                                                                                                                                • Instruction ID: 4cc26f8bf5fc777f430f8318c3ba194748f169832e683f7fcd21add738ba3f9d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C221C371904705ABCB209F78DD08B4BBBF8AF40711F048A29F992F26E0C738E904CB55
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004056C6(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E0040581E(_t52);
				_t27 = E0040583D(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4; // 0x11400
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031F1(_t47);
						E004031BF(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F18(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E004057FE( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F18(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                                                                                                                                                                0x0040267c
                                                                                                                                                                                                                                0x0040267e
                                                                                                                                                                                                                                0x0040268a
                                                                                                                                                                                                                                0x0040268d
                                                                                                                                                                                                                                0x00402697
                                                                                                                                                                                                                                0x0040269b
                                                                                                                                                                                                                                0x0040269b
                                                                                                                                                                                                                                0x004026a1
                                                                                                                                                                                                                                0x004026ae
                                                                                                                                                                                                                                0x004026b6
                                                                                                                                                                                                                                0x004026b9
                                                                                                                                                                                                                                0x004026bf
                                                                                                                                                                                                                                0x004026cd
                                                                                                                                                                                                                                0x004026d2
                                                                                                                                                                                                                                0x004026d6
                                                                                                                                                                                                                                0x004026d9
                                                                                                                                                                                                                                0x004026e2
                                                                                                                                                                                                                                0x004026ee
                                                                                                                                                                                                                                0x004026f2
                                                                                                                                                                                                                                0x004026f5
                                                                                                                                                                                                                                0x004026ff
                                                                                                                                                                                                                                0x0040271e
                                                                                                                                                                                                                                0x00402706
                                                                                                                                                                                                                                0x0040270b
                                                                                                                                                                                                                                0x00402713
                                                                                                                                                                                                                                0x00402716
                                                                                                                                                                                                                                0x0040271b
                                                                                                                                                                                                                                0x0040271b
                                                                                                                                                                                                                                0x00402725
                                                                                                                                                                                                                                0x00402725
                                                                                                                                                                                                                                0x00402737
                                                                                                                                                                                                                                0x0040273e
                                                                                                                                                                                                                                0x00402750
                                                                                                                                                                                                                                0x00402750
                                                                                                                                                                                                                                0x00402756
                                                                                                                                                                                                                                0x00402756
                                                                                                                                                                                                                                0x00402761
                                                                                                                                                                                                                                0x00402762
                                                                                                                                                                                                                                0x00402766
                                                                                                                                                                                                                                0x0040276a
                                                                                                                                                                                                                                0x00402770
                                                                                                                                                                                                                                0x00402770
                                                                                                                                                                                                                                0x00402777
                                                                                                                                                                                                                                0x00402164
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00011400,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 00402725
                                                                                                                                                                                                                                • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 0040273E
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3294113728-0
                                                                                                                                                                                                                                • Opcode ID: b8defe13902d58a52973a2e3f60156d7c1400e5746f24ef4cd0721e59596b3c4
                                                                                                                                                                                                                                • Instruction ID: 719c612f4f238206e278f6e296a81204df483451b361404a9b6a09c3536a307a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8defe13902d58a52973a2e3f60156d7c1400e5746f24ef4cd0721e59596b3c4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F831AD71C00128BBDF216FA4CD89DAE7E79EF08364F10423AF920772E0C6795D419BA8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404F04, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00404F04(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423684; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f54; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405B88(0, _t39, 0x41fc78, 0x41fc78, _a4);
					}
					_t26 = lstrlenA(0x41fc78);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc78);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc78;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc78)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc78, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                                                                                                                                0x00404f0a
                                                                                                                                                                                                                                0x00404f16
                                                                                                                                                                                                                                0x00404f19
                                                                                                                                                                                                                                0x00404f1f
                                                                                                                                                                                                                                0x00404f2b
                                                                                                                                                                                                                                0x00404f2e
                                                                                                                                                                                                                                0x00404f31
                                                                                                                                                                                                                                0x00404f37
                                                                                                                                                                                                                                0x00404f37
                                                                                                                                                                                                                                0x00404f3d
                                                                                                                                                                                                                                0x00404f45
                                                                                                                                                                                                                                0x00404f48
                                                                                                                                                                                                                                0x00404f65
                                                                                                                                                                                                                                0x00404f69
                                                                                                                                                                                                                                0x00404f72
                                                                                                                                                                                                                                0x00404f72
                                                                                                                                                                                                                                0x00404f7c
                                                                                                                                                                                                                                0x00404f85
                                                                                                                                                                                                                                0x00404f91
                                                                                                                                                                                                                                0x00404f98
                                                                                                                                                                                                                                0x00404f9c
                                                                                                                                                                                                                                0x00404f9f
                                                                                                                                                                                                                                0x00404fb2
                                                                                                                                                                                                                                0x00404fc0
                                                                                                                                                                                                                                0x00404fc0
                                                                                                                                                                                                                                0x00404fc4
                                                                                                                                                                                                                                0x00404fc6
                                                                                                                                                                                                                                0x00404fc9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404fc9
                                                                                                                                                                                                                                0x00404f4a
                                                                                                                                                                                                                                0x00404f52
                                                                                                                                                                                                                                0x00404f5a
                                                                                                                                                                                                                                0x00404f60
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404f60
                                                                                                                                                                                                                                0x00404f5a
                                                                                                                                                                                                                                0x00404f48
                                                                                                                                                                                                                                0x00404fd3

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                                                                                                                • lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                                                                                                                                                • SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 00404F98
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 00404FB2
                                                                                                                                                                                                                                • SendMessageA.USER32 ref: 00404FC0
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2531174081-0
                                                                                                                                                                                                                                • Opcode ID: c16ae44753e0492e8ebf0dec6d4426dfb74cf51d03073e062323e975129af71d
                                                                                                                                                                                                                                • Instruction ID: 33d69ec58002f5e3cec48cf4aa7ac502a1da6879986bf9ca4026f821734cd723
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c16ae44753e0492e8ebf0dec6d4426dfb74cf51d03073e062323e975129af71d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4219D71A00108BBDF119FA5CD849DEBFB9EB49354F14807AFA04B6290C3389E45CBA8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402BD3, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00402BD3(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41704c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41704c = 0;
					return _t15;
				}
				__eflags =  *0x41704c; // 0x0
				if(__eflags != 0) {
					return E00405EC1(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8; // 0xe036e
					if(__eflags == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B3B, 0);
						 *0x41704c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BB7());
						return E00404F04(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                                                                                                                                                                0x00402bdf
                                                                                                                                                                                                                                0x00402be1
                                                                                                                                                                                                                                0x00402be8
                                                                                                                                                                                                                                0x00402beb
                                                                                                                                                                                                                                0x00402beb
                                                                                                                                                                                                                                0x00402bf1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402bf1
                                                                                                                                                                                                                                0x00402bf9
                                                                                                                                                                                                                                0x00402bff
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402c02
                                                                                                                                                                                                                                0x00402c09
                                                                                                                                                                                                                                0x00402c0f
                                                                                                                                                                                                                                0x00402c15
                                                                                                                                                                                                                                0x00402c17
                                                                                                                                                                                                                                0x00402c1d
                                                                                                                                                                                                                                0x00402c5b
                                                                                                                                                                                                                                0x00402c64
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402c69
                                                                                                                                                                                                                                0x00402c1f
                                                                                                                                                                                                                                0x00402c26
                                                                                                                                                                                                                                0x00402c37
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402c45
                                                                                                                                                                                                                                0x00402c26
                                                                                                                                                                                                                                0x00402c71

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000), ref: 00402BEB
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00402C09
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00402C37
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404F98
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FB2
                                                                                                                                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32 ref: 00404FC0
                                                                                                                                                                                                                                • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C5B
                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 00402C69
                                                                                                                                                                                                                                  • Part of subcall function 00402BB7: MulDiv.KERNEL32(00032436,00000064,0002D010), ref: 00402BCC
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                                                • String ID: ... %d%%
                                                                                                                                                                                                                                • API String ID: 722711167-2449383134
                                                                                                                                                                                                                                • Opcode ID: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                                                                                                                                                • Instruction ID: c44cf6bb529b7c61e0c77009ed50883557557090b8ffabf6f859222ef57aaf40
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6016170949210EBD7215F61EE4DA9F7B78AB04701B14403BF502B11E5C6BC9A01CBAE
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004047D3, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E004047D3(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                                                                                                                                0x004047e1
                                                                                                                                                                                                                                0x004047ee
                                                                                                                                                                                                                                0x004047f4
                                                                                                                                                                                                                                0x00404832
                                                                                                                                                                                                                                0x00404832
                                                                                                                                                                                                                                0x00404841
                                                                                                                                                                                                                                0x00404848
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040484a
                                                                                                                                                                                                                                0x004047f6
                                                                                                                                                                                                                                0x00404805
                                                                                                                                                                                                                                0x0040480d
                                                                                                                                                                                                                                0x00404810
                                                                                                                                                                                                                                0x00404822
                                                                                                                                                                                                                                0x00404828
                                                                                                                                                                                                                                0x0040482f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040482f
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                • String ID: f
                                                                                                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                                                                                                                                • Instruction ID: 01d6173a61c3c3b4b037133c9a52f1e04ee3049876a8ff08b59bebc5d15cf036
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA018075D40218BADB00DB94CC41BFEBBBCAB55711F10412ABB00B61C0C3B46501CB95
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402B3B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BB7();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                                                                                                                                0x00402b48
                                                                                                                                                                                                                                0x00402b56
                                                                                                                                                                                                                                0x00402b5c
                                                                                                                                                                                                                                0x00402b5c
                                                                                                                                                                                                                                0x00402b6a
                                                                                                                                                                                                                                0x00402b6c
                                                                                                                                                                                                                                0x00402b78
                                                                                                                                                                                                                                0x00402b7d
                                                                                                                                                                                                                                0x00402b7f
                                                                                                                                                                                                                                0x00402b7f
                                                                                                                                                                                                                                0x00402b8a
                                                                                                                                                                                                                                0x00402b9a
                                                                                                                                                                                                                                0x00402bac
                                                                                                                                                                                                                                0x00402bac
                                                                                                                                                                                                                                0x00402bb4

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                                                • API String ID: 1451636040-1158693248
                                                                                                                                                                                                                                • Opcode ID: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                                                                                                                                                • Instruction ID: 39266fd7d8b3d51d4259f470751267aa52f8e49dbca779dff7f29341b6a717b4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AFF03671900109ABEF255F51DD0ABEE3779FB00305F008036FA05B51D1D7F9AA559F99
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 030C1021, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 16%
                                                                                                                                                                                                                                			E030C1021(void* __eflags, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char* _v28;
				signed int _v32;
				char _v36;
				char _v296;
				char _v556;
				char _v1580;
				char* _t35;
				char* _t36;
				void* _t37;
				char* _t39;

				 *0x30c50dc = _a8;
				 *0x30c50e0 = _a16;
				 *0x30c50e4 = _a12;
				if(E030C1DD9( &_v1580, 0x104) != 0 || E030C1DD9( &_v556, 0x400) != 0) {
					L3:
					return E030C1E27("error");
				} else {
					_v32 = _v32 & 0x00000000;
					_v36 = _a4;
					_v28 =  &_v296;
					_v8 = _v8 & 0x00000000;
					_v24 =  &_v1580;
					_v20 = 0x45;
					_v12 =  &_v556;
					_t35 =  &_v36;
					_v16 = E030C1000;
					__imp__SHBrowseForFolderA(_t35);
					_t39 = _t35;
					if(_t39 != 0) {
						_t36 =  &_v296;
						__imp__SHGetPathFromIDListA(_t39, _t36);
						if(_t36 == 0) {
							_push("error");
						} else {
							_push( &_v296);
						}
						_t37 = E030C1E27();
						__imp__CoTaskMemFree();
						return _t37;
					}
					goto L3;
				}
			}


















                                                                                                                                                                                                                                0x030c102e
                                                                                                                                                                                                                                0x030c1036
                                                                                                                                                                                                                                0x030c103e
                                                                                                                                                                                                                                0x030c1056
                                                                                                                                                                                                                                0x030c10b4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c106d
                                                                                                                                                                                                                                0x030c1070
                                                                                                                                                                                                                                0x030c1074
                                                                                                                                                                                                                                0x030c107d
                                                                                                                                                                                                                                0x030c1086
                                                                                                                                                                                                                                0x030c108a
                                                                                                                                                                                                                                0x030c1093
                                                                                                                                                                                                                                0x030c109a
                                                                                                                                                                                                                                0x030c109d
                                                                                                                                                                                                                                0x030c10a1
                                                                                                                                                                                                                                0x030c10a8
                                                                                                                                                                                                                                0x030c10ae
                                                                                                                                                                                                                                0x030c10b2
                                                                                                                                                                                                                                0x030c10c0
                                                                                                                                                                                                                                0x030c10c8
                                                                                                                                                                                                                                0x030c10d0
                                                                                                                                                                                                                                0x030c10db
                                                                                                                                                                                                                                0x030c10d2
                                                                                                                                                                                                                                0x030c10d8
                                                                                                                                                                                                                                0x030c10d8
                                                                                                                                                                                                                                0x030c10e0
                                                                                                                                                                                                                                0x030c10e6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c10e6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c10b2

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 030C1DD9: lstrcpynA.KERNEL32(030C1054,?,?,?,030C1054,?), ref: 030C1E06
                                                                                                                                                                                                                                  • Part of subcall function 030C1DD9: GlobalFree.KERNEL32 ref: 030C1E16
                                                                                                                                                                                                                                • SHBrowseForFolderA.SHELL32(?,?,00000400,?,00000104), ref: 030C10A8
                                                                                                                                                                                                                                • SHGetPathFromIDListA.SHELL32(00000000,?), ref: 030C10C8
                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,error), ref: 030C10E6
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1675900869.00000000030C1000.00000020.00020000.sdmp, Offset: 030C0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675875391.00000000030C0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675927376.00000000030C3000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675953768.00000000030C4000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675968346.00000000030C7000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_30c0000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Free$BrowseFolderFromGlobalListPathTasklstrcpyn
                                                                                                                                                                                                                                • String ID: E$error
                                                                                                                                                                                                                                • API String ID: 1728609016-2359134700
                                                                                                                                                                                                                                • Opcode ID: 1424bacde691d1fbe9055d62e50459ad2686ae120e77061e9efb76346282e25e
                                                                                                                                                                                                                                • Instruction ID: f70bb8d83d4e4630854fbaab3c7da0322918bacb849ab935b896c9c03897bb70
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1424bacde691d1fbe9055d62e50459ad2686ae120e77061e9efb76346282e25e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB218EB59222989FCB51EF92DC44BDE77FCAF08340F20419AE545E7101E778D6448FA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401D1B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 67%
                                                                                                                                                                                                                                			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af74->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af84 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af8b = 1;
				 *0x40af88 = _t11 & 0x00000001;
				 *0x40af89 = _t11 & 0x00000002;
				 *0x40af8a = _t11 & 0x00000004;
				E00405B88(_t18, _t24, _t26, "MS Shell Dlg",  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af74);
				_push(_t14);
				_push(_t26);
				E00405AC4();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                                                                                                                                                                0x00401d29
                                                                                                                                                                                                                                0x00401d42
                                                                                                                                                                                                                                0x00401d4c
                                                                                                                                                                                                                                0x00401d51
                                                                                                                                                                                                                                0x00401d5c
                                                                                                                                                                                                                                0x00401d63
                                                                                                                                                                                                                                0x00401d75
                                                                                                                                                                                                                                0x00401d7b
                                                                                                                                                                                                                                0x00401d80
                                                                                                                                                                                                                                0x00401d8a
                                                                                                                                                                                                                                0x004024b8
                                                                                                                                                                                                                                0x00401561
                                                                                                                                                                                                                                0x00402833
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 00401D22
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                                                                                                                                • CreateFontIndirectA.GDI32(0040AF74), ref: 00401D8A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CapsCreateDeviceFontIndirect
                                                                                                                                                                                                                                • String ID: MS Shell Dlg
                                                                                                                                                                                                                                • API String ID: 3272661963-76309092
                                                                                                                                                                                                                                • Opcode ID: d8d00129a0c809e423feca600faf407eaf54c466d4b244af4f30760ff25f5d33
                                                                                                                                                                                                                                • Instruction ID: d83410998d1654a5337f8c322709d39cf2ce3a8a4f0330bc6585c9693e616625
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8d00129a0c809e423feca600faf407eaf54c466d4b244af4f30760ff25f5d33
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1F044F1A45342AEE7016770AE0ABA93B649725306F100576F541BA1E2C5BC10149B7F
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 10001ADF, Relevance: 7.7, APIs: 5, Instructions: 190COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 97%
                                                                                                                                                                                                                                			E10001ADF(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v148;
				void _t46;
				void _t47;
				signed int _t48;
				signed int _t49;
				signed int _t58;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				signed int _t78;
				void* _t82;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				void* _t102;

				_t86 = __edx;
				 *0x10004058 = _a8;
				_t78 = 0;
				 *0x1000405c = _a16;
				_v8 = 0;
				_a16 = E10001561();
				_a8 = E10001561();
				_t91 = E10001641(_a16);
				_t82 = _a8;
				_t88 = _t86;
				_t46 =  *_t82;
				if(_t46 != 0x7e && _t46 != 0x21) {
					_v16 = E10001561();
					_t78 = E10001641(_t75);
					_v8 = _t86;
					GlobalFree(_v16);
					_t82 = _a8;
				}
				_t47 =  *_t82;
				_t102 = _t47 - 0x2f;
				if(_t102 > 0) {
					_t48 = _t47 - 0x3c;
					__eflags = _t48;
					if(_t48 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x3c;
						if( *((char*)(_t82 + 1)) != 0x3c) {
							__eflags = _t88 - _v8;
							if(__eflags > 0) {
								L54:
								_t49 = 0;
								__eflags = 0;
								L55:
								asm("cdq");
								L56:
								_t91 = _t49;
								_t88 = _t86;
								L57:
								E1000176C(_t86, _t91, _t88,  &_v148);
								E1000159E( &_v148);
								GlobalFree(_a16);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L47:
								__eflags = 0;
								L48:
								_t49 = 1;
								goto L55;
							}
							__eflags = _t91 - _t78;
							if(_t91 < _t78) {
								goto L47;
							}
							goto L54;
						}
						_t86 = _t88;
						_t49 = E10002BF0(_t91, _t78, _t86);
						goto L56;
					}
					_t58 = _t48 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags = _t91 - _t78;
						if(_t91 != _t78) {
							goto L54;
						}
						__eflags = _t88 - _v8;
						if(_t88 != _v8) {
							goto L54;
						}
						goto L47;
					}
					_t59 = _t58 - 1;
					__eflags = _t59;
					if(_t59 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x3e;
						if( *((char*)(_t82 + 1)) != 0x3e) {
							__eflags = _t88 - _v8;
							if(__eflags < 0) {
								goto L54;
							}
							if(__eflags > 0) {
								goto L47;
							}
							__eflags = _t91 - _t78;
							if(_t91 <= _t78) {
								goto L54;
							}
							goto L47;
						}
						_t86 = _t88;
						_t49 = E10002C10(_t91, _t78, _t86);
						goto L56;
					}
					_t61 = _t59 - 0x20;
					__eflags = _t61;
					if(_t61 == 0) {
						_t91 = _t91 ^ _t78;
						_t88 = _t88 ^ _v8;
						goto L57;
					}
					_t62 = _t61 - 0x1e;
					__eflags = _t62;
					if(_t62 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x7c;
						if( *((char*)(_t82 + 1)) != 0x7c) {
							_t91 = _t91 | _t78;
							_t88 = _t88 | _v8;
							goto L57;
						}
						__eflags = _t91 | _t88;
						if((_t91 | _t88) != 0) {
							goto L47;
						}
						__eflags = _t78 | _v8;
						if((_t78 | _v8) != 0) {
							goto L47;
						}
						goto L54;
					}
					__eflags = _t62 == 0;
					if(_t62 == 0) {
						_t91 =  !_t91;
						_t88 =  !_t88;
					}
					goto L57;
				}
				if(_t102 == 0) {
					L21:
					__eflags = _t78 | _v8;
					if((_t78 | _v8) != 0) {
						_v20 = E10002A80(_t91, _t88, _t78, _v8);
						_v16 = _t86;
						_t49 = E10002B30(_t91, _t88, _t78, _v8);
						_t82 = _a8;
					} else {
						_v20 = _v20 & 0x00000000;
						_v16 = _v16 & 0x00000000;
						_t49 = _t91;
						_t86 = _t88;
					}
					__eflags =  *_t82 - 0x2f;
					if( *_t82 != 0x2f) {
						goto L56;
					} else {
						_t91 = _v20;
						_t88 = _v16;
						goto L57;
					}
				}
				_t68 = _t47 - 0x21;
				if(_t68 == 0) {
					_t49 = 0;
					__eflags = _t91 | _t88;
					if((_t91 | _t88) != 0) {
						goto L55;
					}
					goto L48;
				}
				_t69 = _t68 - 4;
				if(_t69 == 0) {
					goto L21;
				}
				_t70 = _t69 - 1;
				if(_t70 == 0) {
					__eflags =  *((char*)(_t82 + 1)) - 0x26;
					if( *((char*)(_t82 + 1)) != 0x26) {
						_t91 = _t91 & _t78;
						_t88 = _t88 & _v8;
						goto L57;
					}
					__eflags = _t91 | _t88;
					if((_t91 | _t88) == 0) {
						goto L54;
					}
					__eflags = _t78 | _v8;
					if((_t78 | _v8) == 0) {
						goto L54;
					}
					goto L47;
				}
				_t71 = _t70 - 4;
				if(_t71 == 0) {
					_t49 = E10002A40(_t91, _t88, _t78, _v8);
					goto L56;
				} else {
					_t72 = _t71 - 1;
					if(_t72 == 0) {
						_t91 = _t91 + _t78;
						asm("adc edi, [ebp-0x4]");
					} else {
						if(_t72 == 0) {
							_t91 = _t91 - _t78;
							asm("sbb edi, [ebp-0x4]");
						}
					}
					goto L57;
				}
			}


























                                                                                                                                                                                                                                0x10001adf
                                                                                                                                                                                                                                0x10001aec
                                                                                                                                                                                                                                0x10001af5
                                                                                                                                                                                                                                0x10001af8
                                                                                                                                                                                                                                0x10001afd
                                                                                                                                                                                                                                0x10001b05
                                                                                                                                                                                                                                0x10001b10
                                                                                                                                                                                                                                0x10001b19
                                                                                                                                                                                                                                0x10001b1b
                                                                                                                                                                                                                                0x10001b1e
                                                                                                                                                                                                                                0x10001b20
                                                                                                                                                                                                                                0x10001b24
                                                                                                                                                                                                                                0x10001b30
                                                                                                                                                                                                                                0x10001b39
                                                                                                                                                                                                                                0x10001b3e
                                                                                                                                                                                                                                0x10001b41
                                                                                                                                                                                                                                0x10001b47
                                                                                                                                                                                                                                0x10001b47
                                                                                                                                                                                                                                0x10001b4a
                                                                                                                                                                                                                                0x10001b4d
                                                                                                                                                                                                                                0x10001b50
                                                                                                                                                                                                                                0x10001c16
                                                                                                                                                                                                                                0x10001c16
                                                                                                                                                                                                                                0x10001c19
                                                                                                                                                                                                                                0x10001c82
                                                                                                                                                                                                                                0x10001c86
                                                                                                                                                                                                                                0x10001c95
                                                                                                                                                                                                                                0x10001c98
                                                                                                                                                                                                                                0x10001ca0
                                                                                                                                                                                                                                0x10001ca0
                                                                                                                                                                                                                                0x10001ca0
                                                                                                                                                                                                                                0x10001ca2
                                                                                                                                                                                                                                0x10001ca2
                                                                                                                                                                                                                                0x10001ca3
                                                                                                                                                                                                                                0x10001ca3
                                                                                                                                                                                                                                0x10001ca5
                                                                                                                                                                                                                                0x10001ca7
                                                                                                                                                                                                                                0x10001cb0
                                                                                                                                                                                                                                0x10001cbc
                                                                                                                                                                                                                                0x10001ccd
                                                                                                                                                                                                                                0x10001cd8
                                                                                                                                                                                                                                0x10001cd8
                                                                                                                                                                                                                                0x10001c9a
                                                                                                                                                                                                                                0x10001c7d
                                                                                                                                                                                                                                0x10001c7d
                                                                                                                                                                                                                                0x10001c7f
                                                                                                                                                                                                                                0x10001c7f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c7f
                                                                                                                                                                                                                                0x10001c9c
                                                                                                                                                                                                                                0x10001c9e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c9e
                                                                                                                                                                                                                                0x10001c8a
                                                                                                                                                                                                                                0x10001c8e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c8e
                                                                                                                                                                                                                                0x10001c1b
                                                                                                                                                                                                                                0x10001c1b
                                                                                                                                                                                                                                0x10001c1c
                                                                                                                                                                                                                                0x10001c74
                                                                                                                                                                                                                                0x10001c76
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c78
                                                                                                                                                                                                                                0x10001c7b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c7b
                                                                                                                                                                                                                                0x10001c1e
                                                                                                                                                                                                                                0x10001c1e
                                                                                                                                                                                                                                0x10001c1f
                                                                                                                                                                                                                                0x10001c54
                                                                                                                                                                                                                                0x10001c58
                                                                                                                                                                                                                                0x10001c67
                                                                                                                                                                                                                                0x10001c6a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c6c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c6e
                                                                                                                                                                                                                                0x10001c70
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c72
                                                                                                                                                                                                                                0x10001c5c
                                                                                                                                                                                                                                0x10001c60
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c60
                                                                                                                                                                                                                                0x10001c21
                                                                                                                                                                                                                                0x10001c21
                                                                                                                                                                                                                                0x10001c24
                                                                                                                                                                                                                                0x10001c4d
                                                                                                                                                                                                                                0x10001c4f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c4f
                                                                                                                                                                                                                                0x10001c26
                                                                                                                                                                                                                                0x10001c26
                                                                                                                                                                                                                                0x10001c29
                                                                                                                                                                                                                                0x10001c35
                                                                                                                                                                                                                                0x10001c39
                                                                                                                                                                                                                                0x10001c46
                                                                                                                                                                                                                                0x10001c48
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c48
                                                                                                                                                                                                                                0x10001c3b
                                                                                                                                                                                                                                0x10001c3d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c3f
                                                                                                                                                                                                                                0x10001c42
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c44
                                                                                                                                                                                                                                0x10001c2c
                                                                                                                                                                                                                                0x10001c2d
                                                                                                                                                                                                                                0x10001c2f
                                                                                                                                                                                                                                0x10001c31
                                                                                                                                                                                                                                0x10001c31
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c2d
                                                                                                                                                                                                                                0x10001b56
                                                                                                                                                                                                                                0x10001bce
                                                                                                                                                                                                                                0x10001bd0
                                                                                                                                                                                                                                0x10001bd3
                                                                                                                                                                                                                                0x10001bf1
                                                                                                                                                                                                                                0x10001bf4
                                                                                                                                                                                                                                0x10001bfa
                                                                                                                                                                                                                                0x10001bff
                                                                                                                                                                                                                                0x10001bd5
                                                                                                                                                                                                                                0x10001bd5
                                                                                                                                                                                                                                0x10001bd9
                                                                                                                                                                                                                                0x10001bdd
                                                                                                                                                                                                                                0x10001bdf
                                                                                                                                                                                                                                0x10001bdf
                                                                                                                                                                                                                                0x10001c02
                                                                                                                                                                                                                                0x10001c05
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c0b
                                                                                                                                                                                                                                0x10001c0b
                                                                                                                                                                                                                                0x10001c0e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001c0e
                                                                                                                                                                                                                                0x10001c05
                                                                                                                                                                                                                                0x10001b58
                                                                                                                                                                                                                                0x10001b5b
                                                                                                                                                                                                                                0x10001bbf
                                                                                                                                                                                                                                0x10001bc1
                                                                                                                                                                                                                                0x10001bc3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001bc9
                                                                                                                                                                                                                                0x10001b5d
                                                                                                                                                                                                                                0x10001b60
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001b62
                                                                                                                                                                                                                                0x10001b63
                                                                                                                                                                                                                                0x10001b99
                                                                                                                                                                                                                                0x10001b9d
                                                                                                                                                                                                                                0x10001bb5
                                                                                                                                                                                                                                0x10001bb7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001bb7
                                                                                                                                                                                                                                0x10001b9f
                                                                                                                                                                                                                                0x10001ba1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001ba7
                                                                                                                                                                                                                                0x10001baa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001bb0
                                                                                                                                                                                                                                0x10001b65
                                                                                                                                                                                                                                0x10001b68
                                                                                                                                                                                                                                0x10001b8f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001b6a
                                                                                                                                                                                                                                0x10001b6a
                                                                                                                                                                                                                                0x10001b6b
                                                                                                                                                                                                                                0x10001b7f
                                                                                                                                                                                                                                0x10001b81
                                                                                                                                                                                                                                0x10001b6d
                                                                                                                                                                                                                                0x10001b6f
                                                                                                                                                                                                                                0x10001b75
                                                                                                                                                                                                                                0x10001b77
                                                                                                                                                                                                                                0x10001b77
                                                                                                                                                                                                                                0x10001b6f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001b6b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                                                                                                                                  • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 10001B41
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 10001CCD
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 10001CD2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1690752483.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690732782.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690765129.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690776803.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeGlobal$lstrcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 176019282-0
                                                                                                                                                                                                                                • Opcode ID: 16e7fc8dfb2109add019363551953530b2221b6c08ce197826e595f4a50a0593
                                                                                                                                                                                                                                • Instruction ID: ec181f717125864b891e508b79773b0a6be540bcfc5555760108aa08b7b6b632
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16e7fc8dfb2109add019363551953530b2221b6c08ce197826e595f4a50a0593
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD510332D84159EBFB22CFA48880EEDB7E5EF812C4FA24159E801A311DD771EE009B52
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                			E00402A36(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423f50; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A36(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405E88(2);
					if(_t27 == 0) {
						__eflags =  *0x423f50; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}










                                                                                                                                                                                                                                0x00402a46
                                                                                                                                                                                                                                0x00402a57
                                                                                                                                                                                                                                0x00402a5f
                                                                                                                                                                                                                                0x00402a87
                                                                                                                                                                                                                                0x00402a6e
                                                                                                                                                                                                                                0x00402a71
                                                                                                                                                                                                                                0x00402ac1
                                                                                                                                                                                                                                0x00402ac7
                                                                                                                                                                                                                                0x00402ac9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402ac9
                                                                                                                                                                                                                                0x00402a7e
                                                                                                                                                                                                                                0x00402a83
                                                                                                                                                                                                                                0x00402a85
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402a85
                                                                                                                                                                                                                                0x00402a9c
                                                                                                                                                                                                                                0x00402aa4
                                                                                                                                                                                                                                0x00402aab
                                                                                                                                                                                                                                0x00402ad1
                                                                                                                                                                                                                                0x00402ad7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402adf
                                                                                                                                                                                                                                0x00402ae5
                                                                                                                                                                                                                                0x00402ae7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402ae7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00402aba
                                                                                                                                                                                                                                0x00402ace

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A57
                                                                                                                                                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                                                                                                                                                                • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1912718029-0
                                                                                                                                                                                                                                • Opcode ID: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                                                                                                                                                • Instruction ID: 3ec7b1818cbfc33efeafaf7017db19c7c479205e5d6f4ff66fb244667a93d6f3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93112971A00009FFDF319F90DE49EAF7B7DEB44385B104436F905A10A0DBB59E51AE69
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004046F1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 51%
                                                                                                                                                                                                                                			E004046F1(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405B88(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405B88(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405B88(_t34, 0, 0x4204a0, 0x4204a0, _a8);
				wsprintfA(_t26 + lstrlenA(0x4204a0), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423678, _a4, 0x4204a0);
			}













                                                                                                                                                                                                                                0x004046f9
                                                                                                                                                                                                                                0x004046fd
                                                                                                                                                                                                                                0x00404705
                                                                                                                                                                                                                                0x00404708
                                                                                                                                                                                                                                0x00404709
                                                                                                                                                                                                                                0x0040470b
                                                                                                                                                                                                                                0x0040470d
                                                                                                                                                                                                                                0x00404710
                                                                                                                                                                                                                                0x00404710
                                                                                                                                                                                                                                0x00404717
                                                                                                                                                                                                                                0x0040471d
                                                                                                                                                                                                                                0x0040471d
                                                                                                                                                                                                                                0x00404724
                                                                                                                                                                                                                                0x0040472f
                                                                                                                                                                                                                                0x00404730
                                                                                                                                                                                                                                0x00404733
                                                                                                                                                                                                                                0x00404733
                                                                                                                                                                                                                                0x00404740
                                                                                                                                                                                                                                0x0040474b
                                                                                                                                                                                                                                0x0040474e
                                                                                                                                                                                                                                0x00404760
                                                                                                                                                                                                                                0x00404767
                                                                                                                                                                                                                                0x00404768
                                                                                                                                                                                                                                0x00404777
                                                                                                                                                                                                                                0x00404787
                                                                                                                                                                                                                                0x004047a3

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(004204A0,004204A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404611,000000DF,0000040F,00000400,00000000), ref: 0040477F
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00404787
                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,004204A0), ref: 0040479A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                • String ID: %u.%u%s%s
                                                                                                                                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                • Opcode ID: 87794c8f90da6e594bd2e0cae66498bbfb5b9cbb1a5c5e50d1da5967a7fbc4b5
                                                                                                                                                                                                                                • Instruction ID: e1128f73888b2767c9277aed1687fd20c93e739cc52df1aac9c0a45a5a8dde9d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87794c8f90da6e594bd2e0cae66498bbfb5b9cbb1a5c5e50d1da5967a7fbc4b5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7311E2736001243BDB10666D9C46EEF3699DBC6335F14423BFA25F61D1E938AC5286A8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00403978, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00403978(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405ADD(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423eb0; // 0x5405b0
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E00405AC4(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420478, E00405B88(_t13, _t24, _t26, "MP3 Rocket 6.2.4 Setup", 0xfffffffe));
						_t11 =  *0x423ecc; // 0x6
						_t27 =  *0x423ec8; // 0x54089c
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x5408b4
								_t11 = E00405B88(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                                                                                                                                                                                                                0x0040397c
                                                                                                                                                                                                                                0x00403981
                                                                                                                                                                                                                                0x00403987
                                                                                                                                                                                                                                0x0040398c
                                                                                                                                                                                                                                0x0040398c
                                                                                                                                                                                                                                0x00403994
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403996
                                                                                                                                                                                                                                0x0040399c
                                                                                                                                                                                                                                0x004039a4
                                                                                                                                                                                                                                0x004039a6
                                                                                                                                                                                                                                0x004039ac
                                                                                                                                                                                                                                0x004039ac
                                                                                                                                                                                                                                0x004039ae
                                                                                                                                                                                                                                0x004039ba
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004039be
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004039c0
                                                                                                                                                                                                                                0x004039c5
                                                                                                                                                                                                                                0x004039ce
                                                                                                                                                                                                                                0x004039d4
                                                                                                                                                                                                                                0x004039d9
                                                                                                                                                                                                                                0x004039ed
                                                                                                                                                                                                                                0x004039f8
                                                                                                                                                                                                                                0x00403a10
                                                                                                                                                                                                                                0x00403a16
                                                                                                                                                                                                                                0x00403a1b
                                                                                                                                                                                                                                0x00403a23
                                                                                                                                                                                                                                0x00403a44
                                                                                                                                                                                                                                0x00403a44
                                                                                                                                                                                                                                0x00403a44
                                                                                                                                                                                                                                0x00403a25
                                                                                                                                                                                                                                0x00403a27
                                                                                                                                                                                                                                0x00403a27
                                                                                                                                                                                                                                0x00403a2b
                                                                                                                                                                                                                                0x00403a2e
                                                                                                                                                                                                                                0x00403a32
                                                                                                                                                                                                                                0x00403a32
                                                                                                                                                                                                                                0x00403a37
                                                                                                                                                                                                                                0x00403a3d
                                                                                                                                                                                                                                0x00403a3d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00403a27
                                                                                                                                                                                                                                0x004039db
                                                                                                                                                                                                                                0x004039e0
                                                                                                                                                                                                                                0x004039e9
                                                                                                                                                                                                                                0x004039e2
                                                                                                                                                                                                                                0x004039e2
                                                                                                                                                                                                                                0x004039e2
                                                                                                                                                                                                                                0x004039e0

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetWindowTextA.USER32(00000000,MP3 Rocket 6.2.4 Setup), ref: 00403A10
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: TextWindow
                                                                                                                                                                                                                                • String ID: 1033$C:\Users\user~1\AppData\Local\Temp\$MP3 Rocket 6.2.4 Setup
                                                                                                                                                                                                                                • API String ID: 530164218-913410089
                                                                                                                                                                                                                                • Opcode ID: 9a42cbf8a28c659a92ce9de243ac321228f9f300189a9516546428ecdf00a219
                                                                                                                                                                                                                                • Instruction ID: 09623374405f0611f065d620c03919b516a5f167df25bc0d5edc66fe9dc562c0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a42cbf8a28c659a92ce9de243ac321228f9f300189a9516546428ecdf00a219
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F611C2B1B005109BC730DF15D880A73767DEB84716369413BE94167391C77EAE028E58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 030C1480, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E030C1480(void* __eflags, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				void* _t8;

				_t8 = E030C13C6(_a4);
				if(_t8 != 0) {
					if(_a8 != 0x20) {
						return CallWindowProcA( *(_t8 + 0x414), _a4, _a8, _a12, _a16);
					}
					SetCursor(LoadCursorA(0, 0x7f89));
					return 1;
				}
				return _t8;
			}




                                                                                                                                                                                                                                0x030c1486
                                                                                                                                                                                                                                0x030c148d
                                                                                                                                                                                                                                0x030c1493
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c14c0
                                                                                                                                                                                                                                0x030c14a3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c14ab
                                                                                                                                                                                                                                0x030c14c7

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 030C13C6: GetPropA.USER32 ref: 030C13CF
                                                                                                                                                                                                                                • LoadCursorA.USER32 ref: 030C149C
                                                                                                                                                                                                                                • SetCursor.USER32(00000000,?,?,?), ref: 030C14A3
                                                                                                                                                                                                                                • CallWindowProcA.USER32 ref: 030C14C0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1675900869.00000000030C1000.00000020.00020000.sdmp, Offset: 030C0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675875391.00000000030C0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675927376.00000000030C3000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675953768.00000000030C4000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675968346.00000000030C7000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_30c0000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Cursor$CallLoadProcPropWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1635134901-3916222277
                                                                                                                                                                                                                                • Opcode ID: b3ff8d3487819fef7fbb5f7885d967005070109c886157558d011847a2218c78
                                                                                                                                                                                                                                • Instruction ID: ef67cc85e4e54f74a757dfea42f18cacdb16a9f8c56b4f62dd4ad7efc4c9c236
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3ff8d3487819fef7fbb5f7885d967005070109c886157558d011847a2218c78
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78E06D3656624DFFCF11AFA0DC14AED3BA9AF08351F04C464FA0998461C779C060EFA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00405659, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00405659(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                                                                                                                                                                0x0040565a
                                                                                                                                                                                                                                0x00405671
                                                                                                                                                                                                                                0x00405679
                                                                                                                                                                                                                                0x00405679
                                                                                                                                                                                                                                0x00405681

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,00403226,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403386), ref: 0040565F
                                                                                                                                                                                                                                • CharPrevA.USER32(?,00000000,?,C:\Users\user~1\AppData\Local\Temp\,00403226,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00000000,00403386), ref: 00405668
                                                                                                                                                                                                                                • lstrcatA.KERNEL32(?,00409010), ref: 00405679
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405659
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\
                                                                                                                                                                                                                                • API String ID: 2659869361-2382934351
                                                                                                                                                                                                                                • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                                                                • Instruction ID: d5422d5486d5b384c4dcc02911800b35c31fcf4388d9dde419d5dff5703c7688
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8BD05272605A202ED2022A258C05E9B7A28CF06311B044866B540B2292C6386D818AEE
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 030C1329, Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                                                                			E030C1329(CHAR* _a4, int _a8, intOrPtr _a12) {
				struct tagRECT _v20;
				char _t31;
				long _t32;
				CHAR* _t33;
				int _t34;

				_t33 = _a4;
				_t31 =  *(CharPrevA(_t33,  &(_t33[lstrlenA(_t33)])));
				_t34 = E030C1E6C(_t33);
				if(_t31 != 0x25) {
					if(_t31 != 0x75) {
						if(_t34 >= 0) {
							return _t34;
						}
						return _a8 + _t34;
					}
					_v20.bottom = _v20.bottom & 0x00000000;
					_v20.right = _v20.right & 0x00000000;
					_v20.top = _t34;
					_v20.left = _t34;
					MapDialogRect( *0x30c50c4,  &_v20);
					if(_a12 == 0) {
						if(_t34 < 0) {
							_t32 = _v20.left;
							L12:
							return _a8 + _t32;
						}
						return _v20.left;
					}
					if(_t34 < 0) {
						_t32 = _v20.top;
						goto L12;
					}
					return _v20.top;
				}
				_push(0x64);
				if(_t34 < 0) {
					_t34 = _t34 + 0x64;
				}
				return MulDiv(_a8, _t34, ??);
			}








                                                                                                                                                                                                                                0x030c1331
                                                                                                                                                                                                                                0x030c1345
                                                                                                                                                                                                                                0x030c1350
                                                                                                                                                                                                                                0x030c1352
                                                                                                                                                                                                                                0x030c136c
                                                                                                                                                                                                                                0x030c13b5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c13be
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c13ba
                                                                                                                                                                                                                                0x030c136e
                                                                                                                                                                                                                                0x030c1372
                                                                                                                                                                                                                                0x030c1379
                                                                                                                                                                                                                                0x030c137d
                                                                                                                                                                                                                                0x030c1386
                                                                                                                                                                                                                                0x030c1390
                                                                                                                                                                                                                                0x030c13a2
                                                                                                                                                                                                                                0x030c13a9
                                                                                                                                                                                                                                0x030c13ac
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c13af
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c13a4
                                                                                                                                                                                                                                0x030c1394
                                                                                                                                                                                                                                0x030c139b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c139b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x030c1396
                                                                                                                                                                                                                                0x030c1356
                                                                                                                                                                                                                                0x030c1358
                                                                                                                                                                                                                                0x030c135a
                                                                                                                                                                                                                                0x030c135a
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(76D24F20,00000400,?,00000400,?,76D24F20,00000000), ref: 030C1335
                                                                                                                                                                                                                                • CharPrevA.USER32(76D24F20,00000000,?,76D24F20,00000000), ref: 030C133F
                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,00000000,00000064), ref: 030C1361
                                                                                                                                                                                                                                • MapDialogRect.USER32(76D24F20,76D24F20), ref: 030C1386
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1675900869.00000000030C1000.00000020.00020000.sdmp, Offset: 030C0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675875391.00000000030C0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675927376.00000000030C3000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675953768.00000000030C4000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1675968346.00000000030C7000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_30c0000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharDialogPrevRectlstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3411278111-0
                                                                                                                                                                                                                                • Opcode ID: 55bb39d303c371b3e85c22ba7f405ca98e754059102a55587c87e8323f884816
                                                                                                                                                                                                                                • Instruction ID: 64710729d994ec3208b8bddd6e4625c164ccc95a9df02e45249315b2ee16e2ca
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55bb39d303c371b3e85c22ba7f405ca98e754059102a55587c87e8323f884816
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C115439D33568ABCB15DB44C804BEE7BB8AF01759F044559E815A7642C3389900C7D8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E00405AC4(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405AC4(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                                                                                                                                                                                0x00401ec7
                                                                                                                                                                                                                                0x00401ecf
                                                                                                                                                                                                                                0x00401ed4
                                                                                                                                                                                                                                0x00401ed9
                                                                                                                                                                                                                                0x00401edd
                                                                                                                                                                                                                                0x00401ee0
                                                                                                                                                                                                                                0x00401ee2
                                                                                                                                                                                                                                0x00401ee9
                                                                                                                                                                                                                                0x00401ef2
                                                                                                                                                                                                                                0x00401efa
                                                                                                                                                                                                                                0x00401efd
                                                                                                                                                                                                                                0x00401f12
                                                                                                                                                                                                                                0x00401f18
                                                                                                                                                                                                                                0x00401f2b
                                                                                                                                                                                                                                0x00401f34
                                                                                                                                                                                                                                0x00401f40
                                                                                                                                                                                                                                0x00401f45
                                                                                                                                                                                                                                0x00401f45
                                                                                                                                                                                                                                0x00401f2b
                                                                                                                                                                                                                                0x00401f48
                                                                                                                                                                                                                                0x00401b75
                                                                                                                                                                                                                                0x00401b75
                                                                                                                                                                                                                                0x00401efd
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                                                                                                                                                • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                                                                                                                                                • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                                                                                                                                                  • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1404258612-0
                                                                                                                                                                                                                                • Opcode ID: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                                                                                                                                                • Instruction ID: 178fa6cf4330108057832d0c189c0e5a27020503733a18e797ef1cc5e9d7aef6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52113A71A00108BEDB01EFA5DD819AEBBB9EB48344B20853AF501F61E1D7389A54DB28
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004056ED, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E004056ED(CHAR* _a4) {
				CHAR* _t3;
				char* _t5;
				CHAR* _t7;
				CHAR* _t8;
				void* _t10;

				_t8 = _a4;
				_t7 = CharNextA(_t8);
				_t3 = CharNextA(_t7);
				if( *_t8 == 0 ||  *_t7 != 0x5c3a) {
					if( *_t8 != 0x5c5c) {
						L8:
						return 0;
					}
					_t10 = 2;
					while(1) {
						_t10 = _t10 - 1;
						_t5 = E00405684(_t3, 0x5c);
						if( *_t5 == 0) {
							goto L8;
						}
						_t3 = _t5 + 1;
						if(_t10 != 0) {
							continue;
						}
						return _t3;
					}
					goto L8;
				} else {
					return CharNextA(_t3);
				}
			}








                                                                                                                                                                                                                                0x004056f6
                                                                                                                                                                                                                                0x004056fd
                                                                                                                                                                                                                                0x00405700
                                                                                                                                                                                                                                0x00405705
                                                                                                                                                                                                                                0x00405718
                                                                                                                                                                                                                                0x00405732
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405732
                                                                                                                                                                                                                                0x0040571c
                                                                                                                                                                                                                                0x0040571d
                                                                                                                                                                                                                                0x00405720
                                                                                                                                                                                                                                0x00405721
                                                                                                                                                                                                                                0x00405729
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040572b
                                                                                                                                                                                                                                0x0040572e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040572e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040570e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040570f

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CharNextA.USER32(0040549F,?,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,00000000,00405751,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,?,?,76D7F560,0040549F,?,"C:\Users\user\Desktop\mp3rocket.exe" ,76D7F560), ref: 004056FB
                                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 00405700
                                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 0040570F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp, xrefs: 004056EE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext
                                                                                                                                                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp
                                                                                                                                                                                                                                • API String ID: 3213498283-3177201956
                                                                                                                                                                                                                                • Opcode ID: 48d170df000bd52d6530e74bc6e21c30bbb8ee0efc11f7a91444a9d932de86af
                                                                                                                                                                                                                                • Instruction ID: 78d2da9fff81111ace552b99da8146ab0c55ee08e32a6a48318d29482ea338b5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48d170df000bd52d6530e74bc6e21c30bbb8ee0efc11f7a91444a9d932de86af
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5AF0A751945A219AEB3262AC4C44B7B5B9CDB95720F144437E100BB1D1C6BC4C82AFAA
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00404E54, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00404E54(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420488 != _t22) {
							 *0x420488 = _t22;
							E00405B66(0x4204a0, 0x424000);
							E00405AC4(0x424000, _t22);
							E0040140B(6);
							E00405B66(0x424000, 0x4204a0);
						}
						L11:
						return CallWindowProcA( *0x420490, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004047D3(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403F64(0x413);
				return 0;
			}




                                                                                                                                                                                                                                0x00404e60
                                                                                                                                                                                                                                0x00404e85
                                                                                                                                                                                                                                0x00404ea5
                                                                                                                                                                                                                                0x00404ea8
                                                                                                                                                                                                                                0x00404eab
                                                                                                                                                                                                                                0x00404ec2
                                                                                                                                                                                                                                0x00404ec8
                                                                                                                                                                                                                                0x00404ecf
                                                                                                                                                                                                                                0x00404ed6
                                                                                                                                                                                                                                0x00404edd
                                                                                                                                                                                                                                0x00404ee2
                                                                                                                                                                                                                                0x00404ee8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404ef8
                                                                                                                                                                                                                                0x00404e92
                                                                                                                                                                                                                                0x00404ee5
                                                                                                                                                                                                                                0x00404ee5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404ee5
                                                                                                                                                                                                                                0x00404e9e
                                                                                                                                                                                                                                0x00404ea0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404ea0
                                                                                                                                                                                                                                0x00404e66
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00404e6d
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsWindowVisible.USER32 ref: 00404E8A
                                                                                                                                                                                                                                • CallWindowProcA.USER32 ref: 00404EF8
                                                                                                                                                                                                                                  • Part of subcall function 00403F64: SendMessageA.USER32 ref: 00403F76
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                • Opcode ID: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                                                                                                                                                • Instruction ID: 62f3a1a08e098275047049d4f9968a6b4933f6b7f921e7009373277d82a30415
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1116D71900208BBDB21AF52DC4499B3669FB84369F00803BF6047A2E2C37C5A519BAD
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040573A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 53%
                                                                                                                                                                                                                                			E0040573A(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405B66(0x4218a8, _a4);
				_t21 = E004056ED(0x4218a8);
				if(_t21 != 0) {
					E00405DC8(_t21);
					if(( *0x423eb8 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x4218a8;
						while(1) {
							_t11 = lstrlenA(0x4218a8);
							_push(0x4218a8);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405E61();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E004056A0(0x4218a8);
								continue;
							} else {
								goto L1;
							}
						}
						E00405659();
						return 0 | GetFileAttributesA(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                                                                                                                                                                                                0x00405746
                                                                                                                                                                                                                                0x00405751
                                                                                                                                                                                                                                0x00405755
                                                                                                                                                                                                                                0x0040575c
                                                                                                                                                                                                                                0x00405768
                                                                                                                                                                                                                                0x00405774
                                                                                                                                                                                                                                0x00405774
                                                                                                                                                                                                                                0x0040578c
                                                                                                                                                                                                                                0x0040578d
                                                                                                                                                                                                                                0x00405794
                                                                                                                                                                                                                                0x00405795
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00405778
                                                                                                                                                                                                                                0x0040577f
                                                                                                                                                                                                                                0x00405787
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040577f
                                                                                                                                                                                                                                0x00405797
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004057ab
                                                                                                                                                                                                                                0x0040576a
                                                                                                                                                                                                                                0x0040576e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0040576e
                                                                                                                                                                                                                                0x00405757
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,MP3 Rocket 6.2.4 Setup,NSIS Error), ref: 00405B73
                                                                                                                                                                                                                                  • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,00000000,00405751,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,?,?,76D7F560,0040549F,?,"C:\Users\user\Desktop\mp3rocket.exe" ,76D7F560), ref: 004056FB
                                                                                                                                                                                                                                  • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                                                                                                                                                                                                                  • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,00000000,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,?,?,76D7F560,0040549F,?,"C:\Users\user\Desktop\mp3rocket.exe" ,76D7F560), ref: 0040578D
                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,00000000,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp,?,?,76D7F560,0040549F,?,"C:\Users\user\Desktop\mp3rocket.exe" ,76D7F560), ref: 0040579D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user~1\AppData\Local\Temp\nsc308D.tmp
                                                                                                                                                                                                                                • API String ID: 3248276644-3177201956
                                                                                                                                                                                                                                • Opcode ID: 716f681fdc2f335f171507b78212e4fdddf35da2e6b413ee0daba6d976a18fc7
                                                                                                                                                                                                                                • Instruction ID: 7155b9e5202267c574e320c9449d9087b3e4f671a0d42f3ce7b213b6d11f415d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 716f681fdc2f335f171507b78212e4fdddf35da2e6b413ee0daba6d976a18fc7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1F0F425104D509AC72636395C09EAF1A55CE833A4F48053FF894B32D1CB3C8943EDAE
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029F6(0x11));
				} else {
					E004029D9(1);
					 *0x409f70 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405ADD(_t17 + 8, _t15), "Software\APN PIP\MP3R7", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                                                                                                                                                                0x004024be
                                                                                                                                                                                                                                0x004024be
                                                                                                                                                                                                                                0x004024c1
                                                                                                                                                                                                                                0x004024dc
                                                                                                                                                                                                                                0x004024c3
                                                                                                                                                                                                                                0x004024c5
                                                                                                                                                                                                                                0x004024ca
                                                                                                                                                                                                                                0x004024d1
                                                                                                                                                                                                                                0x004024e3
                                                                                                                                                                                                                                0x0040265c
                                                                                                                                                                                                                                0x0040265c
                                                                                                                                                                                                                                0x004024e9
                                                                                                                                                                                                                                0x004024fb
                                                                                                                                                                                                                                0x004015a6
                                                                                                                                                                                                                                0x004015a8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004015ae
                                                                                                                                                                                                                                0x004015a8
                                                                                                                                                                                                                                0x0040288e
                                                                                                                                                                                                                                0x0040289a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,Software\APN PIP\MP3R7,00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileWritelstrlen
                                                                                                                                                                                                                                • String ID: Software\APN PIP\MP3R7
                                                                                                                                                                                                                                • API String ID: 427699356-3921194532
                                                                                                                                                                                                                                • Opcode ID: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                                                                                                                                                                • Instruction ID: 2c1f07a632d72534084a5ac00d75746702f795d1104bf50e8da4b719a2e94720
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCF08972A44245FFD710EBB19E49EAF7668DB00348F14443BB142F51C2D6FC5982976D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0040361A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E0040361A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f45c; // 0x5cacb8
				_t3 = E004035FF(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f45c =  *0x41f45c & 0x00000000;
				return _t3;
			}







                                                                                                                                                                                                                                0x0040361b
                                                                                                                                                                                                                                0x00403623
                                                                                                                                                                                                                                0x0040362a
                                                                                                                                                                                                                                0x0040362d
                                                                                                                                                                                                                                0x0040362d
                                                                                                                                                                                                                                0x0040362f
                                                                                                                                                                                                                                0x00403634
                                                                                                                                                                                                                                0x0040363b
                                                                                                                                                                                                                                0x00403641
                                                                                                                                                                                                                                0x00403645
                                                                                                                                                                                                                                0x00403646
                                                                                                                                                                                                                                0x0040364e

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,"C:\Users\user\Desktop\mp3rocket.exe" ,00000000,76D7F560,004035F1,00000000,0040342D,00000000), ref: 00403634
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 0040363B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • "C:\Users\user\Desktop\mp3rocket.exe" , xrefs: 0040362C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                • String ID: "C:\Users\user\Desktop\mp3rocket.exe"
                                                                                                                                                                                                                                • API String ID: 1100898210-9583047
                                                                                                                                                                                                                                • Opcode ID: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                                                                                                                                                • Instruction ID: 07f203a12dc211ea1540440f4769086933c1ddaa55d0411da1bb29b7fd771b51
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8FE08C32804420ABC6216F55EC0579A7768AB48B22F028536E900BB3A083743C464BDC
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004056A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E004056A0(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                                                                                                                                0x004056a1
                                                                                                                                                                                                                                0x004056ab
                                                                                                                                                                                                                                0x004056ad
                                                                                                                                                                                                                                0x004056b4
                                                                                                                                                                                                                                0x004056bc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004056bc
                                                                                                                                                                                                                                0x004056be
                                                                                                                                                                                                                                0x004056c3

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\mp3rocket.exe,C:\Users\user\Desktop\mp3rocket.exe,80000000,00000003), ref: 004056A6
                                                                                                                                                                                                                                • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\mp3rocket.exe,C:\Users\user\Desktop\mp3rocket.exe,80000000,00000003), ref: 004056B4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                                                                                                                                                • API String ID: 2709904686-3976562730
                                                                                                                                                                                                                                • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                                                                • Instruction ID: 6658d1b0ab05e5211e75f0b74aef41c49d7b43cb9628f8e009f88ad9fa15a52a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5D0A772409DB02EF30352108C04B8F7A98CF17300F0948A2E440E21D0C27C5C818FFD
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 100010D6, Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E100010D6(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x10004058 = _a8;
				 *0x1000405c = _a16;
				 *0x10004060 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004038, E1000189E, _t52);
				_t43 =  *0x10004058 +  *0x10004058 * 4 << 2;
				_t17 = E10001561();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E1000159E(E100015E5( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E1000160E( *_t55 - 0x30, E10001561());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x10004030;
								 *0x10004030 = _t31;
								E10001854(_t31 + 4,  *0x10004060, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x10004030;
							if( *0x10004030 != 0) {
								E10001854( *0x10004060, _t34 + 4, _t43);
								_t37 =  *0x10004030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x10004030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                                                                                                                                                                0x100010dd
                                                                                                                                                                                                                                0x100010e5
                                                                                                                                                                                                                                0x100010f9
                                                                                                                                                                                                                                0x10001101
                                                                                                                                                                                                                                0x1000110c
                                                                                                                                                                                                                                0x1000110f
                                                                                                                                                                                                                                0x10001117
                                                                                                                                                                                                                                0x1000111a
                                                                                                                                                                                                                                0x1000111c
                                                                                                                                                                                                                                0x100011ba
                                                                                                                                                                                                                                0x100011c6
                                                                                                                                                                                                                                0x10001122
                                                                                                                                                                                                                                0x10001123
                                                                                                                                                                                                                                0x10001123
                                                                                                                                                                                                                                0x10001126
                                                                                                                                                                                                                                0x10001127
                                                                                                                                                                                                                                0x1000112a
                                                                                                                                                                                                                                0x100011f9
                                                                                                                                                                                                                                0x100011fc
                                                                                                                                                                                                                                0x10001194
                                                                                                                                                                                                                                0x1000119a
                                                                                                                                                                                                                                0x100011a2
                                                                                                                                                                                                                                0x100011a7
                                                                                                                                                                                                                                0x100011aa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100011aa
                                                                                                                                                                                                                                0x100011ff
                                                                                                                                                                                                                                0x10001200
                                                                                                                                                                                                                                0x1000117c
                                                                                                                                                                                                                                0x10001182
                                                                                                                                                                                                                                0x1000118a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000118a
                                                                                                                                                                                                                                0x10001148
                                                                                                                                                                                                                                0x10001149
                                                                                                                                                                                                                                0x10001151
                                                                                                                                                                                                                                0x1000115e
                                                                                                                                                                                                                                0x10001166
                                                                                                                                                                                                                                0x1000116f
                                                                                                                                                                                                                                0x10001174
                                                                                                                                                                                                                                0x10001174
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001149
                                                                                                                                                                                                                                0x10001130
                                                                                                                                                                                                                                0x100011c7
                                                                                                                                                                                                                                0x100011c7
                                                                                                                                                                                                                                0x100011ce
                                                                                                                                                                                                                                0x100011db
                                                                                                                                                                                                                                0x100011e0
                                                                                                                                                                                                                                0x100011e5
                                                                                                                                                                                                                                0x100011eb
                                                                                                                                                                                                                                0x100011f1
                                                                                                                                                                                                                                0x100011f1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100011ce
                                                                                                                                                                                                                                0x10001136
                                                                                                                                                                                                                                0x10001139
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x1000113f
                                                                                                                                                                                                                                0x10001142
                                                                                                                                                                                                                                0x10001191
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001191
                                                                                                                                                                                                                                0x10001145
                                                                                                                                                                                                                                0x10001146
                                                                                                                                                                                                                                0x10001179
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x10001179
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100011b0
                                                                                                                                                                                                                                0x100011b0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x100011b9

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 10001561: lstrcpyA.KERNEL32(00000000,?,?,?,10001804,?,10001017), ref: 1000157E
                                                                                                                                                                                                                                  • Part of subcall function 10001561: GlobalFree.KERNEL32 ref: 1000158F
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 10001151
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 100011AA
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 100011BD
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 100011EB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1690752483.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690732782.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690765129.0000000010003000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1690776803.0000000010005000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$Free$Alloclstrcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 852173138-0
                                                                                                                                                                                                                                • Opcode ID: 63b0637edc7530645d46bec010932f639f2f746b6ed29226dfb72de0ebfb049a
                                                                                                                                                                                                                                • Instruction ID: ed341c900a7ce6bdf815d06216e218db22d2bbb6d3afa64795f6a6593979f754
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63b0637edc7530645d46bec010932f639f2f746b6ed29226dfb72de0ebfb049a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D031BCB5404655AFF705CF64DCC9BEA7FFCEB092D1B164029FA45D626CEB3099008B64
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 004057B2, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E004057B2(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                                                                                                                                                                0x004057be
                                                                                                                                                                                                                                0x004057c0
                                                                                                                                                                                                                                0x004057e8
                                                                                                                                                                                                                                0x004057cd
                                                                                                                                                                                                                                0x004057d2
                                                                                                                                                                                                                                0x004057dd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x004057fa
                                                                                                                                                                                                                                0x004057e6
                                                                                                                                                                                                                                0x004057e6
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057D2
                                                                                                                                                                                                                                • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004057E0
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.1669394103.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669364993.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669491046.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669520225.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669602682.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669639077.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.1669653263.000000000043D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_mp3rocket.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                                                                                                • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                                                                                                                                • Instruction ID: 042c172281cf084eebf1820456e7eb749b121a10276c912c68532230cfd8689c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BBF0A736249D51DBC2029B295C44E6FBEA4EF95355F14057EF440F3180D335AC11ABBB
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Analysis Process: AskInstaller.exe PID: 6772 Parent PID: 6568 AskInstaller.exeCOMMON

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:12.8%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                Signature Coverage:3.8%
                                                                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                                                                Total number of Limit Nodes:94

                                                                                                                                                                                                                                Graph

                                                                                                                                                                                                                                execution_graph 24216 135cc9d UuidCreate 24217 135ccc2 UuidToStringW 24216->24217 24221 135cce8 24216->24221 24218 135ccd4 24217->24218 24217->24221 24224 1319b90 77 API calls 2 library calls 24218->24224 24220 135ccdd RpcStringFreeW 24220->24221 24222 13748c1 __expandlocale 5 API calls 24221->24222 24223 135cd31 24222->24223 24224->24220 24225 13567dc 24226 13567e8 __EH_prolog3_GS 24225->24226 24227 131a995 numpunct 77 API calls 24226->24227 24228 13567fd 24227->24228 24229 1319b30 numpunct 77 API calls 24228->24229 24230 135680b _wcslen 24229->24230 24231 131b7e3 numpunct 77 API calls 24230->24231 24232 1356823 24231->24232 24233 1319b08 77 API calls 24232->24233 24252 13568c2 24232->24252 24234 135683e 24233->24234 24236 1319b30 numpunct 77 API calls 24234->24236 24238 1356854 24236->24238 24237 13568e0 24239 1356906 numpunct 24237->24239 24241 13568ed RegDeleteValueW 24237->24241 24240 1319b30 numpunct 77 API calls 24238->24240 24243 137c2c5 Mailbox 5 API calls 24239->24243 24242 135686a 24240->24242 24241->24237 24261 135c1e5 77 API calls 3 library calls 24242->24261 24245 1356916 24243->24245 24246 1356875 _wcslen numpunct 24246->24239 24262 131b74b 24246->24262 24248 13568ac 24271 131b6a8 24248->24271 24250 13568b8 24279 13123e4 RegCloseKey 24250->24279 24253 13123fb 24252->24253 24254 1312425 RegCreateKeyExW 24253->24254 24255 1312418 24253->24255 24256 131243a 24254->24256 24280 1311cd3 GetModuleHandleW GetProcAddress RegCreateKeyExW 24255->24280 24258 1312443 24256->24258 24281 13123e4 RegCloseKey 24256->24281 24258->24237 24259 1312423 24259->24256 24261->24246 24263 131b75a numpunct 24262->24263 24264 131b77a 24263->24264 24265 131b75e 24263->24265 24266 131b790 24264->24266 24282 13631d4 67 API calls 2 library calls 24264->24282 24268 131b6a8 77 API calls 24265->24268 24269 131b8e0 numpunct 77 API calls 24266->24269 24270 131b778 _memmove 24266->24270 24268->24270 24269->24270 24270->24248 24272 131b6c4 24271->24272 24273 131b6ba 24271->24273 24275 131b6e6 24272->24275 24284 13631d4 67 API calls 2 library calls 24272->24284 24283 1363221 67 API calls 2 library calls 24273->24283 24277 131b8e0 numpunct 77 API calls 24275->24277 24278 131b6f8 _memmove 24275->24278 24277->24278 24278->24250 24279->24252 24280->24259 24281->24258 24282->24266 24283->24272 24284->24275 22956 13188bb 22957 13188da __write_nolock 22956->22957 22970 1353ad8 WSAStartup 22957->22970 22960 1318934 22999 135bfb1 118 API calls 3 library calls 22960->22999 22961 1318999 numpunct 23002 13748c1 22961->23002 22963 1318957 23000 131d888 77 API calls _strlen 22963->23000 22966 13189c8 22967 1318974 23001 134ba76 147 API calls 6 library calls 22967->23001 22969 1318981 numpunct 22969->22961 22971 1353b3e getprotobyname 22970->22971 22976 1353b1a _wcslen 22970->22976 22972 1353b54 socket 22971->22972 22971->22976 22973 1353b74 setsockopt 22972->22973 22972->22976 22974 1353b95 WSAGetLastError 22973->22974 22975 1353bb2 setsockopt 22973->22975 22977 1353ba6 __stbuf 22974->22977 22978 1353bcd WSAGetLastError 22975->22978 22993 1353be7 _memset 22975->22993 23010 131b7e3 22976->23010 23017 1379ebb 104 API calls 8 library calls 22977->23017 22982 1353bde __stbuf 22978->22982 22980 1353b33 WSAGetLastError 22983 1353c6d 22980->22983 23018 1379ebb 104 API calls 8 library calls 22982->23018 22989 13748c1 __expandlocale 5 API calls 22983->22989 22984 1353bfa gethostbyname 22987 1353c15 _memmove 22984->22987 22988 1353c3f inet_addr 22984->22988 22985 1353baf 22985->22975 22994 1353c2b gethostbyaddr 22987->22994 22991 1353c54 _wcslen 22988->22991 22992 1353c72 GetCurrentProcessId 22988->22992 22990 131892c 22989->22990 22990->22960 22990->22961 22997 131b7e3 numpunct 77 API calls 22991->22997 22995 1353c7d 22992->22995 22993->22984 22994->22983 22995->22983 23019 1353d2c GetTickCount sendto 22995->23019 23020 1353d9c 108 API calls 22995->23020 22997->22983 22999->22963 23000->22967 23001->22969 23003 13748cb IsDebuggerPresent 23002->23003 23004 13748c9 23002->23004 23134 138af6c 23003->23134 23004->22966 23007 137ec91 SetUnhandledExceptionFilter UnhandledExceptionFilter 23008 137ecb6 GetCurrentProcess TerminateProcess 23007->23008 23009 137ecae __call_reportfault 23007->23009 23008->22966 23009->23008 23011 131b7f3 numpunct 23010->23011 23012 131b815 23011->23012 23013 131b7f7 23011->23013 23021 131b8e0 23012->23021 23027 131a995 23013->23027 23016 131b813 _memmove 23016->22980 23017->22985 23018->22993 23019->22995 23020->22995 23022 131b8f9 23021->23022 23023 131b8ef 23021->23023 23026 131b909 numpunct 23022->23026 23038 131c601 23022->23038 23042 13631d4 67 API calls 2 library calls 23023->23042 23026->23016 23028 131a9b4 23027->23028 23029 131a9aa 23027->23029 23031 131a9c2 23028->23031 23032 131a9da 23028->23032 23131 1363221 67 API calls 2 library calls 23029->23131 23132 131b861 67 API calls 2 library calls 23031->23132 23034 131b8e0 numpunct 77 API calls 23032->23034 23037 131a9d8 _memmove 23034->23037 23035 131a9cc 23133 131b861 67 API calls 2 library calls 23035->23133 23037->23016 23039 131c60d __EH_prolog3_catch 23038->23039 23043 131da60 23039->23043 23041 131c65d ctype _memmove numpunct 23041->23026 23042->23022 23044 131daaa 23043->23044 23045 131da6f 23043->23045 23044->23041 23046 131da80 23045->23046 23051 13753a6 23045->23051 23046->23044 23063 1374cb9 66 API calls std::exception::_Copy_str 23046->23063 23049 131da95 23064 137bd1e RaiseException 23049->23064 23055 13753b0 23051->23055 23053 13753ca 23053->23046 23055->23053 23058 13753cc std::exception::exception 23055->23058 23065 137f2ce DecodePointer 23055->23065 23066 1376c17 23055->23066 23056 137540a 23086 1374d3e 66 API calls std::exception::operator= 23056->23086 23058->23056 23083 1376ec1 23058->23083 23059 1375414 23087 137bd1e RaiseException 23059->23087 23062 1375425 23063->23049 23064->23044 23065->23055 23067 1376c94 23066->23067 23071 1376c25 23066->23071 23094 137f2ce DecodePointer 23067->23094 23069 1376c9a 23095 137bdac 66 API calls __getptd_noexit 23069->23095 23070 1376c30 23070->23071 23088 1380eb5 66 API calls __NMSG_WRITE 23070->23088 23089 1380d06 66 API calls 6 library calls 23070->23089 23090 1378f2d GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 23070->23090 23071->23070 23074 1376c53 RtlAllocateHeap 23071->23074 23077 1376c80 23071->23077 23081 1376c7e 23071->23081 23091 137f2ce DecodePointer 23071->23091 23074->23071 23075 1376c8c 23074->23075 23075->23055 23092 137bdac 66 API calls __getptd_noexit 23077->23092 23093 137bdac 66 API calls __getptd_noexit 23081->23093 23096 1376e85 23083->23096 23085 1376ece 23085->23056 23086->23059 23087->23062 23088->23070 23089->23070 23091->23071 23092->23081 23093->23075 23094->23069 23095->23075 23097 1376e91 ___lock_fhandle 23096->23097 23104 1378f45 23097->23104 23103 1376eb2 ___lock_fhandle 23103->23085 23121 1382372 23104->23121 23106 1376e96 23107 1376d9e RtlDecodePointer DecodePointer 23106->23107 23108 1376e4d 23107->23108 23109 1376dcc 23107->23109 23120 1376ebb LeaveCriticalSection ctype 23108->23120 23109->23108 23128 137f21c 67 API calls __wcstombs_s_l 23109->23128 23111 1376dde 23112 1376e30 EncodePointer EncodePointer 23111->23112 23113 1376df9 23111->23113 23114 1376e08 23111->23114 23112->23108 23129 137c69d 70 API calls __realloc_crt 23113->23129 23114->23108 23116 1376e02 23114->23116 23116->23114 23118 1376e1e EncodePointer 23116->23118 23130 137c69d 70 API calls __realloc_crt 23116->23130 23118->23112 23119 1376e18 23119->23108 23119->23118 23120->23103 23122 138239a EnterCriticalSection 23121->23122 23123 1382387 23121->23123 23122->23106 23124 13822b0 __mtinitlocknum 65 API calls 23123->23124 23125 138238d 23124->23125 23125->23122 23126 13791cf __amsg_exit 65 API calls 23125->23126 23127 1382399 23126->23127 23127->23122 23128->23111 23129->23116 23130->23119 23131->23028 23132->23035 23133->23037 23134->23007 24285 1329659 24286 132966f 24285->24286 24299 1329695 24285->24299 24287 132967e 24286->24287 24288 132969c 24286->24288 24362 134a2f3 216 API calls 3 library calls 24287->24362 24290 13296a2 EndDialog 24288->24290 24291 13296b5 24288->24291 24290->24299 24292 132968c 24291->24292 24293 13296e3 24291->24293 24294 13296c8 24291->24294 24292->24299 24363 134495f 83 API calls 24292->24363 24293->24292 24297 13296f7 24293->24297 24294->24292 24296 13296d2 EndDialog 24294->24296 24296->24299 24300 1349dd0 24297->24300 24301 1349ddf __EH_prolog3_GS 24300->24301 24302 1349e42 SuspendThread 24301->24302 24303 1349e49 24301->24303 24302->24303 24304 1319b30 numpunct 77 API calls 24303->24304 24305 1349e61 24304->24305 24306 131fd87 67 API calls 24305->24306 24307 1349e76 24306->24307 24308 1349eb1 24307->24308 24309 1349e7b 24307->24309 24311 1319b30 numpunct 77 API calls 24308->24311 24310 1319b30 numpunct 77 API calls 24309->24310 24312 1349e87 24310->24312 24314 1349ead numpunct 24311->24314 24313 131fd37 78 API calls 24312->24313 24313->24314 24315 1349fa6 24314->24315 24316 134a101 24314->24316 24317 1319b30 numpunct 77 API calls 24315->24317 24318 1327839 67 API calls 24316->24318 24319 1349fb7 24317->24319 24320 134a111 24318->24320 24321 131fd87 67 API calls 24319->24321 24322 134a115 GetActiveWindow 24320->24322 24342 134a0ff numpunct 24320->24342 24323 1349fcc 24321->24323 24364 1311db3 24322->24364 24327 134a017 24323->24327 24328 1349fd1 24323->24328 24325 134a17a 24331 134a18f ResumeThread 24325->24331 24343 134a2b5 numpunct 24325->24343 24326 134a19b 24332 134a2a4 24326->24332 24333 134a1a4 GetTempPathW 24326->24333 24330 1319b30 numpunct 77 API calls 24327->24330 24334 1319b30 numpunct 77 API calls 24328->24334 24329 134a12e 24368 131d656 24329->24368 24346 134a000 numpunct 24330->24346 24331->24343 24337 134a2ae ResumeThread 24332->24337 24332->24343 24336 1319b30 numpunct 77 API calls 24333->24336 24338 1349fdd 24334->24338 24340 134a1d6 24336->24340 24337->24343 24341 131fd37 78 API calls 24338->24341 24349 1319c49 77 API calls 24340->24349 24341->24346 24342->24325 24342->24326 24345 134a2eb 24343->24345 24387 1362c58 GetProcessHeap HeapFree InterlockedPushEntrySList Mailbox 24343->24387 24344 134a15c SetLastError 24344->24342 24348 137c2c5 Mailbox 5 API calls 24345->24348 24351 134a0af LoadStringW 24346->24351 24350 134a2f2 24348->24350 24352 134a1fc numpunct 24349->24352 24350->24299 24353 134a0de MessageBoxW 24351->24353 24354 134a0d8 24351->24354 24355 1319b30 numpunct 77 API calls 24352->24355 24353->24342 24354->24353 24356 134a22b 24355->24356 24357 1319b08 77 API calls 24356->24357 24358 134a242 24357->24358 24386 135c298 87 API calls 5 library calls 24358->24386 24360 134a24b SendMessageW Sleep EndDialog 24361 134a28a numpunct 24360->24361 24361->24343 24362->24292 24363->24299 24365 1311db7 24364->24365 24366 1311dea RaiseException 24364->24366 24365->24366 24367 1311dbb GetCurrentThreadId EnterCriticalSection LeaveCriticalSection 24365->24367 24367->24329 24388 131800e EnterCriticalSection RegisterWindowMessageW RegisterWindowMessageW GetClassInfoExW 24368->24388 24370 131d663 FindResourceW 24371 131d680 FindResourceW 24370->24371 24372 131d713 24370->24372 24373 131d6a2 LoadResource 24371->24373 24374 131d69b LoadResource LockResource 24371->24374 24372->24342 24372->24344 24375 131d6b0 LockResource 24373->24375 24376 131d6fb GetLastError 24373->24376 24374->24373 24375->24376 24378 131d6b9 24375->24378 24377 131d704 24376->24377 24377->24372 24379 131d70a SetLastError 24377->24379 24399 1314c30 24378->24399 24379->24372 24382 131d6d9 24383 131d6de GetLastError 24382->24383 24384 131d6e7 24382->24384 24383->24384 24384->24377 24385 131d6eb GlobalHandle GlobalFree 24384->24385 24385->24377 24386->24360 24387->24345 24389 13180dd _memset 24388->24389 24390 1318067 LoadCursorW RegisterClassExW 24388->24390 24394 13180ec GetClassInfoExW 24389->24394 24391 13180cf 24390->24391 24398 1318188 24390->24398 24408 131950f 72 API calls __recalloc 24391->24408 24392 1318196 LeaveCriticalSection 24392->24370 24394->24392 24395 1318116 LoadCursorW RegisterClassExW 24394->24395 24396 131817a 24395->24396 24395->24398 24409 131950f 72 API calls __recalloc 24396->24409 24398->24392 24401 1314c42 24399->24401 24400 1314cbb DialogBoxIndirectParamW 24400->24382 24400->24383 24401->24400 24402 1314cc2 GlobalAlloc 24401->24402 24410 1311b94 68 API calls _memcpy_s 24402->24410 24405 1314cdd 24407 1314d7c 24405->24407 24411 1311000 SysFreeString RaiseException __CxxThrowException@8 24405->24411 24412 1311b94 68 API calls _memcpy_s 24405->24412 24407->24400 24408->24389 24409->24398 24410->24405 24411->24405 24412->24405 24413 1340918 24513 134054e 157 API calls 4 library calls 24413->24513 24415 1340922 24418 132b1d7 24415->24418 24417 1340927 EndDialog 24419 132b31a 24418->24419 24426 132b21d 24418->24426 24421 1319b08 77 API calls 24419->24421 24455 132b388 numpunct 24419->24455 24423 132b32f _wcslen 24421->24423 24422 132b393 24425 13748c1 __expandlocale 5 API calls 24422->24425 24431 131b74b 77 API calls 24423->24431 24424 132b3b0 RaiseException 24427 132b3cf __EH_prolog3_GS 24424->24427 24428 132b3ac 24425->24428 24426->24424 24429 132b2b1 GetFileAttributesW 24426->24429 24441 132b23d numpunct 24426->24441 24432 132b3e3 24427->24432 24433 132b449 24427->24433 24428->24417 24429->24441 24430 135be26 117 API calls 24430->24441 24434 132b34f _wcslen 24431->24434 24435 1319638 numpunct 77 API calls 24432->24435 24514 13570b1 24433->24514 24446 131b74b 77 API calls 24434->24446 24439 132b3f8 24435->24439 24438 132b2da RemoveDirectoryW 24438->24441 24716 134ba76 147 API calls 6 library calls 24439->24716 24440 132b301 DeleteFileW 24440->24441 24441->24419 24441->24424 24441->24426 24441->24429 24441->24430 24441->24438 24441->24440 24713 131d888 77 API calls _strlen 24441->24713 24714 134ba76 147 API calls 6 library calls 24441->24714 24449 132b367 RemoveDirectoryW 24446->24449 24447 132b404 24450 135be26 117 API calls 24447->24450 24449->24455 24453 132b412 24450->24453 24717 131d888 77 API calls _strlen 24453->24717 24715 1345350 66 API calls 2 library calls 24455->24715 24457 132b42d 24718 134ba76 147 API calls 6 library calls 24457->24718 24458 132b4c0 24461 132b55d GetDlgItem 24458->24461 24462 132b4cd SetTimer 24458->24462 24459 132b479 24719 135bfb1 118 API calls 3 library calls 24459->24719 24552 13446cb 24461->24552 24462->24461 24466 132b4f2 24462->24466 24464 132b437 numpunct 24464->24433 24722 135bfb1 118 API calls 3 library calls 24466->24722 24467 132b488 24720 131d888 77 API calls _strlen 24467->24720 24469 132b574 _wcslen 24476 131b7e3 numpunct 77 API calls 24469->24476 24471 132b4a6 24721 134ba76 147 API calls 6 library calls 24471->24721 24472 132b504 24723 131d888 77 API calls _strlen 24472->24723 24475 132b4b0 numpunct 24475->24458 24478 132b590 GetDlgItem 24476->24478 24477 132b51a 24724 1347f01 77 API calls _strlen 24477->24724 24480 13446cb 36 API calls 24478->24480 24482 132b5a4 GetDlgItem 24480->24482 24481 132b534 24725 134ba76 147 API calls 6 library calls 24481->24725 24484 13446cb 36 API calls 24482->24484 24485 132b5b8 GetDlgItem GetDlgItem GetDlgItem GetDlgItem SendMessageW 24484->24485 24486 131f26e 18 API calls 24485->24486 24488 132b60f 24486->24488 24487 132b53e numpunct 24487->24461 24560 1330720 24488->24560 24491 1319b30 numpunct 77 API calls 24492 132b631 24491->24492 24493 131fd87 67 API calls 24492->24493 24494 132b647 numpunct 24493->24494 24495 1319b30 numpunct 77 API calls 24494->24495 24509 132b707 numpunct 24494->24509 24498 132b67a 24495->24498 24496 132b724 PostMessageW 24497 132b738 24496->24497 24499 137c2c5 Mailbox 5 API calls 24497->24499 24500 131fd37 78 API calls 24498->24500 24501 132b740 24499->24501 24502 132b68d 24500->24502 24501->24417 24503 1319b30 numpunct 77 API calls 24502->24503 24504 132b6a2 numpunct 24503->24504 24505 1327839 67 API calls 24504->24505 24506 132b6cb 24505->24506 24507 132b6cf ShowWindow 24506->24507 24506->24509 24508 132b6e8 24507->24508 24507->24509 24510 1319638 numpunct 77 API calls 24508->24510 24509->24496 24509->24497 24513->24415 24515 131a995 numpunct 77 API calls 24514->24515 24516 13570cb CreateThread 24515->24516 24517 132b458 24516->24517 24518 13570fa 24516->24518 24728 1357125 24516->24728 24523 1345b51 FindResourceW 24517->24523 24518->24517 24519 1357102 24518->24519 24520 1319638 numpunct 77 API calls 24519->24520 24521 1357114 24520->24521 24727 134ba76 147 API calls 6 library calls 24521->24727 24524 1345b97 LoadResource 24523->24524 24525 1345cd6 24523->24525 24524->24525 24526 1345ba7 LockResource 24524->24526 24527 13748c1 __expandlocale 5 API calls 24525->24527 24526->24525 24532 1345bb8 24526->24532 24528 132b460 24527->24528 24535 131f26e GetWindowLongW 24528->24535 24531 1345c05 SendDlgItemMessageW 24531->24532 24532->24525 24533 1345c9d SendDlgItemMessageW 24532->24533 24534 1375111 66 API calls _free 24532->24534 24826 13478ad 78 API calls 24532->24826 24827 13478ad 78 API calls 24532->24827 24533->24532 24534->24532 24536 131f2a4 GetParent 24535->24536 24537 131f2aa GetWindow 24535->24537 24538 131f2b4 GetWindowRect 24536->24538 24537->24538 24539 131f2cd 24538->24539 24540 131f34f GetParent GetClientRect GetClientRect MapWindowPoints 24538->24540 24541 131f2d3 GetWindowLongW 24539->24541 24542 131f2e1 MonitorFromWindow 24539->24542 24546 131f334 SetWindowPos 24540->24546 24541->24542 24544 131f307 24542->24544 24545 131f30e GetMonitorInfoW 24542->24545 24549 13748c1 __expandlocale 5 API calls 24544->24549 24545->24544 24547 131f324 24545->24547 24546->24544 24547->24546 24550 131f340 GetWindowRect 24547->24550 24551 131f401 24549->24551 24550->24546 24551->24458 24551->24459 24553 13446d8 24552->24553 24554 1314f3a 15 API calls 24553->24554 24555 13446e0 24554->24555 24556 13446e8 SetWindowLongW 24555->24556 24557 13446e4 24555->24557 24556->24557 24558 13446f8 24556->24558 24557->24469 24828 1345d86 GetWindowLongW 24558->24828 24561 133072f __EH_prolog3_GS 24560->24561 24562 133074f 24561->24562 24563 133076e GetWindowLongW SetWindowLongW 24561->24563 24564 1319638 numpunct 77 API calls 24562->24564 24565 133079d SetLayeredWindowAttributes 24563->24565 24618 133135b numpunct 24563->24618 24566 1330764 24564->24566 24567 1319b30 numpunct 77 API calls 24565->24567 24919 134ba76 147 API calls 6 library calls 24566->24919 24569 13307c8 24567->24569 24570 131fd87 67 API calls 24569->24570 24571 13307de 24570->24571 24572 1319b30 numpunct 77 API calls 24571->24572 24580 1330834 numpunct 24571->24580 24574 13307ef 24572->24574 24573 13315d9 SetWindowPos 24575 1331603 SetWindowPos SetWindowPos 24573->24575 24573->24618 24576 131fd37 78 API calls 24574->24576 24575->24618 24578 1330815 24576->24578 24577 13116f0 77 API calls 24577->24618 24579 135be26 117 API calls 24578->24579 24579->24580 24582 1319b30 numpunct 77 API calls 24580->24582 24581 135bed6 79 API calls 24581->24618 24583 13308cf 24582->24583 24584 131fd87 67 API calls 24583->24584 24585 13308e8 24584->24585 24586 1319b30 numpunct 77 API calls 24585->24586 24593 1330938 numpunct 24585->24593 24588 13308f9 24586->24588 24589 131fd37 78 API calls 24588->24589 24590 133091c 24589->24590 24592 135be26 117 API calls 24590->24592 24591 1331372 RaiseException 24591->24618 24592->24593 24595 1319b30 numpunct 77 API calls 24593->24595 24594 1331806 24596 13116f0 77 API calls 24594->24596 24597 13309d0 24595->24597 24599 133181d 24596->24599 24600 131fd87 67 API calls 24597->24600 24598 1319b30 numpunct 77 API calls 24598->24618 24602 1331842 24599->24602 24603 1331834 24599->24603 24604 13309e9 24600->24604 24601 1319c49 77 API calls 24601->24618 24606 1319638 numpunct 77 API calls 24602->24606 24605 13116f0 77 API calls 24603->24605 24608 1319b30 numpunct 77 API calls 24604->24608 24619 1330a3c numpunct 24604->24619 24607 1331840 24605->24607 24606->24607 24922 1333172 147 API calls 5 library calls 24607->24922 24609 13309fa 24608->24609 24611 131fd37 78 API calls 24609->24611 24612 1330a1d 24611->24612 24614 135be26 117 API calls 24612->24614 24613 1331730 24617 133174d 24613->24617 24920 132996f DeleteObject 24613->24920 24614->24619 24615 1331865 RedrawWindow KiUserCallbackDispatcher 24636 1331898 numpunct 24615->24636 24616 1331782 24621 13116f0 77 API calls 24616->24621 24897 1329abe 24617->24897 24618->24573 24618->24575 24618->24577 24618->24581 24618->24591 24618->24594 24618->24598 24618->24601 24618->24613 24618->24616 24623 133143e SetWindowTextW 24618->24623 24630 1311716 numpunct 77 API calls 24618->24630 24652 13314f6 EnableWindow 24618->24652 24657 133156f EnableWindow 24618->24657 24843 13318df 24618->24843 24889 1347f2c 24618->24889 24620 1319b30 numpunct 77 API calls 24619->24620 24624 1330af2 24620->24624 24625 1331799 24621->24625 24623->24618 24627 131fd87 67 API calls 24624->24627 24628 13317b0 24625->24628 24629 13317be 24625->24629 24631 1330b0b 24627->24631 24632 13116f0 77 API calls 24628->24632 24633 1319638 numpunct 77 API calls 24629->24633 24630->24618 24635 1319b30 numpunct 77 API calls 24631->24635 24640 1330b61 numpunct 24631->24640 24634 13317bc 24632->24634 24633->24634 24921 1333172 147 API calls 5 library calls 24634->24921 24639 1330b1c 24635->24639 24645 137c2c5 Mailbox 5 API calls 24636->24645 24638 133176e numpunct 24638->24615 24641 131fd37 78 API calls 24639->24641 24646 1319b30 numpunct 77 API calls 24640->24646 24643 1330b42 24641->24643 24644 135be26 117 API calls 24643->24644 24644->24640 24647 132b61d 24645->24647 24648 1330c20 24646->24648 24647->24491 24649 131fd87 67 API calls 24648->24649 24650 1330c39 24649->24650 24651 1319b30 numpunct 77 API calls 24650->24651 24660 1330c8f numpunct 24650->24660 24653 1330c4a 24651->24653 24652->24618 24654 1331518 ShowWindow 24652->24654 24654->24618 24657->24618 24659 133158d ShowWindow 24657->24659 24659->24618 24661 1319b30 numpunct 77 API calls 24660->24661 24713->24441 24714->24441 24715->24422 24716->24447 24717->24457 24718->24464 24719->24467 24720->24471 24721->24475 24722->24472 24723->24477 24724->24481 24725->24487 24727->24517 24729 1357135 24728->24729 24730 1357130 24728->24730 24732 135713d 24729->24732 24733 1357245 24732->24733 24734 1357187 GetCurrentThreadId 24732->24734 24735 135726f CreateEventW 24733->24735 24760 135736c 24733->24760 24788 1327581 99 API calls 2 library calls 24734->24788 24737 13572a7 CreateEventW 24735->24737 24738 135729c GetLastError 24735->24738 24737->24738 24742 13572c0 CreateEventW 24737->24742 24741 1357349 24738->24741 24746 13748c1 __expandlocale 5 API calls 24741->24746 24742->24738 24744 13572d9 CreateEventW 24742->24744 24744->24738 24747 13572f2 24744->24747 24745 13571b7 24748 13571c3 24745->24748 24749 1357368 24746->24749 24747->24741 24751 135732e WaitForMultipleObjects 24747->24751 24750 1319b30 numpunct 77 API calls 24748->24750 24749->24730 24752 13571de 24750->24752 24790 1357579 155 API calls 3 library calls 24751->24790 24754 135be26 117 API calls 24752->24754 24755 13571f4 numpunct 24754->24755 24756 13116f0 77 API calls 24755->24756 24757 135721f 24756->24757 24789 134ba76 147 API calls 6 library calls 24757->24789 24759 1357229 Mailbox numpunct 24759->24733 24761 135737b __EH_prolog3_GS 24760->24761 24791 135dae1 24761->24791 24763 13573c2 _wcslen 24764 131b74b 77 API calls 24763->24764 24766 13573c8 numpunct 24763->24766 24765 1357410 _wcslen 24764->24765 24767 131b74b 77 API calls 24765->24767 24768 137c2c5 Mailbox 5 API calls 24766->24768 24769 1357424 24767->24769 24770 1357267 24768->24770 24771 1319b08 77 API calls 24769->24771 24770->24735 24770->24741 24772 135744b 24771->24772 24773 1319b08 77 API calls 24772->24773 24774 1357463 24773->24774 24804 135dc37 24774->24804 24778 13574de 24779 13574ec 24778->24779 24780 1319b30 numpunct 77 API calls 24779->24780 24781 135750d 24780->24781 24782 135be26 117 API calls 24781->24782 24783 1357520 numpunct 24782->24783 24784 13116f0 77 API calls 24783->24784 24785 1357547 24784->24785 24825 134ba76 147 API calls 6 library calls 24785->24825 24787 1357551 Mailbox numpunct 24787->24766 24788->24745 24789->24759 24790->24747 24792 135dafc _memset __write_nolock 24791->24792 24793 135db44 GetModuleFileNameW 24792->24793 24794 1319b30 numpunct 77 API calls 24793->24794 24795 135db6c 24794->24795 24796 131a995 numpunct 77 API calls 24795->24796 24803 135db83 numpunct 24795->24803 24797 135dbc8 24796->24797 24798 1319c49 77 API calls 24797->24798 24801 135dbe0 numpunct 24798->24801 24799 13748c1 __expandlocale 5 API calls 24800 135dbb5 24799->24800 24800->24763 24802 1319c49 77 API calls 24801->24802 24802->24803 24803->24799 24805 135dc46 __EH_prolog3_GS 24804->24805 24806 135dc5f numpunct 24805->24806 24809 135dc7b _memset _wcslen 24805->24809 24807 137c2c5 Mailbox 5 API calls 24806->24807 24808 135746c 24807->24808 24808->24766 24824 1327581 99 API calls 2 library calls 24808->24824 24810 135dd08 24809->24810 24812 135dcd2 _wcslen 24809->24812 24811 131b6a8 77 API calls 24810->24811 24816 135dcf3 _wcslen 24811->24816 24813 131b74b 77 API calls 24812->24813 24814 135dce4 24813->24814 24815 131b6a8 77 API calls 24814->24815 24815->24816 24817 131b74b 77 API calls 24816->24817 24818 135dd2e 24816->24818 24817->24818 24819 131b6a8 77 API calls 24818->24819 24820 135dd3f CreateProcessW 24819->24820 24822 135dd95 WaitForSingleObject GetExitCodeProcess 24820->24822 24823 135dd69 numpunct 24820->24823 24822->24823 24823->24822 24824->24778 24825->24787 24826->24531 24827->24532 24829 1345da3 SetWindowLongW 24828->24829 24830 1345dae 24828->24830 24829->24830 24831 1320dec CreateWindowExW 24830->24831 24832 1345dce IsWindow 24831->24832 24833 1345e05 24832->24833 24834 1345dda 24832->24834 24836 1345e38 24833->24836 24838 1345e12 ImageList_GetIconSize 24833->24838 24834->24833 24835 1345de0 SendMessageW 24834->24835 24841 1345ced 7 API calls 2 library calls 24835->24841 24836->24557 24838->24836 24839 1345e2d 24838->24839 24842 1329254 12 API calls __expandlocale 24839->24842 24841->24833 24842->24836 24844 13318ee __EH_prolog3_GS 24843->24844 24845 133191a 24844->24845 24885 1331939 numpunct _strlen 24844->24885 24846 1319638 numpunct 77 API calls 24845->24846 24848 133192f 24846->24848 24847 133314a numpunct 24852 137c2c5 Mailbox 5 API calls 24847->24852 24933 134ba76 147 API calls 6 library calls 24848->24933 24849 133315d RaiseException 24853 133315a 24852->24853 24853->24618 24855 13116f0 77 API calls 24855->24885 24856 131a995 77 API calls numpunct 24856->24885 24861 13753a6 77 API calls ctype 24861->24885 24864 1319b08 77 API calls 24864->24885 24865 131fd87 67 API calls 24865->24885 24866 131fd37 78 API calls 24866->24885 24867 1347e09 21 API calls 24867->24885 24868 134470c 77 API calls 24868->24885 24869 135bed6 79 API calls 24869->24885 24870 1333172 147 API calls 24870->24885 24872 13454b5 72 API calls 24888 13326fa numpunct _strlen 24872->24888 24873 1311716 77 API calls numpunct 24873->24885 24874 1311568 77 API calls numpunct 24874->24885 24875 13116f0 77 API calls 24875->24888 24876 13318df 227 API calls 24876->24888 24877 131d71a 111 API calls 24877->24885 24878 1321318 157 API calls 24878->24885 24880 1333172 147 API calls 24880->24888 24882 13454b5 72 API calls 24882->24885 24884 13318df 227 API calls 24884->24885 24885->24847 24885->24849 24885->24855 24885->24856 24885->24861 24885->24864 24885->24865 24885->24866 24885->24867 24885->24868 24885->24869 24885->24870 24885->24873 24885->24874 24885->24877 24885->24878 24885->24882 24885->24884 24885->24888 24923 13275e2 24885->24923 24927 13449ed 24885->24927 24934 132a1f9 77 API calls 4 library calls 24885->24934 24935 131fe5b 77 API calls 3 library calls 24885->24935 24936 1320401 153 API calls 24885->24936 24937 132a411 78 API calls 4 library calls 24885->24937 24939 132a510 78 API calls 3 library calls 24885->24939 24942 132a15a 77 API calls 5 library calls 24885->24942 24886 1311716 numpunct 77 API calls 24886->24888 24887 1311568 numpunct 77 API calls 24887->24888 24888->24849 24888->24872 24888->24875 24888->24876 24888->24880 24888->24885 24888->24886 24888->24887 24938 1344a79 29 API calls 3 library calls 24888->24938 24940 1344e56 132 API calls 24888->24940 24941 13209bc 85 API calls 4 library calls 24888->24941 24890 1347f38 __EH_prolog3 24889->24890 24973 131dcbf 24890->24973 24893 131b6a8 77 API calls 24894 1347f76 24893->24894 24895 131b6a8 77 API calls 24894->24895 24896 1347f81 ctype 24895->24896 24896->24618 24898 1329b5a 24897->24898 24899 1329aef EnterCriticalSection 24897->24899 24904 13748c1 __expandlocale 5 API calls 24898->24904 24900 1329b4a LeaveCriticalSection 24899->24900 24901 1329b0a GdiplusStartup 24899->24901 24900->24898 24903 1329b64 24900->24903 24901->24900 24902 1329b43 24901->24902 24902->24900 24905 1329b7c lstrlenW 24903->24905 24916 1329b74 GdipCreateBitmapFromFile 24903->24916 24906 1329c42 24904->24906 25015 134809b 72 API calls 3 library calls 24905->25015 24906->24638 24909 1329b99 25016 1311b94 68 API calls _memcpy_s 24909->25016 24910 1329bf2 24913 1375111 _free 66 API calls 24910->24913 24911 1329bfd 24914 1329c14 24911->24914 24915 1329c08 GdipDisposeImage 24911->24915 24913->24911 24977 1329c46 GdipGetImagePixelFormat 24914->24977 24915->24898 24916->24910 24916->24911 24919->24563 24920->24617 24921->24638 24922->24638 24924 13275f1 24923->24924 24925 1327607 24923->24925 24924->24925 24943 137814a 85 API calls __tolower_l 24924->24943 24925->24885 24928 13449fe 24927->24928 24944 131d71a 24928->24944 24933->24885 24934->24885 24935->24885 24936->24885 24937->24885 24938->24888 24939->24885 24940->24888 24941->24888 24942->24885 24943->24924 24945 131d72f 24944->24945 24947 131d7a0 24944->24947 24946 131d73e EnterCriticalSection 24945->24946 24945->24947 24948 131d865 LeaveCriticalSection 24946->24948 24949 131d754 24946->24949 24962 1347e09 24947->24962 24948->24947 24950 131d75b GetClassInfoExW 24949->24950 24951 131d7ca LoadCursorW 24949->24951 24952 131d784 GetClassInfoExW 24950->24952 24953 131d7a9 24950->24953 24951->24953 24952->24953 24954 131d799 LeaveCriticalSection 24952->24954 24955 131d812 GetClassInfoExW 24953->24955 24971 1375426 97 API calls swprintf 24953->24971 24954->24947 24955->24948 24957 131d839 RegisterClassExW 24955->24957 24959 131d85a 24957->24959 24960 131d84c 24957->24960 24958 131d80c 24958->24955 24959->24948 24972 131950f 72 API calls __recalloc 24960->24972 24963 1314f3a 15 API calls 24962->24963 24964 1347e1c 24963->24964 24965 1347e20 SetLastError 24964->24965 24966 1347e2c 24964->24966 24967 1344a3b 24965->24967 24966->24967 24968 1311db3 4 API calls 24966->24968 24967->24885 24969 1347e3b CreateWindowExW 24968->24969 24969->24967 24971->24958 24972->24959 24974 131dcca 24973->24974 24976 131dcd7 24973->24976 24975 131b8e0 numpunct 77 API calls 24974->24975 24974->24976 24975->24976 24976->24893 24978 1329c74 GdipGetImageHeight 24977->24978 24980 1329cf2 24978->24980 24981 1329cf5 GdipGetImageWidth 24978->24981 24980->24981 24982 1329d16 24981->24982 25017 1329892 24982->25017 24985 1329d57 GdipGetImagePaletteSize 24987 1329d71 24985->24987 24986 13748c1 __expandlocale 5 API calls 24990 1329c25 GdipDisposeImage 24986->24990 24991 1329d88 24987->24991 25031 1329121 5 API calls __crtLCMapStringA_stat 24987->25031 24988 1329ec7 GdipBitmapLockBits 24992 1329f08 24988->24992 24989 1329fc4 GdipCreateBitmapFromScan0 GdipGetImageGraphicsContext GdipDrawImageI GdipDeleteGraphics GdipDisposeImage 25004 1329fbf 24989->25004 24990->24898 24998 1329d8d __crtLCMapStringA_stat 24991->24998 25032 13444f0 24991->25032 24996 1329f3d 24992->24996 24999 1329f13 24992->24999 24995 1375111 _free 66 API calls 24995->25004 24997 1329fab GdipBitmapUnlockBits 24996->24997 25040 1311b94 68 API calls _memcpy_s 24996->25040 24997->25004 25001 1329dd5 GdipGetImagePalette 24998->25001 25002 1329daa 24998->25002 25000 1375111 _free 66 API calls 24999->25000 25011 1329d35 24999->25011 25000->24999 25005 1329de9 25001->25005 25006 1375111 _free 66 API calls 25002->25006 25002->25011 25004->24995 25004->25011 25007 1329dfa 25005->25007 25008 1329e25 25005->25008 25006->25002 25009 1375111 _free 66 API calls 25007->25009 25007->25011 25038 1329a7b InterlockedExchange CreateCompatibleDC SelectObject 25008->25038 25009->25007 25011->24986 25014 1329eb3 25014->24988 25014->24989 25015->24909 25016->24916 25018 13444f0 68 API calls 25017->25018 25019 13298aa 25018->25019 25020 13298b0 25019->25020 25023 13298c9 _memset 25019->25023 25021 13298c2 25020->25021 25024 1375111 _free 66 API calls 25020->25024 25021->24985 25021->25011 25021->25014 25022 132990f CreateDIBSection 25025 1329922 25022->25025 25026 1329936 25022->25026 25023->25022 25024->25020 25025->25021 25028 1375111 _free 66 API calls 25025->25028 25041 132a099 6 API calls __expandlocale 25026->25041 25028->25025 25029 132994a 25029->25021 25030 1375111 _free 66 API calls 25029->25030 25030->25029 25031->24991 25033 1344501 25032->25033 25034 134450e 25033->25034 25042 1311000 SysFreeString RaiseException __CxxThrowException@8 25033->25042 25035 1376c17 _malloc 66 API calls 25034->25035 25037 1344516 25035->25037 25037->24998 25040->24996 25041->25029 25042->25034 25043 132a91f 25044 132a92b __EH_prolog3 25043->25044 25067 132a15a 77 API calls 5 library calls 25044->25067 25046 132aa40 25068 13297f1 EnterCriticalSection LeaveCriticalSection 25046->25068 25048 132aa73 25069 1352870 77 API calls 4 library calls 25048->25069 25050 132aac6 25070 1352870 77 API calls 4 library calls 25050->25070 25052 132aad6 25071 1352870 77 API calls 4 library calls 25052->25071 25054 132aae6 25072 13476e9 77 API calls 3 library calls 25054->25072 25056 132ab64 25073 1361fd3 82 API calls 25056->25073 25058 132ac0d 25074 134783f 77 API calls 3 library calls 25058->25074 25060 132aced _wcslen 25061 131b7e3 numpunct 77 API calls 25060->25061 25062 132ad69 _wcslen 25061->25062 25063 131b7e3 numpunct 77 API calls 25062->25063 25064 132add3 25063->25064 25075 1355088 77 API calls 2 library calls 25064->25075 25066 132aded ctype 25067->25046 25068->25048 25069->25050 25070->25052 25071->25054 25072->25056 25073->25058 25074->25060 25075->25066 25076 131681f 25079 1313e9b 25076->25079 25078 1316846 25080 1313ea8 25079->25080 25081 1313eb5 25080->25081 25083 131409a 25080->25083 25081->25078 25084 13140a9 __EH_prolog3_GS 25083->25084 25085 13140bc EnterCriticalSection 25084->25085 25086 13140b5 25084->25086 25090 13140ee 25085->25090 25098 13142bc 25085->25098 25087 137c2c5 Mailbox 5 API calls 25086->25087 25091 131433c 25087->25091 25088 1314325 LeaveCriticalSection 25088->25086 25089 1314157 LoadRegTypeLib 25099 1314172 25089->25099 25090->25089 25094 1314118 GetModuleFileNameW 25090->25094 25091->25081 25093 131431f 25093->25088 25095 1314139 25094->25095 25094->25098 25096 1314141 LoadTypeLib 25095->25096 25095->25098 25096->25099 25098->25088 25100 1313ee1 25098->25100 25099->25098 25106 1313d35 79 API calls 2 library calls 25099->25106 25102 1313eed __EH_prolog3_catch numpunct 25100->25102 25101 1313f8f ctype 25101->25093 25102->25101 25103 1313ff3 SysFreeString 25102->25103 25104 1313ffc SysStringLen 25102->25104 25105 131401b SysFreeString 25102->25105 25103->25104 25104->25102 25105->25102 25106->25098 25107 13189de 25108 13189ed __EH_prolog3_GS 25107->25108 25109 1319b30 numpunct 77 API calls 25108->25109 25110 13189fc 25109->25110 25111 1318a0d LoadStringW 25110->25111 25114 131942e numpunct 25110->25114 25112 1319b30 numpunct 77 API calls 25111->25112 25113 1318a39 25112->25113 25163 1319f97 25113->25163 25116 137c2c5 Mailbox 5 API calls 25114->25116 25118 1319451 25116->25118 25117 1318a4f 25171 131e279 114 API calls 4 library calls 25117->25171 25120 1318a8b 25121 1319b08 77 API calls 25120->25121 25122 1318adf 25121->25122 25123 1319b08 77 API calls 25122->25123 25124 1318b05 25123->25124 25172 131d8b6 114 API calls 3 library calls 25124->25172 25126 13193f6 numpunct 25176 13194b6 EnterCriticalSection LeaveCriticalSection std::ios_base::_Ios_base_dtor 25126->25176 25128 1319b30 77 API calls numpunct 25158 1318e83 numpunct 25128->25158 25129 131b6a8 77 API calls 25162 1318b14 numpunct 25129->25162 25130 1319b08 77 API calls 25130->25162 25131 1318ce0 numpunct 25177 13194b6 EnterCriticalSection LeaveCriticalSection std::ios_base::_Ios_base_dtor 25131->25177 25134 1319b30 numpunct 77 API calls 25134->25162 25135 13196ae 114 API calls 25135->25162 25136 1319f97 118 API calls 25136->25162 25137 13194b6 EnterCriticalSection LeaveCriticalSection 25137->25162 25138 131aa30 67 API calls 25138->25162 25139 13194ab 25178 1363221 67 API calls 2 library calls 25139->25178 25140 1318c6d 25140->25131 25142 1318c76 25140->25142 25143 1319b30 numpunct 77 API calls 25142->25143 25145 1318c86 25143->25145 25144 13194b5 25146 131b6a8 77 API calls 25145->25146 25148 1318c9d _wcslen 25146->25148 25147 131a995 77 API calls numpunct 25147->25162 25149 131b74b 77 API calls 25148->25149 25150 1318cb7 25149->25150 25151 135be26 117 API calls 25150->25151 25152 1318cca 25151->25152 25173 134ba76 147 API calls 6 library calls 25152->25173 25154 1318cd5 numpunct 25154->25131 25155 131a995 numpunct 77 API calls 25155->25158 25156 131b6a8 77 API calls 25156->25158 25157 135be26 117 API calls 25157->25158 25158->25128 25158->25155 25158->25156 25158->25157 25158->25162 25174 135c5a9 159 API calls 3 library calls 25158->25174 25175 134ba76 147 API calls 6 library calls 25158->25175 25160 131d937 77 API calls 25160->25162 25161 135dae1 78 API calls 25161->25162 25162->25126 25162->25129 25162->25130 25162->25131 25162->25134 25162->25135 25162->25136 25162->25137 25162->25138 25162->25139 25162->25140 25162->25147 25162->25158 25162->25160 25162->25161 25164 1319fa3 __EH_prolog3 25163->25164 25179 131aad0 25164->25179 25166 1319fd4 25183 131b65c 83 API calls 5 library calls 25166->25183 25168 1319fef 25169 131a016 ctype 25168->25169 25184 131b949 77 API calls 2 library calls 25168->25184 25169->25117 25171->25120 25172->25162 25173->25154 25174->25158 25175->25158 25176->25114 25177->25114 25178->25144 25180 131aadc __EH_prolog3 25179->25180 25185 131b5ec 25180->25185 25182 131aaec ctype 25182->25166 25183->25168 25184->25169 25186 131b5f8 __EH_prolog3 25185->25186 25193 1314a45 25186->25193 25190 131b630 25191 131b652 ctype 25190->25191 25206 13149b3 67 API calls 2 library calls 25190->25206 25191->25182 25194 13753a6 ctype 77 API calls 25193->25194 25195 1314a78 25194->25195 25197 1314a84 25195->25197 25207 1314532 82 API calls 3 library calls 25195->25207 25198 131ce84 25197->25198 25199 131ce90 __EH_prolog3 25198->25199 25208 1314a2b 25199->25208 25203 131cea3 25229 131454c EnterCriticalSection LeaveCriticalSection __Deletegloballocale 25203->25229 25205 131ceb2 ctype 25205->25190 25207->25197 25230 13144c8 25208->25230 25211 131cfc4 25212 131cfd0 __EH_prolog3 25211->25212 25213 1363841 std::_Lockit::_Lockit EnterCriticalSection 25212->25213 25214 131cfda 25213->25214 25245 1314493 25214->25245 25216 131cff1 25217 131d004 25216->25217 25251 13146ac 25216->25251 25218 1363869 std::_Locinfo::~_Locinfo LeaveCriticalSection 25217->25218 25219 131d059 ctype 25218->25219 25219->25203 25221 131d014 25222 131d036 25221->25222 25261 1374d20 66 API calls std::exception::exception 25221->25261 25223 13144c8 std::locale::facet::_Incref 2 API calls 25222->25223 25225 131d046 25223->25225 25263 136355c 77 API calls ctype 25225->25263 25226 131d028 25262 137bd1e RaiseException 25226->25262 25229->25205 25235 1363841 25230->25235 25236 13144d9 25235->25236 25237 1363853 25235->25237 25239 1363869 25236->25239 25243 13665a0 EnterCriticalSection 25237->25243 25240 1363870 25239->25240 25241 13144ed 25239->25241 25244 13665b0 LeaveCriticalSection 25240->25244 25241->25211 25243->25236 25244->25241 25246 13144c3 25245->25246 25247 131449f 25245->25247 25246->25216 25248 1363841 std::_Lockit::_Lockit EnterCriticalSection 25247->25248 25249 13144a9 25248->25249 25250 1363869 std::_Locinfo::~_Locinfo LeaveCriticalSection 25249->25250 25250->25246 25253 13146b8 __EH_prolog3 25251->25253 25252 131472a ctype 25252->25221 25253->25252 25254 13753a6 ctype 77 API calls 25253->25254 25255 13146cf 25254->25255 25260 1314712 25255->25260 25264 1314386 25255->25264 25258 13146f9 25274 1314753 74 API calls 2 library calls 25258->25274 25260->25252 25275 1314400 102 API calls 5 library calls 25260->25275 25261->25226 25262->25222 25263->25217 25265 1314392 __EH_prolog3 25264->25265 25266 1363841 std::_Lockit::_Lockit EnterCriticalSection 25265->25266 25267 131439f 25266->25267 25268 13143eb 25267->25268 25285 1374cb9 66 API calls std::exception::_Copy_str 25267->25285 25276 13636cc 25268->25276 25271 13143d6 25286 137bd1e RaiseException 25271->25286 25273 13143f4 ctype 25273->25258 25274->25260 25275->25252 25277 137ba0a _setlocale 101 API calls 25276->25277 25278 13636da 25277->25278 25287 134d6a9 66 API calls 3 library calls 25278->25287 25280 13636f2 25281 1363702 25280->25281 25282 137ba0a _setlocale 101 API calls 25280->25282 25288 134d6a9 66 API calls 3 library calls 25281->25288 25282->25281 25284 1363716 25284->25273 25285->25271 25286->25268 25287->25280 25288->25284 23135 131d061 23141 1311dfc EnterCriticalSection 23135->23141 23137 131d06a 23138 131d0a1 23137->23138 23145 1314f3a 23137->23145 23142 1311e42 LeaveCriticalSection 23141->23142 23143 1311e17 GetCurrentThreadId 23141->23143 23142->23137 23144 1311e1f 23143->23144 23144->23142 23146 1314f52 GetCurrentProcess FlushInstructionCache 23145->23146 23147 1314f46 23145->23147 23149 1314f80 SetWindowLongW 23146->23149 23151 1362d08 23147->23151 23149->23138 23152 1362c6a 23151->23152 23153 1362c75 23152->23153 23154 1362c7e 23152->23154 23166 1362bea 6 API calls 23153->23166 23155 1362c9f InterlockedPopEntrySList 23154->23155 23156 1362c88 GetProcessHeap HeapAlloc 23154->23156 23159 1314f4b 23155->23159 23160 1362cac VirtualAlloc 23155->23160 23158 1362c9d 23156->23158 23156->23159 23158->23159 23159->23146 23159->23149 23160->23159 23162 1362cc7 InterlockedPopEntrySList 23160->23162 23161 1362c7a 23161->23154 23161->23159 23163 1362cd7 VirtualFree 23162->23163 23164 1362ce9 23162->23164 23163->23159 23165 1362cef InterlockedPushEntrySList 23164->23165 23165->23159 23165->23165 23166->23161 23167 1328827 23168 1328833 __EH_prolog3 23167->23168 23169 1328849 CoInitializeEx 23168->23169 23171 132883d ctype 23168->23171 23170 1328866 CoInitializeSecurity 23169->23170 23169->23171 23172 13288f7 CoCreateInstance 23170->23172 23174 132887f 23170->23174 23172->23171 23173 1328912 CoUninitialize 23172->23173 23173->23171 23184 13283ba 23174->23184 23178 13288c2 23193 1328394 LocalFree 23178->23193 23180 13288d0 23181 13288e8 OutputDebugStringW 23180->23181 23182 13288d9 23180->23182 23194 131eaf8 23181->23194 23182->23181 23185 13283cc FormatMessageW 23184->23185 23188 13283f5 23184->23188 23186 1328419 LocalAlloc 23185->23186 23187 13283e9 lstrlenW 23185->23187 23186->23188 23189 1328428 23186->23189 23187->23188 23192 1327581 99 API calls 2 library calls 23188->23192 23195 1375426 97 API calls swprintf 23189->23195 23191 1328464 23191->23188 23192->23178 23193->23180 23194->23172 23195->23191 23196 13113e7 23197 13113f2 _strlen 23196->23197 23200 1311568 23197->23200 23199 13113ff 23201 1311578 numpunct 23200->23201 23202 1311598 23201->23202 23204 131157c 23201->23204 23207 13117af 23202->23207 23213 1311716 23204->23213 23206 1311596 _memmove 23206->23199 23208 13117c5 23207->23208 23209 13117bb 23207->23209 23212 13117d5 numpunct 23208->23212 23224 13118c6 23208->23224 23228 13631d4 67 API calls 2 library calls 23209->23228 23212->23206 23214 131172b 23213->23214 23216 1311735 23213->23216 23239 1363221 67 API calls 2 library calls 23214->23239 23217 1311745 23216->23217 23218 131175f 23216->23218 23240 131184e 67 API calls 2 library calls 23217->23240 23220 13117af numpunct 77 API calls 23218->23220 23223 131175d _memmove 23220->23223 23221 1311751 23241 131184e 67 API calls 2 library calls 23221->23241 23223->23206 23225 13118d2 __EH_prolog3_catch 23224->23225 23229 1311a3f 23225->23229 23227 131191d ctype _memmove numpunct 23227->23212 23228->23208 23230 1311a84 23229->23230 23231 1311a4c 23229->23231 23230->23227 23232 13753a6 ctype 77 API calls 23231->23232 23234 1311a5a 23231->23234 23232->23234 23234->23230 23237 1374cb9 66 API calls std::exception::_Copy_str 23234->23237 23235 1311a6f 23238 137bd1e RaiseException 23235->23238 23237->23235 23238->23230 23239->23216 23240->23221 23241->23223 23242 134b822 23267 137c242 23242->23267 23244 134b82e InternetOpenW 23245 134b846 23244->23245 23251 134b870 _wcslen 23244->23251 23246 134b911 23245->23246 23247 134b852 23245->23247 23276 137c2c5 23246->23276 23268 1319638 23247->23268 23248 134b8a1 InternetConnectW 23248->23246 23256 134b8cd 23248->23256 23251->23248 23255 131b7e3 numpunct 77 API calls 23251->23255 23258 134b88b _wcslen 23255->23258 23256->23246 23259 134b8d5 GetLastError 23256->23259 23262 131b7e3 numpunct 77 API calls 23258->23262 23273 135bfb1 118 API calls 3 library calls 23259->23273 23261 134b8e5 23274 131d888 77 API calls _strlen 23261->23274 23262->23248 23264 134b8fc 23275 134ba76 147 API calls 6 library calls 23264->23275 23266 134b86b numpunct 23266->23246 23267->23244 23269 1319654 _strlen 23268->23269 23270 1311568 numpunct 77 API calls 23269->23270 23271 1319660 23270->23271 23272 134ba76 147 API calls 6 library calls 23271->23272 23272->23266 23273->23261 23274->23264 23275->23266 23277 13748c1 __expandlocale 5 API calls 23276->23277 23278 134b916 23277->23278 23279 1324a24 23280 1324a33 __EH_prolog3_GS 23279->23280 23281 1324a6b 23280->23281 23282 1324a4c 23280->23282 23356 1319b30 23281->23356 23283 1319638 numpunct 77 API calls 23282->23283 23285 1324a61 23283->23285 23395 134ba76 147 API calls 6 library calls 23285->23395 23288 1324a8a 23289 1319b30 numpunct 77 API calls 23288->23289 23291 1324a9a 23289->23291 23290 1319b30 numpunct 77 API calls 23292 1324bdd 23290->23292 23293 1319b30 numpunct 77 API calls 23291->23293 23294 1319b30 numpunct 77 API calls 23292->23294 23296 1324aae 23293->23296 23297 1324bf1 23294->23297 23295 1324ccf _wcslen 23301 1324cfa numpunct 23295->23301 23302 1324ceb 23295->23302 23298 1319b30 numpunct 77 API calls 23296->23298 23300 1319b30 numpunct 77 API calls 23297->23300 23299 1324abf 23298->23299 23360 135cb2a 23299->23360 23305 1324c05 23300->23305 23422 1324909 115 API calls 2 library calls 23301->23422 23419 1319c49 23302->23419 23307 135cb2a 84 API calls 23305->23307 23310 1324c23 numpunct 23307->23310 23308 1324d23 _wcslen 23311 1324d7e 23308->23311 23321 1324dce _wcslen 23308->23321 23309 1324add numpunct 23313 1324b48 23309->23313 23314 1324b29 23309->23314 23315 1324c6c 23310->23315 23316 1324cad 23310->23316 23312 131a995 numpunct 77 API calls 23311->23312 23317 1324d9d 23312->23317 23353 1324b8d numpunct 23313->23353 23376 131d937 77 API calls 3 library calls 23313->23376 23318 1319638 numpunct 77 API calls 23314->23318 23397 135be26 23315->23397 23415 1327839 23316->23415 23423 1327772 77 API calls _wcslen 23317->23423 23323 1324b3e 23318->23323 23332 1324dea 23321->23332 23339 1324e18 _wcslen 23321->23339 23396 134ba76 147 API calls 6 library calls 23323->23396 23326 1324b65 23377 132761b 77 API calls _wcslen 23326->23377 23329 1324cba 23333 1319b30 numpunct 77 API calls 23329->23333 23336 131a995 numpunct 77 API calls 23332->23336 23344 1324cca numpunct 23333->23344 23334 1324b7c 23378 135c990 23334->23378 23335 1324c93 23414 134ba76 147 API calls 6 library calls 23335->23414 23336->23317 23342 1324e34 23339->23342 23343 1324e65 23339->23343 23340 1324db5 numpunct 23340->23344 23341 1324ca0 numpunct 23341->23316 23345 131a995 numpunct 77 API calls 23342->23345 23347 1324ea1 numpunct 23343->23347 23349 135be26 117 API calls 23343->23349 23346 137c2c5 Mailbox 5 API calls 23344->23346 23345->23317 23348 1324ede 23346->23348 23350 1319b30 numpunct 77 API calls 23347->23350 23351 1324e79 23349->23351 23350->23340 23424 131d888 77 API calls _strlen 23351->23424 23353->23290 23353->23295 23354 1324e94 23425 134ba76 147 API calls 6 library calls 23354->23425 23357 1319b4e _wcslen 23356->23357 23358 131b7e3 numpunct 77 API calls 23357->23358 23359 1319b5a GetVersion 23358->23359 23359->23288 23359->23353 23361 135cb39 __EH_prolog3_GS 23360->23361 23362 1319b30 numpunct 77 API calls 23361->23362 23363 135cb7f 23362->23363 23365 135cc70 numpunct 23363->23365 23426 135c6cb 23363->23426 23367 137c2c5 Mailbox 5 API calls 23365->23367 23368 135cc9c 23367->23368 23368->23309 23372 135cc3b 23372->23365 23373 135cc62 RegCloseKey 23372->23373 23373->23365 23374 135cc1d _wcslen 23374->23372 23375 131b7e3 numpunct 77 API calls 23374->23375 23375->23372 23376->23326 23377->23334 23379 135c99f __EH_prolog3_GS 23378->23379 23380 135c9c7 23379->23380 23381 135c9b6 23379->23381 23384 1319c49 77 API calls 23380->23384 23382 1319b30 numpunct 77 API calls 23381->23382 23383 135c9c0 numpunct 23382->23383 23385 137c2c5 Mailbox 5 API calls 23383->23385 23387 135ca1c numpunct 23384->23387 23386 135cb29 23385->23386 23386->23353 23388 1319c49 77 API calls 23387->23388 23389 135ca51 numpunct 23388->23389 23390 1319c49 77 API calls 23389->23390 23391 135ca85 numpunct 23390->23391 23392 1319c49 77 API calls 23391->23392 23393 135caba numpunct 23392->23393 23394 135cb2a 84 API calls 23393->23394 23394->23383 23395->23281 23396->23313 23398 135be32 __EH_prolog3_GS 23397->23398 23464 137ba0a 23398->23464 23400 135be46 23401 1319638 numpunct 77 API calls 23400->23401 23402 135be51 23401->23402 23403 137ba0a _setlocale 101 API calls 23402->23403 23404 135be5f _memset numpunct 23403->23404 23500 137abd7 81 API calls __wcstombs_s_l 23404->23500 23406 135be9a 23407 1319638 numpunct 77 API calls 23406->23407 23408 135bea6 numpunct 23407->23408 23409 137ba0a _setlocale 101 API calls 23408->23409 23410 135bec0 numpunct 23409->23410 23411 137c2c5 Mailbox 5 API calls 23410->23411 23412 1324c78 23411->23412 23413 131d888 77 API calls _strlen 23412->23413 23413->23335 23414->23341 23416 1327846 _wcslen 23415->23416 23777 131aa30 23416->23777 23418 1324cb6 23418->23295 23418->23329 23420 131a995 numpunct 77 API calls 23419->23420 23421 1319c71 23420->23421 23421->23301 23422->23308 23423->23340 23424->23354 23425->23347 23427 135c6d7 __EH_prolog3_GS 23426->23427 23428 1319c49 77 API calls 23427->23428 23429 135c6f5 23428->23429 23430 1327839 67 API calls 23429->23430 23431 135c705 23430->23431 23432 1327839 67 API calls 23431->23432 23434 135c78f numpunct 23431->23434 23433 135c717 23432->23433 23433->23434 23435 1327839 67 API calls 23433->23435 23436 137c2c5 Mailbox 5 API calls 23434->23436 23437 135c729 23435->23437 23438 135c7d3 23436->23438 23437->23434 23439 1327839 67 API calls 23437->23439 23438->23365 23452 1312452 23438->23452 23440 135c73b 23439->23440 23440->23434 23441 1327839 67 API calls 23440->23441 23442 135c749 23441->23442 23442->23434 23443 1327839 67 API calls 23442->23443 23444 135c757 23443->23444 23444->23434 23445 1327839 67 API calls 23444->23445 23446 135c765 23445->23446 23446->23434 23447 1327839 67 API calls 23446->23447 23448 135c773 23447->23448 23448->23434 23449 1327839 67 API calls 23448->23449 23450 135c781 23449->23450 23450->23434 23451 1327839 67 API calls 23450->23451 23451->23434 23453 1312477 RegOpenKeyExW 23452->23453 23454 131246a 23452->23454 23455 1312485 23453->23455 23462 1311c74 GetModuleHandleW GetProcAddress RegOpenKeyExW 23454->23462 23459 1312490 23455->23459 23463 13123e4 RegCloseKey 23455->23463 23457 1312475 23457->23455 23459->23372 23460 13291b1 RegQueryValueExW 23459->23460 23461 13291dc 23460->23461 23461->23374 23462->23457 23463->23459 23465 137ba16 ___lock_fhandle 23464->23465 23466 137ba37 23465->23466 23467 137ba20 23465->23467 23503 13813d7 23466->23503 23501 137bdac 66 API calls __getptd_noexit 23467->23501 23470 137ba25 23502 1380221 11 API calls __wcstombs_s_l 23470->23502 23474 137ba46 23523 137c651 23474->23523 23477 137ba30 ___lock_fhandle _setlocale 23477->23400 23478 1382372 __lock 66 API calls 23479 137ba72 23478->23479 23529 137ad86 23479->23529 23486 137bb53 23558 1380f7d 8 API calls 23486->23558 23487 137baa2 __expandlocale 23490 1382372 __lock 66 API calls 23487->23490 23489 137bb59 23559 1381016 66 API calls 4 library calls 23489->23559 23492 137bac8 23490->23492 23554 1381161 74 API calls 3 library calls 23492->23554 23494 137bada 23555 1380f7d 8 API calls 23494->23555 23496 137bae0 23497 137bafe 23496->23497 23556 1381161 74 API calls 3 library calls 23496->23556 23557 137bb48 LeaveCriticalSection _doexit 23497->23557 23500->23406 23501->23470 23502->23477 23560 138135e GetLastError 23503->23560 23505 13813df 23507 137ba3c 23505->23507 23574 13791cf 66 API calls 3 library calls 23505->23574 23508 13811ae 23507->23508 23509 13811ba ___lock_fhandle 23508->23509 23510 13813d7 __getptd 66 API calls 23509->23510 23511 13811bf 23510->23511 23512 13811ed 23511->23512 23514 13811d1 23511->23514 23513 1382372 __lock 66 API calls 23512->23513 23515 13811f4 23513->23515 23516 13813d7 __getptd 66 API calls 23514->23516 23587 1381161 74 API calls 3 library calls 23515->23587 23518 13811d6 23516->23518 23522 13811e4 ___lock_fhandle 23518->23522 23586 13791cf 66 API calls 3 library calls 23518->23586 23519 1381208 23588 138121b LeaveCriticalSection _doexit 23519->23588 23522->23474 23526 137c65a 23523->23526 23525 137ba5c 23525->23477 23525->23478 23526->23525 23527 137c678 Sleep 23526->23527 23589 137ee5a 23526->23589 23528 137c68d 23527->23528 23528->23525 23528->23526 23530 137ada8 23529->23530 23531 137ad8f 23529->23531 23533 137bb3c 23530->23533 23531->23530 23600 1380eee 8 API calls 23531->23600 23601 1382299 LeaveCriticalSection 23533->23601 23535 137ba89 23536 137b6f9 23535->23536 23537 137b722 23536->23537 23543 137b73d 23536->23543 23538 137b72c 23537->23538 23602 137b3bf 23537->23602 23544 13748c1 __expandlocale 5 API calls 23538->23544 23539 137b867 23539->23538 23662 137b039 23539->23662 23541 137b88e 23648 137b19e 23541->23648 23543->23539 23543->23541 23550 137b772 _strpbrk _strncmp _strlen _strcspn 23543->23550 23546 137b913 23544->23546 23546->23486 23546->23487 23547 137b8a3 __expandlocale 23547->23538 23547->23539 23548 137b3bf __setlocale_set_cat 101 API calls 23547->23548 23548->23547 23550->23538 23550->23539 23551 137b880 23550->23551 23552 137b3bf __setlocale_set_cat 101 API calls 23550->23552 23644 1388da5 66 API calls __wcstombs_s_l 23550->23644 23645 13801cf 23551->23645 23552->23550 23554->23494 23555->23496 23556->23497 23557->23477 23558->23489 23559->23477 23575 1381239 TlsGetValue 23560->23575 23563 13813cb SetLastError 23563->23505 23564 137c651 __calloc_crt 62 API calls 23565 1381389 23564->23565 23565->23563 23566 1381391 DecodePointer 23565->23566 23567 13813a6 23566->23567 23568 13813aa 23567->23568 23569 13813c2 23567->23569 23578 13812aa 66 API calls 4 library calls 23568->23578 23579 1375111 23569->23579 23572 13813b2 GetCurrentThreadId 23572->23563 23573 13813c8 23573->23563 23576 1381269 23575->23576 23577 138124e DecodePointer TlsSetValue 23575->23577 23576->23563 23576->23564 23577->23576 23578->23572 23580 137511c RtlFreeHeap 23579->23580 23584 1375145 __dosmaperr 23579->23584 23581 1375131 23580->23581 23580->23584 23585 137bdac 66 API calls __getptd_noexit 23581->23585 23583 1375137 GetLastError 23583->23584 23584->23573 23585->23583 23587->23519 23588->23518 23590 137ee66 23589->23590 23591 137ee81 23589->23591 23590->23591 23592 137ee72 23590->23592 23594 137ee94 RtlAllocateHeap 23591->23594 23595 137eebb 23591->23595 23599 137f2ce DecodePointer 23591->23599 23598 137bdac 66 API calls __getptd_noexit 23592->23598 23594->23591 23594->23595 23595->23526 23596 137ee77 23596->23526 23598->23596 23599->23591 23600->23530 23601->23535 23603 13813d7 __getptd 66 API calls 23602->23603 23604 137b3ec 23603->23604 23605 137b19e __expandlocale 96 API calls 23604->23605 23609 137b414 __expandlocale _strlen 23605->23609 23606 137b41b 23607 13748c1 __expandlocale 5 API calls 23606->23607 23608 137b429 23607->23608 23608->23538 23609->23606 23691 137c60c 23609->23691 23611 137b465 _memmove 23611->23606 23697 137eddd 23611->23697 23613 137b6c7 23614 13801cf __invoke_watson 10 API calls 23613->23614 23615 137b6f8 23614->23615 23616 137b722 23615->23616 23625 137b73d 23615->23625 23618 137b72c 23616->23618 23620 137b3bf __setlocale_set_cat 100 API calls 23616->23620 23617 137b4d8 _memmove 23617->23613 23637 137b5dc _memcmp 23617->23637 23706 1385c89 79 API calls 2 library calls 23617->23706 23626 13748c1 __expandlocale 5 API calls 23618->23626 23619 137b867 23619->23618 23622 137b039 __setlocale_get_all 70 API calls 23619->23622 23620->23618 23621 137b88e 23627 137b19e __expandlocale 96 API calls 23621->23627 23622->23618 23623 137b693 23623->23613 23630 137b69f InterlockedDecrement 23623->23630 23624 137b662 23629 1375111 _free 66 API calls 23624->23629 23625->23619 23625->23621 23640 137b772 _strpbrk _strncmp _strlen _strcspn 23625->23640 23631 137b913 23626->23631 23629->23606 23630->23613 23632 137b6b7 23630->23632 23631->23538 23633 1375111 _free 66 API calls 23632->23633 23634 137b6bf 23633->23634 23635 1375111 _free 66 API calls 23634->23635 23635->23613 23637->23623 23637->23624 23640->23618 23640->23619 23641 137b880 23640->23641 23642 137b3bf __setlocale_set_cat 100 API calls 23640->23642 23707 1388da5 66 API calls __wcstombs_s_l 23640->23707 23643 13801cf __invoke_watson 10 API calls 23641->23643 23642->23640 23643->23618 23644->23550 23711 13800a6 23645->23711 23649 13813d7 __getptd 66 API calls 23648->23649 23650 137b1d9 23649->23650 23653 137eddd _strcpy_s 66 API calls 23650->23653 23654 137b246 23650->23654 23656 137b23f __expandlocale _memmove _strlen 23650->23656 23651 13748c1 __expandlocale 5 API calls 23652 137b3bd 23651->23652 23652->23547 23653->23656 23654->23651 23656->23654 23657 13801cf __invoke_watson 10 API calls 23656->23657 23659 137eddd _strcpy_s 66 API calls 23656->23659 23717 137aeaf 23656->23717 23724 13893e7 23656->23724 23760 137afce 66 API calls 3 library calls 23656->23760 23761 1388da5 66 API calls __wcstombs_s_l 23656->23761 23657->23656 23659->23656 23663 137c60c __malloc_crt 66 API calls 23662->23663 23664 137b052 23663->23664 23687 137b12a 23664->23687 23774 137ae6e 66 API calls 2 library calls 23664->23774 23667 137b140 23668 13801cf __invoke_watson 10 API calls 23667->23668 23670 137b14c 23668->23670 23669 137b083 __expandlocale 23669->23667 23677 137b0f1 23669->23677 23775 1388d38 66 API calls __wcstombs_s_l 23669->23775 23776 137ae6e 66 API calls 2 library calls 23669->23776 23671 1375111 _free 66 API calls 23670->23671 23673 137b154 23671->23673 23674 137b173 23673->23674 23675 137b164 InterlockedDecrement 23673->23675 23676 137b17b InterlockedDecrement 23674->23676 23674->23687 23675->23674 23678 137b16b 23675->23678 23680 137b182 23676->23680 23676->23687 23677->23670 23681 137b0f7 23677->23681 23679 1375111 _free 66 API calls 23678->23679 23679->23674 23682 1375111 _free 66 API calls 23680->23682 23683 137b113 23681->23683 23684 137b104 InterlockedDecrement 23681->23684 23682->23687 23686 137b11b InterlockedDecrement 23683->23686 23683->23687 23684->23683 23685 137b10b 23684->23685 23688 1375111 _free 66 API calls 23685->23688 23686->23687 23689 137b122 23686->23689 23687->23538 23688->23683 23690 1375111 _free 66 API calls 23689->23690 23690->23687 23693 137c615 23691->23693 23692 1376c17 _malloc 65 API calls 23692->23693 23693->23692 23694 137c64b 23693->23694 23695 137c62c Sleep 23693->23695 23694->23611 23696 137c641 23695->23696 23696->23693 23696->23694 23698 137edeb 23697->23698 23701 137edf2 23697->23701 23698->23701 23704 137ee10 23698->23704 23700 137edf7 23709 1380221 11 API calls __wcstombs_s_l 23700->23709 23708 137bdac 66 API calls __getptd_noexit 23701->23708 23703 137ee01 23703->23617 23704->23703 23710 137bdac 66 API calls __getptd_noexit 23704->23710 23706->23637 23707->23640 23708->23700 23709->23703 23710->23700 23712 13800c5 _memset __call_reportfault 23711->23712 23713 13800e3 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 23712->23713 23714 13801b1 __call_reportfault 23713->23714 23715 13748c1 __expandlocale 5 API calls 23714->23715 23716 13801cd GetCurrentProcess TerminateProcess 23715->23716 23716->23538 23720 137aec8 _memset 23717->23720 23718 137aed4 23718->23656 23719 137aef7 _strcspn 23719->23718 23722 13801cf __invoke_watson 10 API calls 23719->23722 23763 1388da5 66 API calls __wcstombs_s_l 23719->23763 23720->23718 23720->23719 23762 1388da5 66 API calls __wcstombs_s_l 23720->23762 23722->23719 23725 13813d7 __getptd 66 API calls 23724->23725 23730 13893f4 23725->23730 23726 1389401 GetUserDefaultLCID 23752 1389488 23726->23752 23728 138942b 23729 1389493 23728->23729 23731 138943d 23728->23731 23729->23726 23735 138949e _strlen 23729->23735 23730->23726 23730->23728 23764 1388e5a 85 API calls _LanguageEnumProc@4 23730->23764 23734 1389451 23731->23734 23737 1389448 23731->23737 23766 13893ab 23734->23766 23741 13894a4 EnumSystemLocalesA 23735->23741 23736 13894f9 23742 138951e IsValidCodePage 23736->23742 23749 13895c9 23736->23749 23765 1389344 EnumSystemLocalesA _GetPrimaryLen _strlen 23737->23765 23740 138944f 23740->23752 23770 1388e5a 85 API calls _LanguageEnumProc@4 23740->23770 23741->23752 23744 1389530 IsValidLocale 23742->23744 23742->23749 23744->23749 23750 1389543 23744->23750 23745 138946f 23746 138948a 23745->23746 23747 1389481 23745->23747 23745->23752 23748 13893ab _GetLcidFromLanguage EnumSystemLocalesA 23746->23748 23771 1389344 EnumSystemLocalesA _GetPrimaryLen _strlen 23747->23771 23748->23752 23749->23656 23750->23749 23753 1389594 GetLocaleInfoA 23750->23753 23755 137eddd _strcpy_s 66 API calls 23750->23755 23752->23749 23772 1388ebc 82 API calls 2 library calls 23752->23772 23753->23749 23754 13895a5 GetLocaleInfoA 23753->23754 23754->23749 23756 13895b9 23754->23756 23757 1389581 23755->23757 23773 137c4d7 66 API calls _xtoa_s@20 23756->23773 23757->23754 23759 13801cf __invoke_watson 10 API calls 23757->23759 23759->23753 23760->23656 23761->23656 23762->23719 23763->23719 23764->23728 23765->23740 23768 13893b2 _GetPrimaryLen _strlen 23766->23768 23767 13893cc EnumSystemLocalesA 23769 13893e2 23767->23769 23768->23767 23769->23740 23770->23745 23771->23752 23772->23736 23773->23749 23774->23669 23775->23669 23776->23669 23778 131aa3d 23777->23778 23780 131aa47 23777->23780 23781 1363221 67 API calls 2 library calls 23778->23781 23780->23418 23781->23780 25289 1315109 25290 1315116 25289->25290 25291 131511d 25289->25291 25291->25290 25292 131d71a 111 API calls 25291->25292 25293 1315147 25292->25293 25294 1347e09 21 API calls 25293->25294 25294->25290 23782 131d0a8 23783 131d0c8 23782->23783 23793 13153ae 23783->23793 23811 132a369 23783->23811 23821 132a4b5 23783->23821 23784 131d0ee 23785 131d114 GetWindowLongW CallWindowProcW 23784->23785 23786 131d0fc CallWindowProcW 23784->23786 23789 131d161 23784->23789 23787 131d146 GetWindowLongW 23785->23787 23785->23789 23786->23789 23788 131d153 SetWindowLongW 23787->23788 23787->23789 23788->23789 23794 13153cb 23793->23794 23810 13153e8 23793->23810 23795 13153f8 23794->23795 23796 131550a 23794->23796 23809 13153d9 23794->23809 23830 1315bd2 22 API calls __expandlocale 23795->23830 23797 1315520 23796->23797 23825 1315ac2 23796->23825 23800 131553a 23797->23800 23831 131597b 4 API calls 2 library calls 23797->23831 23800->23809 23832 1315a18 4 API calls 2 library calls 23800->23832 23802 1315730 23837 1317972 IsWindow CallWindowProcW GetDlgItem SendMessageW 23802->23837 23805 131574f 23805->23810 23806 1315709 CallWindowProcW 23833 131582f 23806->23833 23808 13154e1 23808->23802 23808->23810 23809->23806 23809->23808 23809->23810 23810->23784 23812 132a395 23811->23812 23817 132a37c 23811->23817 23813 132a39b 23812->23813 23814 132a3ae 23812->23814 23843 1320e3d 23813->23843 23816 132a3cc 23814->23816 23814->23817 23818 132a388 23816->23818 23896 1321082 23816->23896 23817->23818 23869 132111a 23817->23869 23818->23784 23822 132a4be 23821->23822 23824 132a4d4 23821->23824 23982 1344b43 23822->23982 23824->23784 23838 131821d 23825->23838 23827 1315b0a 23828 1315b23 KiUserCallbackDispatcher 23827->23828 23829 1315b31 23827->23829 23828->23829 23829->23797 23830->23809 23831->23800 23832->23800 23835 131583b __EH_prolog3 Mailbox 23833->23835 23834 1315975 ctype 23834->23808 23835->23834 23836 1315968 DestroyAcceleratorTable 23835->23836 23836->23834 23837->23805 23839 1318228 23838->23839 23841 1318236 6 API calls 23839->23841 23842 1311000 SysFreeString RaiseException __CxxThrowException@8 23839->23842 23841->23827 23842->23839 23906 137c242 23843->23906 23845 1320e4c GetClientRect GetWindowRect 23846 1320e8a CreateSolidBrush FillRect SetBkColor 23845->23846 23847 1320e7f SetBkMode 23845->23847 23848 1320ea9 SystemParametersInfoW CreateFontIndirectW SetTextColor 23846->23848 23847->23848 23849 1320ff2 MoveWindow GetWindowTextLengthW 23848->23849 23850 1320eef 23848->23850 23934 13638c3 23849->23934 23907 13116f0 23850->23907 23863 1320f46 numpunct 23864 1320f54 GetObjectW GetObjectW 23863->23864 23865 1320f81 23864->23865 23933 1320689 CreateFontW 23865->23933 23867 1320fc8 SelectObject 23867->23849 23868 1320fe6 DeleteObject 23867->23868 23868->23849 23871 1321129 __EH_prolog3_GS 23869->23871 23870 132129f numpunct 23943 1321318 SendMessageW 23870->23943 23871->23870 23873 13116f0 77 API calls 23871->23873 23875 1321167 23873->23875 23874 13212c9 23877 1319638 numpunct 77 API calls 23874->23877 23876 135bed6 79 API calls 23875->23876 23878 1321170 23876->23878 23879 13212e2 23877->23879 23880 1319b30 numpunct 77 API calls 23878->23880 23958 135cd33 23879->23958 23881 1321184 23880->23881 23961 131fd87 23881->23961 23883 132128e numpunct 23888 137c2c5 Mailbox 5 API calls 23883->23888 23886 13211a1 23889 1319b30 numpunct 77 API calls 23886->23889 23887 13211d7 23890 1319b30 numpunct 77 API calls 23887->23890 23891 13212ff 23888->23891 23892 13211aa 23889->23892 23894 13211d3 numpunct 23890->23894 23891->23818 23965 131fd37 23892->23965 23895 1321277 MessageBoxW 23894->23895 23895->23870 23895->23883 23897 13210a0 23896->23897 23898 1321104 23896->23898 23979 1320dec 23897->23979 23899 13748c1 __expandlocale 5 API calls 23898->23899 23901 1321118 23899->23901 23901->23818 23902 13210d6 23902->23898 23903 1314f3a 15 API calls 23902->23903 23904 13210f0 23903->23904 23904->23898 23905 13210f4 SetWindowLongW 23904->23905 23905->23898 23906->23845 23908 1311716 numpunct 77 API calls 23907->23908 23909 131170f 23908->23909 23910 135bed6 23909->23910 23911 135bee2 __EH_prolog3_GS 23910->23911 23912 135befc MultiByteToWideChar 23911->23912 23913 135bf17 numpunct 23912->23913 23914 135bf39 23913->23914 23917 135bf48 _memset 23913->23917 23915 1319b30 numpunct 77 API calls 23914->23915 23921 135bf46 numpunct 23915->23921 23916 135bf64 MultiByteToWideChar 23918 1319b30 numpunct 77 API calls 23916->23918 23917->23916 23918->23921 23919 137c2c5 Mailbox 5 API calls 23920 1320f2a 23919->23920 23922 13206d4 23920->23922 23921->23919 23923 13206fd _memset 23922->23923 23924 1320733 23923->23924 23925 132070e lstrlenW 23923->23925 23935 13207ab 23924->23935 23926 1320722 lstrlenW 23925->23926 23927 132071d 23925->23927 23928 1320725 lstrcpynW 23926->23928 23927->23928 23928->23924 23931 13748c1 __expandlocale 5 API calls 23932 1320762 23931->23932 23932->23863 23933->23867 23936 13207d1 GetDC 23935->23936 23937 13207d8 GetDeviceCaps MulDiv DPtoLP DPtoLP 23935->23937 23936->23937 23938 1320833 23937->23938 23939 1320849 CreateFontIndirectW 23938->23939 23940 132083f ReleaseDC 23938->23940 23941 13748c1 __expandlocale 5 API calls 23939->23941 23940->23939 23942 1320758 23941->23942 23942->23931 23948 132134d 23943->23948 23944 1321364 23944->23874 23945 1321487 23946 132148b RaiseException 23945->23946 23947 13214ab 23946->23947 23952 132156b 23946->23952 23947->23952 23953 1321522 GetWindowLongW CallWindowProcW 23947->23953 23954 1321509 CallWindowProcW 23947->23954 23948->23944 23948->23945 23948->23946 23949 1321458 InvalidateRect 23948->23949 23950 13116f0 77 API calls 23948->23950 23955 132141f EnableWindow 23948->23955 23975 134032a 148 API calls 3 library calls 23948->23975 23949->23948 23950->23948 23952->23874 23953->23952 23956 1321552 GetWindowLongW 23953->23956 23954->23952 23955->23948 23956->23952 23957 132155e SetWindowLongW 23956->23957 23957->23952 23959 135cd45 WritePrivateProfileStringA 23958->23959 23959->23883 23962 131fd9b 23961->23962 23964 131fdd6 23961->23964 23963 131aa30 67 API calls 23962->23963 23962->23964 23963->23962 23964->23886 23964->23887 23966 131fd87 67 API calls 23965->23966 23967 131fd45 23966->23967 23968 131fd5b 23967->23968 23969 131fd4a 23967->23969 23970 131fd75 RaiseException 23968->23970 23973 131fd64 23968->23973 23971 1319b30 numpunct 77 API calls 23969->23971 23972 131fd54 23971->23972 23972->23894 23976 1319b08 23973->23976 23975->23948 23977 131a995 numpunct 77 API calls 23976->23977 23978 1319b29 23977->23978 23978->23972 23980 1320df6 23979->23980 23981 1320dfe CreateWindowExW 23979->23981 23980->23981 23981->23902 23983 1344b5f 23982->23983 23997 1344b70 23982->23997 23984 1344b77 23983->23984 23985 1344b69 23983->23985 23987 1344b7c IsWindow 23984->23987 23988 1344bab 23984->23988 24026 134651a 23985->24026 23991 1344b89 DestroyWindow 23987->23991 23987->23997 23989 1344c06 23988->23989 23990 1344bb6 IsWindow 23988->23990 23995 1344c25 23989->23995 23996 1344c62 23989->23996 23989->23997 23990->23989 23992 1344be5 23990->23992 23993 1344b96 23991->23993 23992->23989 23994 1344bf1 SendMessageW 23992->23994 23993->23997 23994->23989 23995->23997 24079 1345e8e 23995->24079 23998 1344c67 23996->23998 24001 1344c8d 23996->24001 23997->23824 23998->23997 24000 1344c71 InvalidateRect 23998->24000 24000->23997 24002 1344c94 24001->24002 24003 1344cc0 24001->24003 24101 1345f0e 7 API calls 24002->24101 24005 1344cc7 24003->24005 24006 1344cfc 24003->24006 24005->23997 24009 1344cd7 InvalidateRect UpdateWindow 24005->24009 24007 1344d03 PtInRect 24006->24007 24008 1344d38 24006->24008 24007->23997 24010 1344d21 SetFocus SetCapture 24007->24010 24011 1344d85 24008->24011 24012 1344d3f GetCapture 24008->24012 24009->23997 24010->23997 24014 1344d8c 24011->24014 24015 1344daf 24011->24015 24012->23997 24013 1344d4e ReleaseCapture PtInRect 24012->24013 24013->23997 24016 1344d72 24013->24016 24014->23997 24017 1346467 8 API calls 24014->24017 24015->23997 24018 1344dc6 24015->24018 24019 1344de2 24015->24019 24093 1346467 24016->24093 24017->23997 24102 1345fd2 GetCursorPos ScreenToClient PtInRect 24018->24102 24022 1344de7 InvalidateRect UpdateWindow 24019->24022 24023 1344e00 24019->24023 24022->24023 24023->23997 24103 1346030 IsWindow 24023->24103 24127 137c242 24026->24127 24028 1346529 GetClassNameW 24029 1346552 lstrcmpiW 24028->24029 24030 13465cc LoadCursorW 24028->24030 24029->24030 24033 1346565 GetWindowLongW 24029->24033 24031 13465e7 GetParent SendMessageW 24030->24031 24032 1346678 24030->24032 24037 1346602 GetStockObject 24031->24037 24041 134660d _memset 24031->24041 24036 1320dec CreateWindowExW 24032->24036 24034 134657e SetWindowLongW 24033->24034 24035 134658a GetWindowLongW 24033->24035 24034->24035 24056 134659b 24035->24056 24038 1346697 24036->24038 24037->24041 24039 13466a0 GetWindowTextLengthW 24038->24039 24040 134673a 24038->24040 24039->24040 24043 13466b1 24039->24043 24042 1346030 22 API calls 24040->24042 24041->24032 24044 134662e GetObjectW 24041->24044 24045 1346741 24042->24045 24128 131d99e 24043->24128 24047 134664b CreateFontIndirectW 24044->24047 24048 1346760 SendMessageW 24045->24048 24051 1346750 24045->24051 24047->24032 24146 1345ced 7 API calls 2 library calls 24048->24146 24055 134678d 24051->24055 24057 1346757 24051->24057 24052 13466df 24059 134671d 24052->24059 24060 13466fd GetWindowTextW 24052->24060 24061 1346864 24055->24061 24064 1312452 5 API calls 24055->24064 24056->24030 24145 1344a79 29 API calls 3 library calls 24057->24145 24059->24040 24144 131a795 66 API calls _free 24059->24144 24060->24059 24063 1346711 24060->24063 24065 137c2c5 Mailbox 5 API calls 24061->24065 24062 134675e 24062->24055 24132 13475b9 24063->24132 24067 13467c3 24064->24067 24069 1346869 24065->24069 24070 1346840 24067->24070 24072 13291b1 RegQueryValueExW 24067->24072 24069->23997 24070->24061 24071 1346858 RegCloseKey 24070->24071 24071->24061 24073 13467fc 24072->24073 24074 1346807 24073->24074 24147 1347654 68 API calls __expandlocale 24073->24147 24075 13291b1 RegQueryValueExW 24074->24075 24077 1346835 24075->24077 24077->24070 24148 1347654 68 API calls __expandlocale 24077->24148 24080 1345e9a __EH_prolog3_GS 24079->24080 24081 1345ea0 24080->24081 24082 1345ebe BeginPaint 24080->24082 24083 132157c 100 API calls 24081->24083 24150 132157c 24082->24150 24085 1345ead 24083->24085 24088 134695a 47 API calls 24085->24088 24090 1345ebc 24088->24090 24091 137c2c5 Mailbox 5 API calls 24090->24091 24092 1345f0d 24091->24092 24092->23997 24094 13464b1 24093->24094 24095 134647f GetDlgCtrlID GetDlgCtrlID GetParent 24093->24095 24097 13464e1 ShellExecuteW 24094->24097 24098 13464b8 GetDlgCtrlID GetParent 24094->24098 24096 13464d8 SendMessageW 24095->24096 24099 1346513 24096->24099 24097->24099 24100 1346503 InvalidateRect 24097->24100 24098->24096 24099->23997 24100->24099 24101->23997 24102->23997 24104 1346052 24103->24104 24105 1346059 24103->24105 24107 13748c1 __expandlocale 5 API calls 24104->24107 24105->24104 24106 1346065 GetDC GetClientRect 24105->24106 24108 13460a4 24106->24108 24109 1346207 ReleaseDC 24106->24109 24110 1344e45 InvalidateRect 24107->24110 24111 13460b2 24108->24111 24112 134616f 24108->24112 24109->24104 24214 134686a lstrlenW CompareStringW CompareStringW 24111->24214 24113 1346180 SelectObject 24112->24113 24114 1346189 GetWindowLongW 24112->24114 24113->24114 24118 13461ad DrawTextW 24114->24118 24117 13460e5 SelectObject 24119 1346104 DrawTextW 24117->24119 24120 134611c SelectObject 24117->24120 24124 13461d6 SelectObject 24118->24124 24125 13461de 24118->24125 24119->24120 24122 1346140 DrawTextW SelectObject 24120->24122 24123 134613a 24120->24123 24122->24109 24123->24122 24124->24125 24125->24109 24126 13461fb OffsetRect 24125->24126 24126->24109 24127->24028 24129 131d9b1 24128->24129 24130 131d9be 24129->24130 24149 1311000 SysFreeString RaiseException __CxxThrowException@8 24129->24149 24130->24052 24143 131b5c9 68 API calls _malloc 24130->24143 24133 13475c5 __EH_prolog3_catch numpunct 24132->24133 24134 13475d0 lstrlenW 24133->24134 24135 13475fe numpunct 24134->24135 24136 134761b lstrlenW 24135->24136 24140 1347617 ctype 24135->24140 24137 1347632 24136->24137 24138 1347628 lstrcpyW 24136->24138 24139 1346030 22 API calls 24137->24139 24138->24137 24141 1347639 24139->24141 24140->24059 24141->24140 24142 1347640 SetWindowTextW 24141->24142 24142->24140 24143->24052 24144->24040 24145->24062 24146->24055 24147->24074 24148->24070 24149->24130 24209 137c242 24150->24209 24152 132158b SetWindowPos 24153 13215b2 CreateSolidBrush GetClientRect FillRect SetBkColor 24152->24153 24154 13215a5 SetBkMode 24152->24154 24155 13215ea 24153->24155 24154->24155 24156 13116f0 77 API calls 24155->24156 24157 1321636 24156->24157 24158 135bed6 79 API calls 24157->24158 24159 1321642 24158->24159 24160 13206d4 15 API calls 24159->24160 24161 132165e numpunct 24160->24161 24162 132166c GetObjectW GetObjectW 24161->24162 24163 1321699 24162->24163 24164 1321719 24163->24164 24165 13216ad 24163->24165 24167 13217a6 GetWindowRect 24164->24167 24211 1320689 CreateFontW 24164->24211 24210 1320689 CreateFontW 24165->24210 24168 13217e2 DeleteObject 24167->24168 24169 13217ee 24167->24169 24168->24169 24172 137c2c5 Mailbox 5 API calls 24169->24172 24170 13216e7 24212 1320689 CreateFontW 24170->24212 24173 13217f3 24172->24173 24176 134695a 24173->24176 24175 132179d 24175->24167 24177 1346b16 24176->24177 24178 134697d 24176->24178 24180 13206d4 15 API calls 24177->24180 24213 134686a lstrlenW CompareStringW CompareStringW 24178->24213 24182 1346b39 GetObjectW GetObjectW SetBkMode IsWindowEnabled 24180->24182 24181 13469d4 GetClientRect SetBkMode SelectObject 24183 1346a13 DrawTextW 24181->24183 24184 1346a2e IsWindowEnabled 24181->24184 24185 1346b74 24182->24185 24186 1346b79 GetSysColor 24182->24186 24183->24184 24187 1346a40 GetSysColor 24184->24187 24188 1346a3b 24184->24188 24189 1346b81 SetTextColor 24185->24189 24186->24189 24190 1346a48 SetTextColor 24187->24190 24188->24190 24191 1346b9a SelectObject 24189->24191 24192 1346a61 SelectObject DrawTextW SetTextColor SelectObject 24190->24192 24195 1346bc6 24191->24195 24196 1346bc9 GetWindowLongW 24191->24196 24197 1346aec GetFocus 24192->24197 24198 1346ab9 DrawTextW 24192->24198 24195->24196 24199 1346be0 DrawTextW GetFocus 24196->24199 24200 1346b06 SelectObject 24197->24200 24201 1346af7 DrawFocusRect 24197->24201 24198->24197 24204 1346c0e DrawFocusRect 24199->24204 24205 1346c18 SetTextColor SelectObject 24199->24205 24203 1346c47 24200->24203 24201->24200 24207 13748c1 __expandlocale 5 API calls 24203->24207 24204->24205 24205->24203 24206 1346c3b DeleteObject 24205->24206 24206->24203 24208 1345ef9 EndPaint 24207->24208 24208->24090 24209->24152 24210->24170 24211->24170 24212->24175 24213->24181 24214->24117 25295 135c50c 25296 135c518 __EH_prolog3_GS 25295->25296 25297 135c6cb 77 API calls 25296->25297 25298 135c542 25297->25298 25299 1319c49 77 API calls 25298->25299 25304 135c546 numpunct 25298->25304 25302 135c576 numpunct 25299->25302 25300 137c2c5 Mailbox 5 API calls 25301 135c55b 25300->25301 25305 135c7d4 25302->25305 25304->25300 25306 135c7e3 __EH_prolog3_GS 25305->25306 25307 135c80b 25306->25307 25312 135c8a8 25306->25312 25308 135be26 117 API calls 25307->25308 25309 135c814 25308->25309 25311 135be26 117 API calls 25309->25311 25310 137c2c5 Mailbox 5 API calls 25313 135c98f 25310->25313 25314 135c825 25311->25314 25316 13123fb 5 API calls 25312->25316 25331 135c984 25312->25331 25313->25304 25336 131d888 77 API calls _strlen 25314->25336 25321 135c8f3 25316->25321 25317 135c839 25337 1347f01 77 API calls _strlen 25317->25337 25319 135c84f 25338 1347fce 77 API calls 25319->25338 25325 13123fb 5 API calls 25321->25325 25322 135c867 25339 134ba76 147 API calls 6 library calls 25322->25339 25324 135c871 numpunct 25324->25312 25326 135c947 25325->25326 25327 135c95e 25326->25327 25333 13124a4 25326->25333 25329 135c974 25327->25329 25330 135c96c RegCloseKey 25327->25330 25329->25331 25332 135c97c RegCloseKey 25329->25332 25330->25329 25331->25310 25332->25331 25334 13124b2 lstrlenW RegSetValueExW 25333->25334 25335 13124ad 25333->25335 25334->25335 25335->25327 25336->25317 25337->25319 25338->25322 25339->25324 25340 1319d08 25343 1313dfa 25340->25343 25342 1319d21 25344 1313e0a 25343->25344 25345 1313e17 25344->25345 25346 131409a 87 API calls 25344->25346 25347 1313e28 lstrlenW 25345->25347 25348 1313e3c _memcmp 25345->25348 25346->25345 25347->25348 25348->25342 25349 1317f48 25350 131800e 82 API calls 25349->25350 25351 1317f55 25350->25351 25361 1319f09 25351->25361 25353 1317f66 25354 1317fb6 25353->25354 25355 1317fd1 SysAllocString 25353->25355 25356 1317f86 25353->25356 25355->25356 25357 1317fe0 25355->25357 25367 1315f0f 25356->25367 25409 1311000 SysFreeString RaiseException __CxxThrowException@8 25357->25409 25362 1319f15 __EH_prolog3_catch 25361->25362 25363 13753a6 ctype 77 API calls 25362->25363 25365 1319f1e ctype 25362->25365 25364 1319f3e 25363->25364 25364->25365 25410 131b449 GetSysColor __EH_prolog3 ctype 25364->25410 25365->25353 25368 1315f61 25367->25368 25369 1315f57 25367->25369 25370 131582f Mailbox DestroyAcceleratorTable 25368->25370 25371 13748c1 __expandlocale 5 API calls 25369->25371 25372 1315f7f 25370->25372 25373 1316280 SysFreeString 25371->25373 25374 1315fa1 IsWindow 25372->25374 25375 1315f8a RedrawWindow 25372->25375 25373->25354 25374->25369 25376 1315fb0 25374->25376 25442 1317945 DestroyWindow GetWindowLongW SetWindowLongW 25375->25442 25378 1315fba 25376->25378 25443 131d19c 16 API calls 25376->25443 25380 1315fda GetParent GetClassNameW 25378->25380 25381 131601e 25378->25381 25382 131600c GetSysColor 25380->25382 25383 1315ff5 lstrcmpW 25380->25383 25411 1314f85 25381->25411 25382->25381 25383->25382 25387 131604f 25389 1316223 25387->25389 25393 13160a0 GetWindowLongW 25387->25393 25389->25369 25390 131582f Mailbox DestroyAcceleratorTable 25389->25390 25391 1316243 25390->25391 25391->25369 25392 131624a RedrawWindow 25391->25392 25392->25369 25394 131625e 25392->25394 25395 13160bf GetWindowLongW SetWindowLongW SetWindowPos 25393->25395 25399 13160b4 25393->25399 25394->25369 25396 1316265 25394->25396 25395->25399 25445 1317945 DestroyWindow GetWindowLongW SetWindowLongW 25396->25445 25398 1316290 25398->25389 25400 13162af VariantInit 25398->25400 25399->25398 25403 1316173 lstrlenW GlobalAlloc 25399->25403 25437 1311c2a VariantClear 25400->25437 25404 1316193 GlobalLock 25403->25404 25408 13161d1 25403->25408 25444 1311b94 68 API calls _memcpy_s 25404->25444 25406 13161ab GlobalUnlock CreateStreamOnHGlobal 25406->25408 25408->25389 25409->25354 25410->25365 25415 1314f91 __EH_prolog3_GS 25411->25415 25412 1314f9d 25413 137c2c5 Mailbox 5 API calls 25412->25413 25414 1315108 25413->25414 25414->25387 25428 1317558 25414->25428 25415->25412 25418 131501f CoCreateInstance 25415->25418 25446 1311f5c CharNextW CharNextW CharNextW 25415->25446 25417 1315043 25417->25418 25419 1315058 lstrlenW 25417->25419 25418->25412 25419->25412 25421 131506a 25419->25421 25422 1315075 CLSIDFromString 25421->25422 25423 131507d CLSIDFromProgID 25421->25423 25424 1315083 25422->25424 25423->25424 25424->25412 25425 131508c SysStringLen 25424->25425 25426 13150e6 CoCreateInstance 25425->25426 25427 1315099 CoGetClassObject 25425->25427 25426->25412 25427->25412 25429 1317564 __EH_prolog3 25428->25429 25430 1317805 GetClientRect 25429->25430 25436 131756b ctype 25429->25436 25431 131821d 8 API calls 25430->25431 25432 1317846 25431->25432 25447 13181ac 25432->25447 25434 1317864 RedrawWindow 25434->25436 25436->25387 25438 1311c43 SysAllocString 25437->25438 25439 1311c3d 25437->25439 25438->25439 25441 1311c6e VariantClear VariantClear 25438->25441 25439->25441 25452 1311000 SysFreeString RaiseException __CxxThrowException@8 25439->25452 25441->25389 25442->25374 25443->25378 25444->25406 25445->25369 25446->25417 25448 13181b7 25447->25448 25450 13181c5 6 API calls 25448->25450 25451 1311000 SysFreeString RaiseException __CxxThrowException@8 25448->25451 25450->25434 25451->25448 25452->25438 25453 1389284 25454 13813d7 __getptd 66 API calls 25453->25454 25455 13892a0 _LcidFromHexString 25454->25455 25456 13892ad GetLocaleInfoA 25455->25456 25457 13892d8 25456->25457 25461 13892d2 25456->25461 25466 138af25 85 API calls 2 library calls 25457->25466 25459 13748c1 __expandlocale 5 API calls 25460 1389340 25459->25460 25461->25459 25462 13892e3 25462->25461 25465 13892e9 25462->25465 25467 138af25 85 API calls 2 library calls 25462->25467 25465->25461 25468 1389058 GetLocaleInfoW _GetPrimaryLen _strlen 25465->25468 25466->25462 25467->25465 25468->25461 25469 1316e8f GetDC 25470 1316ea8 25469->25470 25472 1316eaf ReleaseDC 25469->25472 25472->25470 24215 1381227 RtlEncodePointer

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 01330720, Relevance: 99.1, APIs: 36, Strings: 20, Instructions: 1068COMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E01330720(void* __ebx, RECT* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t550;
				WCHAR* _t553;
				void* _t562;
				signed int _t564;
				void* _t573;
				void* _t597;
				intOrPtr _t601;
				void* _t602;
				void* _t641;
				void* _t645;
				void* _t649;
				void* _t653;
				void* _t657;
				void* _t661;
				void* _t678;
				WCHAR* _t681;
				void* _t686;
				WCHAR* _t689;
				void* _t737;
				intOrPtr* _t738;
				void* _t745;
				intOrPtr* _t746;
				void* _t753;
				intOrPtr* _t754;
				void* _t761;
				intOrPtr* _t762;
				void* _t769;
				intOrPtr* _t770;
				void* _t777;
				intOrPtr* _t778;
				RECT* _t783;
				void* _t795;
				intOrPtr _t797;
				intOrPtr _t805;
				intOrPtr _t807;
				intOrPtr _t810;
				signed int _t843;
				intOrPtr _t909;
				int _t911;
				struct HWND__** _t912;
				intOrPtr _t913;
				struct HWND__** _t927;
				int _t937;
				struct HWND__** _t942;
				intOrPtr _t945;
				void* _t961;
				struct HWND__* _t962;
				struct HWND__* _t963;
				intOrPtr _t964;
				intOrPtr _t965;

				_t908 = __edx;
				_push(0x2fc);
				E0137C242(0x13977e1, __ebx, __edi, __esi);
				_t911 = 0;
				_t783 = __ecx;
				 *(_t961 - 0x2f0) = 0;
				_t967 =  *0x13c2a33;
				 *((intOrPtr*)(_t961 - 0x2f8)) = __ecx;
				 *((char*)(__ecx + 0x258)) = 1;
				if( *0x13c2a33 != 0) {
					_t962 = _t962 - 0x1c;
					 *(_t961 - 0x2f4) = _t962;
					E01319638(_t962, "DisplayEulaOffer()...");
					E0134BA76(_t783, 0x13c2b18, __edx, 0, __esi, _t967);
				}
				_t937 =  &(_t783->top);
				 *(_t961 - 0x304) = _t937;
				SetWindowLongW( *_t937, 0xffffffec, GetWindowLongW( *_t937, 0xffffffec) | 0x00080000); // executed
				if( *((intOrPtr*)(_t783 + 0x628)) <= _t911) {
					L133:
					_push(_t911);
					goto L134;
				} else {
					__imp__SetLayeredWindowAttributes( *_t937, 0xff,  *( *((intOrPtr*)(_t783 + 0x624)) + 0x70) & 0x000000ff, 2);
					E01319B30(_t961 - 0x18c, L"PreviousX");
					 *(_t961 - 4) =  *(_t961 - 4) & 0x00000000;
					_t641 = E0131FD87(_t961 - 0x18c, _t961 - 0x18c, _t783 + 0x128);
					_t969 = _t641 - 0xffffffff;
					if(_t641 > 0xffffffff) {
						E01319B30(_t961 - 0x170, L"PreviousX");
						 *(_t961 - 4) = 1;
						 *(_t961 - 0x2f0) = 1;
						_t777 = E0131FD37(_t961 - 0x1a8, _t961 - 0x170, _t908, _t961 - 0x170, _t961 - 0x1a8);
						_push(_t961 - 0x1d4);
						 *(_t961 - 4) = 2;
						 *(_t961 - 0x2f0) = 3;
						_t778 = E0135BE26(_t783, _t777, _t961 - 0x170, _t783 + 0x128, _t969);
						 *(_t961 - 0x2f0) = 7;
						if( *((intOrPtr*)(_t778 + 0x14)) >= 0x10) {
							_t778 =  *_t778;
						}
						_push(_t778);
						E01377DAA();
					}
					if(( *(_t961 - 0x2f0) & 0x00000004) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffffffb;
						E01311524(_t961 - 0x1d4, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000002) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffffffd;
						E0131AA87(_t961 - 0x1a8, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000001) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffffffe;
						E0131AA87(_t961 - 0x170, 1, 0);
					}
					 *(_t961 - 4) =  *(_t961 - 4) | 0xffffffff;
					E0131AA87(_t961 - 0x18c, 1, 0);
					E01319B30(_t961 - 0x170, L"PreviousY");
					 *(_t961 - 4) = 3;
					_t645 = E0131FD87(_t961 - 0x170, _t961 - 0x170, _t783 + 0x128);
					_t977 = _t645 - 0xffffffff;
					if(_t645 > 0xffffffff) {
						E01319B30(_t961 - 0x18c, L"PreviousY");
						 *(_t961 - 4) = 4;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000008;
						_t769 = E0131FD37(_t961 - 0x1d4, _t961 - 0x18c, _t908, _t961 - 0x18c, _t961 - 0x1d4);
						_push(_t961 - 0x1a8);
						 *(_t961 - 4) = 5;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000010;
						_t770 = E0135BE26(_t783, _t769, _t961 - 0x18c, _t783 + 0x128, _t977);
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000020;
						if( *((intOrPtr*)(_t770 + 0x14)) >= 0x10) {
							_t770 =  *_t770;
						}
						_push(_t770);
						E01377DAA();
					}
					if(( *(_t961 - 0x2f0) & 0x00000020) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffffffdf;
						E01311524(_t961 - 0x1a8, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000010) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffffffef;
						E0131AA87(_t961 - 0x1d4, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000008) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffffff7;
						E0131AA87(_t961 - 0x18c, 1, 0);
					}
					 *(_t961 - 4) =  *(_t961 - 4) | 0xffffffff;
					E0131AA87(_t961 - 0x170, 1, 0);
					E01319B30(_t961 - 0x170, L"NextX");
					 *(_t961 - 4) = 6;
					_t649 = E0131FD87(_t961 - 0x170, _t961 - 0x170, _t783 + 0x128);
					_t985 = _t649 - 0xffffffff;
					if(_t649 <= 0xffffffff) {
						 *((intOrPtr*)(_t961 - 0x308)) = 0xa9;
					} else {
						E01319B30(_t961 - 0x18c, L"NextX");
						 *(_t961 - 4) = 7;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000040;
						_t761 = E0131FD37(_t961 - 0x1d4, _t961 - 0x18c, _t908, _t961 - 0x18c, _t961 - 0x1d4);
						_push(_t961 - 0x1a8);
						 *(_t961 - 4) = 8;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000080;
						_t762 = E0135BE26(_t783, _t761, _t961 - 0x18c, _t783 + 0x128, _t985);
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000100;
						if( *((intOrPtr*)(_t762 + 0x14)) >= 0x10) {
							_t762 =  *_t762;
						}
						_push(_t762);
						 *((intOrPtr*)(_t961 - 0x308)) = E01377DAA();
					}
					if(( *(_t961 - 0x2f0) & 0x00000100) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffffeff;
						E01311524(_t961 - 0x1a8, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000080) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffffff7f;
						E0131AA87(_t961 - 0x1d4, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000040) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffffffbf;
						E0131AA87(_t961 - 0x18c, 1, 0);
					}
					 *(_t961 - 4) =  *(_t961 - 4) | 0xffffffff;
					E0131AA87(_t961 - 0x170, 1, 0);
					E01319B30(_t961 - 0x170, L"NextY");
					 *(_t961 - 4) = 9;
					_t653 = E0131FD87(_t961 - 0x170, _t961 - 0x170, _t783 + 0x128);
					_t993 = _t653 - 0xffffffff;
					if(_t653 <= 0xffffffff) {
						 *(_t961 - 0x2fc) = 0x25;
					} else {
						E01319B30(_t961 - 0x18c, L"NextY");
						 *(_t961 - 4) = 0xa;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000200;
						_t753 = E0131FD37(_t961 - 0x1d4, _t961 - 0x18c, _t908, _t961 - 0x18c, _t961 - 0x1d4);
						_push(_t961 - 0x1a8);
						 *(_t961 - 4) = 0xb;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000400;
						_t754 = E0135BE26(_t783, _t753, _t961 - 0x18c, _t783 + 0x128, _t993);
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000800;
						if( *((intOrPtr*)(_t754 + 0x14)) >= 0x10) {
							_t754 =  *_t754;
						}
						_push(_t754);
						 *(_t961 - 0x2fc) = E01377DAA();
					}
					if(( *(_t961 - 0x2f0) & 0x00000800) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffff7ff;
						E01311524(_t961 - 0x1a8, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000400) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffffbff;
						E0131AA87(_t961 - 0x1d4, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000200) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffffdff;
						E0131AA87(_t961 - 0x18c, 1, 0);
					}
					 *(_t961 - 4) =  *(_t961 - 4) | 0xffffffff;
					E0131AA87(_t961 - 0x170, 1, 0);
					E01319B30(_t961 - 0x170, L"CancelX");
					 *(_t961 - 4) = 0xc;
					_t657 = E0131FD87(_t961 - 0x170, _t961 - 0x170, _t783 + 0x128);
					_t1001 = _t657 - 0xffffffff;
					if(_t657 <= 0xffffffff) {
						 *(_t961 - 0x2f4) = 0x58;
					} else {
						E01319B30(_t961 - 0x18c, L"CancelX");
						 *(_t961 - 4) = 0xd;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00001000;
						_t745 = E0131FD37(_t961 - 0x1d4, _t961 - 0x18c, _t908, _t961 - 0x18c, _t961 - 0x1d4);
						_push(_t961 - 0x1a8);
						 *(_t961 - 4) = 0xe;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00002000;
						_t746 = E0135BE26(_t783, _t745, _t961 - 0x18c, _t783 + 0x128, _t1001);
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00004000;
						if( *((intOrPtr*)(_t746 + 0x14)) >= 0x10) {
							_t746 =  *_t746;
						}
						_push(_t746);
						 *(_t961 - 0x2f4) = E01377DAA();
					}
					if(( *(_t961 - 0x2f0) & 0x00004000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffffbfff;
						E01311524(_t961 - 0x1a8, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00002000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffffdfff;
						E0131AA87(_t961 - 0x1d4, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00001000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffffefff;
						E0131AA87(_t961 - 0x18c, 1, 0);
					}
					 *(_t961 - 4) =  *(_t961 - 4) | 0xffffffff;
					E0131AA87(_t961 - 0x170, 1, 0);
					E01319B30(_t961 - 0x170, L"CancelY");
					 *(_t961 - 4) = 0xf;
					_t661 = E0131FD87(_t961 - 0x170, _t961 - 0x170, _t783 + 0x128);
					_t1009 = _t661 - 0xffffffff;
					if(_t661 <= 0xffffffff) {
						 *(_t961 - 0x300) = 0x25;
					} else {
						E01319B30(_t961 - 0x18c, L"CancelY");
						 *(_t961 - 4) = 0x10;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00008000;
						_t737 = E0131FD37(_t961 - 0x1d4, _t961 - 0x18c, _t908, _t961 - 0x18c, _t961 - 0x1d4);
						_push(_t961 - 0x1a8);
						 *(_t961 - 4) = 0x11;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00010000;
						_t738 = E0135BE26(_t783, _t737, _t961 - 0x18c, _t783 + 0x128, _t1009);
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00020000;
						if( *((intOrPtr*)(_t738 + 0x14)) >= 0x10) {
							_t738 =  *_t738;
						}
						_push(_t738);
						 *(_t961 - 0x300) = E01377DAA();
					}
					_t937 = 0;
					if(( *(_t961 - 0x2f0) & 0x00020000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffdffff;
						E01311524(_t961 - 0x1a8, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00010000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffeffff;
						E0131AA87(_t961 - 0x1d4, 1, _t937);
					}
					if(( *(_t961 - 0x2f0) & 0x00008000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffff7fff;
						E0131AA87(_t961 - 0x18c, 1, _t937);
					}
					 *(_t961 - 4) =  *(_t961 - 4) | 0xffffffff;
					E0131AA87(_t961 - 0x170, 1, _t937);
					GetWindowRect( *( *(_t961 - 0x304)), _t961 - 0x1b8);
					MoveWindow( *(_t783 + 0x404),  *((intOrPtr*)(_t961 - 0x1b0)) -  *(_t961 - 0x1b8) -  *((intOrPtr*)(_t961 - 0x308)),  *((intOrPtr*)(_t961 - 0x1ac)) -  *((intOrPtr*)(_t961 - 0x1b4)) -  *(_t961 - 0x2fc) - 0x17, 0x4b, 0x17, 1);
					MoveWindow( *(_t783 + 0x40c),  *((intOrPtr*)(_t961 - 0x1b0)) -  *(_t961 - 0x1b8) -  *(_t961 - 0x2f4),  *((intOrPtr*)(_t961 - 0x1ac)) -  *((intOrPtr*)(_t961 - 0x1b4)) -  *(_t961 - 0x300) - 0x17, 0x4b, 0x17, 1);
					E01319B30(_t961 - 0x170, L"STRID_NEXT");
					 *(_t961 - 4) = 0x12;
					if(E0131FD87(_t961 - 0x170, _t961 - 0x170, _t783 + 0x2a0) <= 0xffffffff) {
						_t678 = E01319B30(_t961 - 0x1a8, L"Next");
						 *(_t961 - 4) = 0x15;
						_t282 = _t961 - 0x2f0;
						 *_t282 =  *(_t961 - 0x2f0) | 0x00100000;
						__eflags =  *_t282;
					} else {
						E01319B30(_t961 - 0x18c, L"STRID_NEXT");
						 *(_t961 - 4) = 0x13;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00040000;
						_t678 = E0131FD37(_t961 - 0x2b4, _t961 - 0x18c, _t908, _t961 - 0x18c, _t961 - 0x2b4);
						 *(_t961 - 4) = 0x14;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00080000;
						_t937 = 0;
					}
					E01319B61(_t961 - 0x260, _t678);
					 *(_t961 - 4) = 0x16;
					if(( *(_t961 - 0x2f0) & 0x00100000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffefffff;
						E0131AA87(_t961 - 0x1a8, 1, _t937);
					}
					if(( *(_t961 - 0x2f0) & 0x00080000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfff7ffff;
						E0131AA87(_t961 - 0x2b4, 1, _t937);
					}
					if(( *(_t961 - 0x2f0) & 0x00040000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffbffff;
						E0131AA87(_t961 - 0x18c, 1, _t937);
					}
					 *(_t961 - 4) = 0x1a;
					E0131AA87(_t961 - 0x170, 1, _t937);
					_t681 =  *(_t961 - 0x260);
					if( *((intOrPtr*)(_t961 - 0x24c)) < 8) {
						_t681 = _t961 - 0x260;
					}
					SetWindowTextW( *(_t783 + 0x404), _t681); // executed
					E01319B30(_t961 - 0x1d4, L"STRID_CANCEL");
					 *(_t961 - 4) = 0x1b;
					if(E0131FD87(_t961 - 0x1d4, _t961 - 0x1d4, _t783 + 0x2a0) <= 0xffffffff) {
						_t686 = E01319B30(_t961 - 0x2ec, L"Cancel");
						 *(_t961 - 4) = 0x1e;
						_t326 = _t961 - 0x2f0;
						 *_t326 =  *(_t961 - 0x2f0) | 0x00800000;
						__eflags =  *_t326;
					} else {
						E01319B30(_t961 - 0x1f0, L"STRID_CANCEL");
						 *(_t961 - 4) = 0x1c;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00200000;
						_t686 = E0131FD37(_t961 - 0x2d0, _t961 - 0x1f0, _t908, _t961 - 0x1f0, _t961 - 0x2d0);
						 *(_t961 - 4) = 0x1d;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00400000;
						_t937 = 0;
					}
					E01319B61(_t961 - 0x27c, _t686);
					 *(_t961 - 4) = 0x1f;
					if(( *(_t961 - 0x2f0) & 0x00800000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xff7fffff;
						E0131AA87(_t961 - 0x2ec, 1, _t937);
					}
					if(( *(_t961 - 0x2f0) & 0x00400000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffbfffff;
						E0131AA87(_t961 - 0x2d0, 1, _t937);
					}
					if(( *(_t961 - 0x2f0) & 0x00200000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffdfffff;
						E0131AA87(_t961 - 0x1f0, 1, _t937);
					}
					 *(_t961 - 4) = 0x23;
					E0131AA87(_t961 - 0x1d4, 1, _t937);
					_t689 =  *(_t961 - 0x27c);
					if( *((intOrPtr*)(_t961 - 0x268)) < 8) {
						_t689 = _t961 - 0x27c;
					}
					SetWindowTextW( *(_t783 + 0x40c), _t689); // executed
					ShowWindow( *(_t783 + 0x408), _t937); // executed
					ShowWindow( *(_t783 + 0x320), _t937); // executed
					ShowWindow( *(_t783 + 0x2b0), _t937); // executed
					ShowWindow( *(_t783 + 0x390), _t937); // executed
					ShowWindow( *(_t783 + 0x25c), _t937); // executed
					 *(_t961 - 0x2f4) = GetDlgItem( *( *(_t961 - 0x304)), 0xce);
					 *(_t961 - 0x300) = GetDlgItem( *( *(_t961 - 0x304)), 0xcd);
					EnableWindow( *(_t961 - 0x2f4), _t937); // executed
					EnableWindow( *(_t961 - 0x300), _t937); // executed
					ShowWindow( *(_t961 - 0x2f4), _t937); // executed
					ShowWindow( *(_t961 - 0x300), _t937); // executed
					_t843 = 0;
					 *(_t961 - 0x2fc) = 0;
					if( *(_t783 + 0x604) <= _t937) {
						L97:
						_t704 =  *(_t783 + 0x600);
						if( *(_t783 + 0x600) != _t937) {
							E01375111(_t704);
							 *(_t783 + 0x600) = _t937;
						}
						 *(_t783 + 0x604) = _t937;
						 *(_t783 + 0x608) = _t937;
						_t705 =  *(_t783 + 0x134);
						if( *(_t783 + 0x134) != _t937) {
							E01375111(_t705);
							 *(_t783 + 0x134) = _t937;
						}
						 *(_t783 + 0x138) = _t937;
						 *(_t783 + 0x13c) = _t937;
						LoadStringW( *0x13c1728, 0x65, _t961 - 0x154, 0x140);
						E01319B30(_t961 - 0x170, L"STRID_TITLE");
						 *(_t961 - 4) = 0x24;
						if(E0131FD87(_t961 - 0x170, _t961 - 0x170, _t783 + 0x2a0) <= 0xffffffff) {
							goto L105;
						} else {
							E01319B30(_t961 - 0x18c, L"STRID_TITLE");
							 *(_t961 - 4) = 0x25;
							 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x01000000;
							_t550 = E0131FD37(_t961 - 0x1a8, _t961 - 0x18c, _t908, _t961 - 0x18c, _t961 - 0x1a8);
							 *(_t961 - 4) = 0x26;
							 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x02000000;
							_t937 = 0;
							goto L106;
						}
					} else {
						while(_t843 >= _t937 && _t843 <  *(_t783 + 0x604)) {
							_t927 =  *( *(_t783 + 0x600) + _t843 * 4);
							if(_t927 != _t937 && IsWindow( *_t927) != 0) {
								 *(_t961 - 0x2f4) = _t937;
								E0134548E( *(_t961 - 0x2fc), _t783 + 0x600, _t961 - 0x2f4);
								if(DestroyWindow( *_t927) != 0) {
									 *_t927 = _t937;
								}
							}
							_t843 =  &( *(_t961 - 0x2fc)->i);
							 *(_t961 - 0x2fc) = _t843;
							if(_t843 <  *(_t783 + 0x604)) {
								continue;
							} else {
								goto L97;
							}
						}
						L103:
						_push(_t937);
						_push(_t937);
						L104:
						RaiseException(0xc000008c, 1, ??, ??);
						L105:
						_t550 = E01319B30(_t961 - 0x2b4, _t961 - 0x154);
						 *(_t961 - 4) = 0x27;
						_t406 = _t961 - 0x2f0;
						 *_t406 =  *(_t961 - 0x2f0) | 0x04000000;
						__eflags =  *_t406;
						L106:
						E01319B61(_t961 - 0x228, _t550);
						 *(_t961 - 4) = 0x28;
						if(( *(_t961 - 0x2f0) & 0x04000000) != 0) {
							 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfbffffff;
							E0131AA87(_t961 - 0x2b4, 1, _t937);
						}
						if(( *(_t961 - 0x2f0) & 0x02000000) != 0) {
							 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfdffffff;
							E0131AA87(_t961 - 0x1a8, 1, _t937);
						}
						if(( *(_t961 - 0x2f0) & 0x01000000) != 0) {
							E0131AA87(_t961 - 0x18c, 1, _t937);
						}
						 *(_t961 - 4) = 0x2c;
						E0131AA87(_t961 - 0x170, 1, _t937);
						_t553 =  *(_t961 - 0x228);
						if( *((intOrPtr*)(_t961 - 0x214)) < 8) {
							_t553 = _t961 - 0x228;
						}
						_t912 =  *(_t961 - 0x304);
						SetWindowTextW( *_t912, _t553); // executed
						if( *((intOrPtr*)(_t783 + 0x628)) <= _t937) {
							goto L103;
						} else {
							E01311716(0x13bf048,  *((intOrPtr*)(_t783 + 0x624)), _t937, 0xffffffff);
							if( *((intOrPtr*)(_t783 + 0x628)) <= _t937) {
								goto L103;
							}
							_t962 = _t962 - 0x1c;
							 *(_t961 - 0x2f4) = _t962;
							E013116F0(_t962,  *((intOrPtr*)(_t783 + 0x624)));
							_t1051 =  *((intOrPtr*)(_t783 + 0x628)) - _t937;
							if( *((intOrPtr*)(_t783 + 0x628)) <= _t937) {
								goto L103;
							}
							_push( *((intOrPtr*)(_t783 + 0x624)) + 0x328);
							_push(_t912);
							E013318DF(_t783, _t783, _t912, _t937, _t1051); // executed
							if( *((intOrPtr*)(_t783 + 0x628)) <= _t937) {
								goto L103;
							}
							_t937 =  *((intOrPtr*)(_t783 + 0x624)) + 0x1d0;
							_t562 = E0132061F(_t937, "checkbox");
							_t911 = 0;
							if(_t562 != 0) {
								L124:
								if( *((intOrPtr*)(_t783 + 0x628)) <= _t911) {
									goto L133;
								}
								if(E0132061F( *((intOrPtr*)(_t783 + 0x624)) + 0x1d0, "radio") != 0) {
									L131:
									_t937 = SetWindowPos;
									_t564 = 0;
									 *(_t961 - 0x2f0) = 0;
									if( *(_t783 + 0x604) <= _t911) {
										L139:
										SetWindowPos( *(_t783 + 0x404), _t911, _t911, _t911, _t911, _t911, 3);
										SetWindowPos( *(_t783 + 0x40c), _t911, _t911, _t911, _t911, _t911, 3);
										_push(0xffffffff);
										_push(0xfde9);
										_push(0xfde9);
										_t1070 =  *((intOrPtr*)(_t783 + 0x628)) - _t911;
										if( *((intOrPtr*)(_t783 + 0x628)) <= _t911) {
											goto L133;
										}
										_t963 = _t962 - 0x1c;
										 *(_t961 - 0x2f4) = _t963;
										E013116F0(_t963,  *((intOrPtr*)(_t783 + 0x624)) + 0x74);
										_push(_t961 - 0x298);
										E0135BED6(_t783, _t911, _t937, _t1070);
										_t962 = _t963 + 0x2c;
										 *(_t961 - 4) = 0x2d;
										_t573 = E01344597(_t963, _t961 - 0x298, 0x2f);
										_t937 = _t961 - 0x20c;
										E01319C49(_t963, _t937, _t961 - 0x298, _t573 + 1, 0xffffffff);
										_push(_t783 + 0x1d4);
										_push(_t961 - 0x244);
										 *(_t961 - 4) = 0x2e;
										E01347F2C(_t937, _t911, _t937, _t1070);
										_pop(_t795);
										 *(_t961 - 4) = 0x2f;
										_t913 =  *((intOrPtr*)(_t961 - 0x2f8));
										_t783 = 0;
										if( *(_t913 + 0x628) <= 0) {
											L159:
											_push(_t783);
											_push(_t783);
											goto L104;
										}
										if( *((intOrPtr*)( *((intOrPtr*)(_t913 + 0x624)) + 0x90)) == 0) {
											 *(_t913 + 0x21c) = 0;
											__eflags =  *(_t913 + 0x628);
											if( *(_t913 + 0x628) <= 0) {
												goto L159;
											}
											E013116F0(_t961 - 0x1f0,  *((intOrPtr*)(_t913 + 0x624)) + 0x94);
											_t964 = _t962 - 0x1c;
											 *(_t961 - 4) = 0x32;
											_t797 = _t964;
											 *((intOrPtr*)(_t961 - 0x2f8)) = _t964;
											__eflags =  *(_t961 - 0x1e0);
											if( *(_t961 - 0x1e0) <= 0) {
												E01319638(_t797, "#ffffff");
											} else {
												E013116F0(_t797, _t961 - 0x1f0);
											}
											 *((intOrPtr*)(_t913 + 0x20c)) = E01333172(_t783, _t913, _t937, __eflags);
											E01311524(_t961 - 0x1f0, 1, _t783);
											L165:
											_t942 =  *(_t961 - 0x304);
											 *(_t913 + 0x258) = _t783;
											RedrawWindow( *_t942, _t783, _t783, 0x105);
											UpdateWindow( *_t942); // executed
											E0131AA87(_t961 - 0x244, 1, _t783);
											E0131AA87(_t961 - 0x20c, 1, _t783);
											E0131AA87(_t961 - 0x298, 1, _t783);
											E0131AA87(_t961 - 0x228, 1, _t783);
											E0131AA87(_t961 - 0x27c, 1, _t783);
											E0131AA87(_t961 - 0x260, 1, _t783);
											return E0137C2C5(_t783, _t913, 1);
										}
										_t597 = E01344597(_t795, _t937, 0x2e);
										_t945 = _t961 - 0x170;
										E01319C49(_t795, _t945, _t937, _t597 + 1,  *((intOrPtr*)(_t961 - 0x1fc)));
										 *(_t961 - 4) = 0x30;
										_t805 =  *((intOrPtr*)(_t961 - 0x170));
										_t909 = _t805;
										if( *((intOrPtr*)(_t961 - 0x15c)) >= 8) {
											_t601 = _t805;
										} else {
											_t909 = _t945;
											_t601 = _t945;
										}
										_t937 =  *(_t961 - 0x160);
										_t602 = _t601 + _t937 * 2;
										if( *((intOrPtr*)(_t961 - 0x15c)) < 8) {
											_t805 = _t961 - 0x170;
										}
										E01327736(_t961 - 0x2f8, _t805, _t602, _t909, E0137814A);
										_t962 = _t962 + 0x14;
										if( *(_t961 - 0x160) <= _t783) {
											 *(_t913 + 0x21c) = _t783;
											__eflags =  *(_t913 + 0x628) - _t783;
											if( *(_t913 + 0x628) <= _t783) {
												goto L159;
											}
											E013116F0(_t961 - 0x1f0,  *((intOrPtr*)(_t913 + 0x624)) + 0x94);
											_t965 = _t962 - 0x1c;
											 *(_t961 - 4) = 0x31;
											_t807 = _t965;
											 *((intOrPtr*)(_t961 - 0x2f8)) = _t965;
											__eflags =  *(_t961 - 0x1e0) - _t783;
											if( *(_t961 - 0x1e0) <= _t783) {
												E01319638(_t807, "#ffffff");
											} else {
												E013116F0(_t807, _t961 - 0x1f0);
											}
											 *((intOrPtr*)(_t913 + 0x20c)) = E01333172(_t783, _t913, _t937, __eflags);
											E01311524(_t961 - 0x1f0, 1, _t783);
											goto L158;
										} else {
											 *(_t913 + 0x21c) = 2;
											if( *((intOrPtr*)(_t913 + 0x228)) != _t783) {
												E0132996F(_t913 + 0x224);
											}
											_t810 =  *((intOrPtr*)(_t961 - 0x244));
											if( *((intOrPtr*)(_t961 - 0x230)) < 8) {
												_t810 = _t961 - 0x244;
											}
											E01329ABE(_t810, _t909, _t913 + 0x224);
											L158:
											E0131AA87(_t961 - 0x170, 1, _t783);
											goto L165;
										}
									}
									while(_t564 >= _t911 && _t564 <  *(_t783 + 0x604)) {
										SetWindowPos( *( *( *(_t783 + 0x600) + _t564 * 4)), _t911, _t911, _t911, _t911, _t911, 3);
										 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) + 1;
										if( *(_t961 - 0x2f0) <  *(_t783 + 0x604)) {
											_t564 =  *(_t961 - 0x2f0);
											continue;
										}
										goto L139;
									}
									goto L133;
								}
								_t937 = 0;
								if( *((intOrPtr*)(_t783 + 0x610)) <= _t911) {
									goto L131;
								}
								while(_t937 >= _t911 && _t937 <  *((intOrPtr*)(_t783 + 0x610))) {
									EnableWindow( *( *((intOrPtr*)( *((intOrPtr*)(_t783 + 0x60c)) + _t937 * 4)) + 4), _t911);
									_push(_t911);
									if(_t937 >=  *((intOrPtr*)(_t783 + 0x610))) {
										L134:
										_push(_t911);
										goto L104;
									}
									ShowWindow( *( *((intOrPtr*)( *((intOrPtr*)(_t783 + 0x60c)) + _t937 * 4)) + 4), ??);
									_t937 = _t937 + 1;
									if(_t937 <  *((intOrPtr*)(_t783 + 0x610))) {
										continue;
									}
									goto L131;
								}
								goto L133;
							}
							_t937 = 0;
							if( *((intOrPtr*)(_t783 + 0x61c)) <= 0) {
								goto L124;
							}
							while(_t937 >= _t911 && _t937 <  *((intOrPtr*)(_t783 + 0x61c))) {
								EnableWindow( *( *((intOrPtr*)( *((intOrPtr*)(_t783 + 0x618)) + _t937 * 4)) + 4), _t911);
								_push(_t911);
								if(_t937 >=  *((intOrPtr*)(_t783 + 0x61c))) {
									goto L134;
								}
								ShowWindow( *( *((intOrPtr*)( *((intOrPtr*)(_t783 + 0x618)) + _t937 * 4)) + 4), ??);
								_t937 = _t937 + 1;
								if(_t937 <  *((intOrPtr*)(_t783 + 0x61c))) {
									continue;
								}
								goto L124;
							}
							goto L133;
						}
					}
				}
			}





















































                                                                                                                                                                                                                                0x01330720
                                                                                                                                                                                                                                0x01330720
                                                                                                                                                                                                                                0x0133072a
                                                                                                                                                                                                                                0x0133072f
                                                                                                                                                                                                                                0x01330731
                                                                                                                                                                                                                                0x01330733
                                                                                                                                                                                                                                0x01330739
                                                                                                                                                                                                                                0x01330740
                                                                                                                                                                                                                                0x01330746
                                                                                                                                                                                                                                0x0133074d
                                                                                                                                                                                                                                0x0133074f
                                                                                                                                                                                                                                0x01330754
                                                                                                                                                                                                                                0x0133075f
                                                                                                                                                                                                                                0x01330769
                                                                                                                                                                                                                                0x01330769
                                                                                                                                                                                                                                0x0133076e
                                                                                                                                                                                                                                0x01330775
                                                                                                                                                                                                                                0x0133078b
                                                                                                                                                                                                                                0x01330797
                                                                                                                                                                                                                                0x013315c0
                                                                                                                                                                                                                                0x013315c0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133079d
                                                                                                                                                                                                                                0x013307b1
                                                                                                                                                                                                                                0x013307c3
                                                                                                                                                                                                                                0x013307c8
                                                                                                                                                                                                                                0x013307d9
                                                                                                                                                                                                                                0x013307de
                                                                                                                                                                                                                                0x013307e1
                                                                                                                                                                                                                                0x013307ea
                                                                                                                                                                                                                                0x013307f5
                                                                                                                                                                                                                                0x01330806
                                                                                                                                                                                                                                0x01330810
                                                                                                                                                                                                                                0x0133081b
                                                                                                                                                                                                                                0x0133081c
                                                                                                                                                                                                                                0x01330825
                                                                                                                                                                                                                                0x0133082f
                                                                                                                                                                                                                                0x01330839
                                                                                                                                                                                                                                0x01330843
                                                                                                                                                                                                                                0x01330845
                                                                                                                                                                                                                                0x01330845
                                                                                                                                                                                                                                0x01330847
                                                                                                                                                                                                                                0x01330848
                                                                                                                                                                                                                                0x0133084d
                                                                                                                                                                                                                                0x01330855
                                                                                                                                                                                                                                0x01330857
                                                                                                                                                                                                                                0x01330868
                                                                                                                                                                                                                                0x01330868
                                                                                                                                                                                                                                0x01330874
                                                                                                                                                                                                                                0x01330876
                                                                                                                                                                                                                                0x01330887
                                                                                                                                                                                                                                0x01330887
                                                                                                                                                                                                                                0x01330893
                                                                                                                                                                                                                                0x01330895
                                                                                                                                                                                                                                0x013308a6
                                                                                                                                                                                                                                0x013308a6
                                                                                                                                                                                                                                0x013308ab
                                                                                                                                                                                                                                0x013308b9
                                                                                                                                                                                                                                0x013308ca
                                                                                                                                                                                                                                0x013308dc
                                                                                                                                                                                                                                0x013308e3
                                                                                                                                                                                                                                0x013308e8
                                                                                                                                                                                                                                0x013308eb
                                                                                                                                                                                                                                0x013308f4
                                                                                                                                                                                                                                0x013308ff
                                                                                                                                                                                                                                0x01330903
                                                                                                                                                                                                                                0x01330917
                                                                                                                                                                                                                                0x01330922
                                                                                                                                                                                                                                0x01330923
                                                                                                                                                                                                                                0x0133092a
                                                                                                                                                                                                                                0x01330933
                                                                                                                                                                                                                                0x01330938
                                                                                                                                                                                                                                0x01330944
                                                                                                                                                                                                                                0x01330946
                                                                                                                                                                                                                                0x01330946
                                                                                                                                                                                                                                0x01330948
                                                                                                                                                                                                                                0x01330949
                                                                                                                                                                                                                                0x0133094e
                                                                                                                                                                                                                                0x01330956
                                                                                                                                                                                                                                0x01330958
                                                                                                                                                                                                                                0x01330969
                                                                                                                                                                                                                                0x01330969
                                                                                                                                                                                                                                0x01330975
                                                                                                                                                                                                                                0x01330977
                                                                                                                                                                                                                                0x01330988
                                                                                                                                                                                                                                0x01330988
                                                                                                                                                                                                                                0x01330994
                                                                                                                                                                                                                                0x01330996
                                                                                                                                                                                                                                0x013309a7
                                                                                                                                                                                                                                0x013309a7
                                                                                                                                                                                                                                0x013309ac
                                                                                                                                                                                                                                0x013309ba
                                                                                                                                                                                                                                0x013309cb
                                                                                                                                                                                                                                0x013309dd
                                                                                                                                                                                                                                0x013309e4
                                                                                                                                                                                                                                0x013309e9
                                                                                                                                                                                                                                0x013309ec
                                                                                                                                                                                                                                0x01330a5e
                                                                                                                                                                                                                                0x013309ee
                                                                                                                                                                                                                                0x013309f5
                                                                                                                                                                                                                                0x01330a00
                                                                                                                                                                                                                                0x01330a04
                                                                                                                                                                                                                                0x01330a18
                                                                                                                                                                                                                                0x01330a23
                                                                                                                                                                                                                                0x01330a24
                                                                                                                                                                                                                                0x01330a2b
                                                                                                                                                                                                                                0x01330a37
                                                                                                                                                                                                                                0x01330a3c
                                                                                                                                                                                                                                0x01330a4b
                                                                                                                                                                                                                                0x01330a4d
                                                                                                                                                                                                                                0x01330a4d
                                                                                                                                                                                                                                0x01330a4f
                                                                                                                                                                                                                                0x01330a56
                                                                                                                                                                                                                                0x01330a56
                                                                                                                                                                                                                                0x01330a72
                                                                                                                                                                                                                                0x01330a74
                                                                                                                                                                                                                                0x01330a88
                                                                                                                                                                                                                                0x01330a88
                                                                                                                                                                                                                                0x01330a94
                                                                                                                                                                                                                                0x01330a96
                                                                                                                                                                                                                                0x01330aaa
                                                                                                                                                                                                                                0x01330aaa
                                                                                                                                                                                                                                0x01330ab6
                                                                                                                                                                                                                                0x01330ab8
                                                                                                                                                                                                                                0x01330ac9
                                                                                                                                                                                                                                0x01330ac9
                                                                                                                                                                                                                                0x01330ace
                                                                                                                                                                                                                                0x01330adc
                                                                                                                                                                                                                                0x01330aed
                                                                                                                                                                                                                                0x01330aff
                                                                                                                                                                                                                                0x01330b06
                                                                                                                                                                                                                                0x01330b0b
                                                                                                                                                                                                                                0x01330b0e
                                                                                                                                                                                                                                0x01330b83
                                                                                                                                                                                                                                0x01330b10
                                                                                                                                                                                                                                0x01330b17
                                                                                                                                                                                                                                0x01330b22
                                                                                                                                                                                                                                0x01330b26
                                                                                                                                                                                                                                0x01330b3d
                                                                                                                                                                                                                                0x01330b48
                                                                                                                                                                                                                                0x01330b49
                                                                                                                                                                                                                                0x01330b50
                                                                                                                                                                                                                                0x01330b5c
                                                                                                                                                                                                                                0x01330b61
                                                                                                                                                                                                                                0x01330b70
                                                                                                                                                                                                                                0x01330b72
                                                                                                                                                                                                                                0x01330b72
                                                                                                                                                                                                                                0x01330b74
                                                                                                                                                                                                                                0x01330b7b
                                                                                                                                                                                                                                0x01330b7b
                                                                                                                                                                                                                                0x01330b97
                                                                                                                                                                                                                                0x01330b99
                                                                                                                                                                                                                                0x01330bad
                                                                                                                                                                                                                                0x01330bad
                                                                                                                                                                                                                                0x01330bbc
                                                                                                                                                                                                                                0x01330bbe
                                                                                                                                                                                                                                0x01330bd2
                                                                                                                                                                                                                                0x01330bd2
                                                                                                                                                                                                                                0x01330be1
                                                                                                                                                                                                                                0x01330be3
                                                                                                                                                                                                                                0x01330bf7
                                                                                                                                                                                                                                0x01330bf7
                                                                                                                                                                                                                                0x01330bfc
                                                                                                                                                                                                                                0x01330c0a
                                                                                                                                                                                                                                0x01330c1b
                                                                                                                                                                                                                                0x01330c2d
                                                                                                                                                                                                                                0x01330c34
                                                                                                                                                                                                                                0x01330c39
                                                                                                                                                                                                                                0x01330c3c
                                                                                                                                                                                                                                0x01330cb1
                                                                                                                                                                                                                                0x01330c3e
                                                                                                                                                                                                                                0x01330c45
                                                                                                                                                                                                                                0x01330c50
                                                                                                                                                                                                                                0x01330c54
                                                                                                                                                                                                                                0x01330c6b
                                                                                                                                                                                                                                0x01330c76
                                                                                                                                                                                                                                0x01330c77
                                                                                                                                                                                                                                0x01330c7e
                                                                                                                                                                                                                                0x01330c8a
                                                                                                                                                                                                                                0x01330c8f
                                                                                                                                                                                                                                0x01330c9e
                                                                                                                                                                                                                                0x01330ca0
                                                                                                                                                                                                                                0x01330ca0
                                                                                                                                                                                                                                0x01330ca2
                                                                                                                                                                                                                                0x01330ca9
                                                                                                                                                                                                                                0x01330ca9
                                                                                                                                                                                                                                0x01330cc5
                                                                                                                                                                                                                                0x01330cc7
                                                                                                                                                                                                                                0x01330cdb
                                                                                                                                                                                                                                0x01330cdb
                                                                                                                                                                                                                                0x01330cea
                                                                                                                                                                                                                                0x01330cec
                                                                                                                                                                                                                                0x01330d00
                                                                                                                                                                                                                                0x01330d00
                                                                                                                                                                                                                                0x01330d0f
                                                                                                                                                                                                                                0x01330d11
                                                                                                                                                                                                                                0x01330d25
                                                                                                                                                                                                                                0x01330d25
                                                                                                                                                                                                                                0x01330d2a
                                                                                                                                                                                                                                0x01330d38
                                                                                                                                                                                                                                0x01330d49
                                                                                                                                                                                                                                0x01330d5b
                                                                                                                                                                                                                                0x01330d62
                                                                                                                                                                                                                                0x01330d67
                                                                                                                                                                                                                                0x01330d6a
                                                                                                                                                                                                                                0x01330ddf
                                                                                                                                                                                                                                0x01330d6c
                                                                                                                                                                                                                                0x01330d73
                                                                                                                                                                                                                                0x01330d7e
                                                                                                                                                                                                                                0x01330d82
                                                                                                                                                                                                                                0x01330d99
                                                                                                                                                                                                                                0x01330da4
                                                                                                                                                                                                                                0x01330da5
                                                                                                                                                                                                                                0x01330dac
                                                                                                                                                                                                                                0x01330db8
                                                                                                                                                                                                                                0x01330dbd
                                                                                                                                                                                                                                0x01330dcc
                                                                                                                                                                                                                                0x01330dce
                                                                                                                                                                                                                                0x01330dce
                                                                                                                                                                                                                                0x01330dd0
                                                                                                                                                                                                                                0x01330dd7
                                                                                                                                                                                                                                0x01330dd7
                                                                                                                                                                                                                                0x01330de9
                                                                                                                                                                                                                                0x01330df5
                                                                                                                                                                                                                                0x01330df7
                                                                                                                                                                                                                                0x01330e0a
                                                                                                                                                                                                                                0x01330e0a
                                                                                                                                                                                                                                0x01330e19
                                                                                                                                                                                                                                0x01330e1b
                                                                                                                                                                                                                                0x01330e2e
                                                                                                                                                                                                                                0x01330e2e
                                                                                                                                                                                                                                0x01330e3d
                                                                                                                                                                                                                                0x01330e3f
                                                                                                                                                                                                                                0x01330e52
                                                                                                                                                                                                                                0x01330e52
                                                                                                                                                                                                                                0x01330e57
                                                                                                                                                                                                                                0x01330e64
                                                                                                                                                                                                                                0x01330e78
                                                                                                                                                                                                                                0x01330eb9
                                                                                                                                                                                                                                0x01330ef0
                                                                                                                                                                                                                                0x01330f03
                                                                                                                                                                                                                                0x01330f0f
                                                                                                                                                                                                                                0x01330f1e
                                                                                                                                                                                                                                0x01330f76
                                                                                                                                                                                                                                0x01330f7b
                                                                                                                                                                                                                                0x01330f82
                                                                                                                                                                                                                                0x01330f82
                                                                                                                                                                                                                                0x01330f82
                                                                                                                                                                                                                                0x01330f20
                                                                                                                                                                                                                                0x01330f2b
                                                                                                                                                                                                                                0x01330f36
                                                                                                                                                                                                                                0x01330f3a
                                                                                                                                                                                                                                0x01330f51
                                                                                                                                                                                                                                0x01330f56
                                                                                                                                                                                                                                0x01330f5d
                                                                                                                                                                                                                                0x01330f67
                                                                                                                                                                                                                                0x01330f67
                                                                                                                                                                                                                                0x01330f93
                                                                                                                                                                                                                                0x01330f98
                                                                                                                                                                                                                                0x01330fa9
                                                                                                                                                                                                                                0x01330fab
                                                                                                                                                                                                                                0x01330fbe
                                                                                                                                                                                                                                0x01330fbe
                                                                                                                                                                                                                                0x01330fcd
                                                                                                                                                                                                                                0x01330fcf
                                                                                                                                                                                                                                0x01330fe2
                                                                                                                                                                                                                                0x01330fe2
                                                                                                                                                                                                                                0x01330ff1
                                                                                                                                                                                                                                0x01330ff3
                                                                                                                                                                                                                                0x01331006
                                                                                                                                                                                                                                0x01331006
                                                                                                                                                                                                                                0x01331014
                                                                                                                                                                                                                                0x01331018
                                                                                                                                                                                                                                0x01331024
                                                                                                                                                                                                                                0x0133102a
                                                                                                                                                                                                                                0x0133102c
                                                                                                                                                                                                                                0x0133102c
                                                                                                                                                                                                                                0x01331039
                                                                                                                                                                                                                                0x0133104a
                                                                                                                                                                                                                                0x0133105c
                                                                                                                                                                                                                                0x01331068
                                                                                                                                                                                                                                0x013310c0
                                                                                                                                                                                                                                0x013310c5
                                                                                                                                                                                                                                0x013310cc
                                                                                                                                                                                                                                0x013310cc
                                                                                                                                                                                                                                0x013310cc
                                                                                                                                                                                                                                0x0133106a
                                                                                                                                                                                                                                0x01331075
                                                                                                                                                                                                                                0x01331080
                                                                                                                                                                                                                                0x01331084
                                                                                                                                                                                                                                0x0133109b
                                                                                                                                                                                                                                0x013310a0
                                                                                                                                                                                                                                0x013310a7
                                                                                                                                                                                                                                0x013310b1
                                                                                                                                                                                                                                0x013310b1
                                                                                                                                                                                                                                0x013310dd
                                                                                                                                                                                                                                0x013310e2
                                                                                                                                                                                                                                0x013310f3
                                                                                                                                                                                                                                0x013310f5
                                                                                                                                                                                                                                0x01331108
                                                                                                                                                                                                                                0x01331108
                                                                                                                                                                                                                                0x01331117
                                                                                                                                                                                                                                0x01331119
                                                                                                                                                                                                                                0x0133112c
                                                                                                                                                                                                                                0x0133112c
                                                                                                                                                                                                                                0x0133113b
                                                                                                                                                                                                                                0x0133113d
                                                                                                                                                                                                                                0x01331150
                                                                                                                                                                                                                                0x01331150
                                                                                                                                                                                                                                0x0133115e
                                                                                                                                                                                                                                0x01331162
                                                                                                                                                                                                                                0x0133116e
                                                                                                                                                                                                                                0x01331174
                                                                                                                                                                                                                                0x01331176
                                                                                                                                                                                                                                0x01331176
                                                                                                                                                                                                                                0x01331183
                                                                                                                                                                                                                                0x01331196
                                                                                                                                                                                                                                0x0133119f
                                                                                                                                                                                                                                0x013311a8
                                                                                                                                                                                                                                0x013311b1
                                                                                                                                                                                                                                0x013311ba
                                                                                                                                                                                                                                0x013311cf
                                                                                                                                                                                                                                0x013311ef
                                                                                                                                                                                                                                0x013311f5
                                                                                                                                                                                                                                0x01331202
                                                                                                                                                                                                                                0x0133120f
                                                                                                                                                                                                                                0x01331218
                                                                                                                                                                                                                                0x0133121a
                                                                                                                                                                                                                                0x0133121c
                                                                                                                                                                                                                                0x01331228
                                                                                                                                                                                                                                0x0133129a
                                                                                                                                                                                                                                0x0133129a
                                                                                                                                                                                                                                0x013312a2
                                                                                                                                                                                                                                0x013312a5
                                                                                                                                                                                                                                0x013312ab
                                                                                                                                                                                                                                0x013312ab
                                                                                                                                                                                                                                0x013312b1
                                                                                                                                                                                                                                0x013312b7
                                                                                                                                                                                                                                0x013312bd
                                                                                                                                                                                                                                0x013312c5
                                                                                                                                                                                                                                0x013312c8
                                                                                                                                                                                                                                0x013312ce
                                                                                                                                                                                                                                0x013312ce
                                                                                                                                                                                                                                0x013312e2
                                                                                                                                                                                                                                0x013312e8
                                                                                                                                                                                                                                0x013312f4
                                                                                                                                                                                                                                0x01331305
                                                                                                                                                                                                                                0x01331317
                                                                                                                                                                                                                                0x01331323
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331325
                                                                                                                                                                                                                                0x01331330
                                                                                                                                                                                                                                0x0133133b
                                                                                                                                                                                                                                0x0133133f
                                                                                                                                                                                                                                0x01331356
                                                                                                                                                                                                                                0x0133135b
                                                                                                                                                                                                                                0x01331362
                                                                                                                                                                                                                                0x0133136c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133136c
                                                                                                                                                                                                                                0x0133122a
                                                                                                                                                                                                                                0x0133122a
                                                                                                                                                                                                                                0x01331247
                                                                                                                                                                                                                                0x0133124b
                                                                                                                                                                                                                                0x0133126c
                                                                                                                                                                                                                                0x01331272
                                                                                                                                                                                                                                0x01331281
                                                                                                                                                                                                                                0x01331283
                                                                                                                                                                                                                                0x01331283
                                                                                                                                                                                                                                0x01331281
                                                                                                                                                                                                                                0x0133128b
                                                                                                                                                                                                                                0x0133128c
                                                                                                                                                                                                                                0x01331298
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331298
                                                                                                                                                                                                                                0x01331370
                                                                                                                                                                                                                                0x01331370
                                                                                                                                                                                                                                0x01331371
                                                                                                                                                                                                                                0x01331372
                                                                                                                                                                                                                                0x01331379
                                                                                                                                                                                                                                0x0133137f
                                                                                                                                                                                                                                0x0133138c
                                                                                                                                                                                                                                0x01331391
                                                                                                                                                                                                                                0x01331398
                                                                                                                                                                                                                                0x01331398
                                                                                                                                                                                                                                0x01331398
                                                                                                                                                                                                                                0x013313a2
                                                                                                                                                                                                                                0x013313a9
                                                                                                                                                                                                                                0x013313ae
                                                                                                                                                                                                                                0x013313bf
                                                                                                                                                                                                                                0x013313c1
                                                                                                                                                                                                                                0x013313d4
                                                                                                                                                                                                                                0x013313d4
                                                                                                                                                                                                                                0x013313e3
                                                                                                                                                                                                                                0x013313e5
                                                                                                                                                                                                                                0x013313f8
                                                                                                                                                                                                                                0x013313f8
                                                                                                                                                                                                                                0x01331407
                                                                                                                                                                                                                                0x01331412
                                                                                                                                                                                                                                0x01331412
                                                                                                                                                                                                                                0x01331420
                                                                                                                                                                                                                                0x01331424
                                                                                                                                                                                                                                0x01331430
                                                                                                                                                                                                                                0x01331436
                                                                                                                                                                                                                                0x01331438
                                                                                                                                                                                                                                0x01331438
                                                                                                                                                                                                                                0x0133143e
                                                                                                                                                                                                                                0x01331447
                                                                                                                                                                                                                                0x01331453
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331459
                                                                                                                                                                                                                                0x01331468
                                                                                                                                                                                                                                0x01331473
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133147f
                                                                                                                                                                                                                                0x01331484
                                                                                                                                                                                                                                0x0133148b
                                                                                                                                                                                                                                0x01331490
                                                                                                                                                                                                                                0x01331496
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013314a7
                                                                                                                                                                                                                                0x013314a8
                                                                                                                                                                                                                                0x013314ab
                                                                                                                                                                                                                                0x013314b6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013314c7
                                                                                                                                                                                                                                0x013314cd
                                                                                                                                                                                                                                0x013314d2
                                                                                                                                                                                                                                0x013314d6
                                                                                                                                                                                                                                0x01331533
                                                                                                                                                                                                                                0x01331539
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331557
                                                                                                                                                                                                                                0x013315a8
                                                                                                                                                                                                                                0x013315a8
                                                                                                                                                                                                                                0x013315ae
                                                                                                                                                                                                                                0x013315b0
                                                                                                                                                                                                                                0x013315bc
                                                                                                                                                                                                                                0x01331603
                                                                                                                                                                                                                                0x01331610
                                                                                                                                                                                                                                0x0133161f
                                                                                                                                                                                                                                0x01331621
                                                                                                                                                                                                                                0x01331628
                                                                                                                                                                                                                                0x01331629
                                                                                                                                                                                                                                0x0133162a
                                                                                                                                                                                                                                0x01331630
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331638
                                                                                                                                                                                                                                0x01331640
                                                                                                                                                                                                                                0x01331647
                                                                                                                                                                                                                                0x01331652
                                                                                                                                                                                                                                0x01331653
                                                                                                                                                                                                                                0x01331658
                                                                                                                                                                                                                                0x01331665
                                                                                                                                                                                                                                0x01331669
                                                                                                                                                                                                                                0x01331673
                                                                                                                                                                                                                                0x01331679
                                                                                                                                                                                                                                0x01331684
                                                                                                                                                                                                                                0x0133168b
                                                                                                                                                                                                                                0x0133168e
                                                                                                                                                                                                                                0x01331692
                                                                                                                                                                                                                                0x01331698
                                                                                                                                                                                                                                0x01331699
                                                                                                                                                                                                                                0x0133169d
                                                                                                                                                                                                                                0x013316a3
                                                                                                                                                                                                                                0x013316ab
                                                                                                                                                                                                                                0x013317f1
                                                                                                                                                                                                                                0x013317f1
                                                                                                                                                                                                                                0x013317f2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013317f2
                                                                                                                                                                                                                                0x013316bd
                                                                                                                                                                                                                                0x013317f8
                                                                                                                                                                                                                                0x013317fe
                                                                                                                                                                                                                                0x01331804
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331818
                                                                                                                                                                                                                                0x0133181d
                                                                                                                                                                                                                                0x01331820
                                                                                                                                                                                                                                0x01331824
                                                                                                                                                                                                                                0x01331826
                                                                                                                                                                                                                                0x0133182c
                                                                                                                                                                                                                                0x01331832
                                                                                                                                                                                                                                0x01331847
                                                                                                                                                                                                                                0x01331834
                                                                                                                                                                                                                                0x0133183b
                                                                                                                                                                                                                                0x0133183b
                                                                                                                                                                                                                                0x0133185a
                                                                                                                                                                                                                                0x01331860
                                                                                                                                                                                                                                0x01331865
                                                                                                                                                                                                                                0x01331865
                                                                                                                                                                                                                                0x01331874
                                                                                                                                                                                                                                0x0133187a
                                                                                                                                                                                                                                0x01331882
                                                                                                                                                                                                                                0x01331893
                                                                                                                                                                                                                                0x013318a0
                                                                                                                                                                                                                                0x013318ad
                                                                                                                                                                                                                                0x013318ba
                                                                                                                                                                                                                                0x013318c7
                                                                                                                                                                                                                                0x013318d4
                                                                                                                                                                                                                                0x013318de
                                                                                                                                                                                                                                0x013318de
                                                                                                                                                                                                                                0x013316cb
                                                                                                                                                                                                                                0x013316d5
                                                                                                                                                                                                                                0x013316db
                                                                                                                                                                                                                                0x013316e0
                                                                                                                                                                                                                                0x013316eb
                                                                                                                                                                                                                                0x013316f1
                                                                                                                                                                                                                                0x013316f3
                                                                                                                                                                                                                                0x01331770
                                                                                                                                                                                                                                0x013316f5
                                                                                                                                                                                                                                0x013316f5
                                                                                                                                                                                                                                0x013316f7
                                                                                                                                                                                                                                0x013316f7
                                                                                                                                                                                                                                0x01331700
                                                                                                                                                                                                                                0x01331706
                                                                                                                                                                                                                                0x01331709
                                                                                                                                                                                                                                0x0133170b
                                                                                                                                                                                                                                0x0133170b
                                                                                                                                                                                                                                0x01331720
                                                                                                                                                                                                                                0x01331725
                                                                                                                                                                                                                                0x0133172e
                                                                                                                                                                                                                                0x01331774
                                                                                                                                                                                                                                0x0133177a
                                                                                                                                                                                                                                0x01331780
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331794
                                                                                                                                                                                                                                0x01331799
                                                                                                                                                                                                                                0x0133179c
                                                                                                                                                                                                                                0x013317a0
                                                                                                                                                                                                                                0x013317a2
                                                                                                                                                                                                                                0x013317a8
                                                                                                                                                                                                                                0x013317ae
                                                                                                                                                                                                                                0x013317c3
                                                                                                                                                                                                                                0x013317b0
                                                                                                                                                                                                                                0x013317b7
                                                                                                                                                                                                                                0x013317b7
                                                                                                                                                                                                                                0x013317d6
                                                                                                                                                                                                                                0x013317dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331730
                                                                                                                                                                                                                                0x01331730
                                                                                                                                                                                                                                0x01331740
                                                                                                                                                                                                                                0x01331748
                                                                                                                                                                                                                                0x01331748
                                                                                                                                                                                                                                0x01331754
                                                                                                                                                                                                                                0x0133175a
                                                                                                                                                                                                                                0x0133175c
                                                                                                                                                                                                                                0x0133175c
                                                                                                                                                                                                                                0x01331769
                                                                                                                                                                                                                                0x013317e1
                                                                                                                                                                                                                                0x013317ea
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013317ea
                                                                                                                                                                                                                                0x0133172e
                                                                                                                                                                                                                                0x013315cd
                                                                                                                                                                                                                                0x013315ed
                                                                                                                                                                                                                                0x013315ef
                                                                                                                                                                                                                                0x01331601
                                                                                                                                                                                                                                0x013315c7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013315c7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331601
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013315cd
                                                                                                                                                                                                                                0x01331559
                                                                                                                                                                                                                                0x01331561
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331563
                                                                                                                                                                                                                                0x0133157e
                                                                                                                                                                                                                                0x01331584
                                                                                                                                                                                                                                0x0133158b
                                                                                                                                                                                                                                0x013315c1
                                                                                                                                                                                                                                0x013315c1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013315c1
                                                                                                                                                                                                                                0x01331599
                                                                                                                                                                                                                                0x0133159f
                                                                                                                                                                                                                                0x013315a6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013315a6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331563
                                                                                                                                                                                                                                0x013314d8
                                                                                                                                                                                                                                0x013314e0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013314e2
                                                                                                                                                                                                                                0x01331505
                                                                                                                                                                                                                                0x0133150b
                                                                                                                                                                                                                                0x01331512
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331524
                                                                                                                                                                                                                                0x0133152a
                                                                                                                                                                                                                                0x01331531
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331531
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013314e2
                                                                                                                                                                                                                                0x01331453
                                                                                                                                                                                                                                0x01331228

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0133072A
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 0133077B
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 0133078B
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 01330E78
                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,0000004B,00000017,00000001), ref: 01330EB9
                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,0000004B,00000017,00000001), ref: 01330EF0
                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 01331039
                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 01331183
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 01331196
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 0133119F
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 013311A8
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 013311B1
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 013311BA
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 013311C9
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 013311E2
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 013311F5
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 01331202
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 0133120F
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 01331218
                                                                                                                                                                                                                                • IsWindow.USER32(73FDD360), ref: 0133124F
                                                                                                                                                                                                                                • DestroyWindow.USER32(73FDD360,?), ref: 01331279
                                                                                                                                                                                                                                • _free.LIBCMT ref: 013312A5
                                                                                                                                                                                                                                • _free.LIBCMT ref: 013312C8
                                                                                                                                                                                                                                • LoadStringW.USER32(00000065,?,00000140), ref: 013312F4
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 01331379
                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 01331447
                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 01331505
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000,?,?,0000006A,?,000000A0), ref: 01331524
                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 0133157E
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000,?,?,0000006A,?,000000A0), ref: 01331599
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000003,radio,checkbox,?,?,?,?,?,0000006A,?), ref: 013315ED
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000003,radio,checkbox,?,?,?,?,?,0000006A,?), ref: 01331610
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000003,?,?,0000006A,?,000000A0), ref: 0133161F
                                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,000000FF,?,00000002), ref: 013307B1
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0131FD37: RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 0131FD80
                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105,00000001,00000000,#ffffff), ref: 0133187A
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?), ref: 01331882
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Show$CallbackDispatcherH_prolog3_TextUser_setlocale$EnableExceptionItemLongMoveRaise_free_memset$AttributesCurrentDestroyLayeredLoadLocalProcessRectRedrawStringTime__cftoe_strlen_wcslenswprintf
                                                                                                                                                                                                                                • String ID: #ffffff$%$%$2$@$Cancel$CancelX$CancelY$DisplayEulaOffer()...$Next$NextX$NextY$PreviousX$PreviousY$STRID_CANCEL$STRID_NEXT$STRID_TITLE$X$checkbox$radio
                                                                                                                                                                                                                                • API String ID: 166033501-1807799178
                                                                                                                                                                                                                                • Opcode ID: 5faddb62b928c7cd3969eb060f067199fcddd6088a83de6d8d5559631ebd5855
                                                                                                                                                                                                                                • Instruction ID: 17e8fff775d1d4451152f25716fcf32cf82490cfa9afc494de5ae3a37bb7d88f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5faddb62b928c7cd3969eb060f067199fcddd6088a83de6d8d5559631ebd5855
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CA28D7194122ADFDB29DF28CD98BE9BB78BF54358F0402E8E519A7195CB701B84CF90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013318DF, Relevance: 45.3, APIs: 15, Strings: 10, Instructions: 1583COMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E013318DF(void* __ebx, intOrPtr __ecx, signed int __edi, void* __esi, void* __eflags) {
				intOrPtr _t770;
				intOrPtr _t777;
				void* _t778;
				void* _t783;
				void* _t784;
				void* _t806;
				void* _t810;
				signed int _t812;
				void* _t814;
				signed int _t825;
				signed int _t827;
				void* _t828;
				void* _t829;
				void* _t830;
				void* _t831;
				signed int _t832;
				void* _t833;
				void* _t866;
				signed int _t872;
				signed int _t876;
				void* _t885;
				void* _t889;
				signed int _t892;
				void* _t893;
				void* _t894;
				void* _t895;
				void* _t896;
				signed int _t897;
				signed int _t905;
				void* _t907;
				signed int _t916;
				intOrPtr _t933;
				signed int _t940;
				void* _t944;
				void* _t948;
				signed short _t953;
				signed int _t954;
				intOrPtr* _t964;
				signed int _t973;
				signed int _t975;
				void* _t976;
				void* _t977;
				void* _t978;
				void* _t979;
				signed int _t980;
				signed int _t1007;
				void* _t1017;
				void* _t1021;
				signed int _t1030;
				signed int _t1032;
				void* _t1033;
				void* _t1034;
				void* _t1035;
				void* _t1036;
				signed int _t1037;
				signed short _t1045;
				signed int _t1046;
				signed int _t1089;
				void* _t1103;
				signed short _t1113;
				signed int _t1114;
				void* _t1133;
				void* _t1134;
				void* _t1135;
				void* _t1136;
				signed int _t1176;
				signed int _t1181;
				signed int _t1183;
				signed int _t1189;
				void* _t1190;
				signed int _t1199;
				signed int _t1201;
				signed int _t1203;
				signed int _t1211;
				signed int _t1212;
				intOrPtr _t1217;
				void* _t1238;
				signed int _t1242;
				signed int _t1266;
				signed int _t1269;
				signed int _t1287;
				signed int _t1302;
				signed int _t1323;
				void* _t1332;
				signed int _t1335;
				signed int _t1336;
				signed int _t1352;
				signed int _t1353;
				signed int _t1355;
				signed int _t1359;
				signed int _t1360;
				signed int _t1362;
				signed int _t1364;
				signed int _t1370;
				signed int _t1373;
				signed int _t1380;
				signed int _t1388;
				signed int _t1393;
				signed int _t1398;
				signed int _t1399;
				signed int _t1402;
				signed int _t1409;
				signed int _t1424;
				signed int _t1429;
				signed int _t1430;
				signed int _t1436;
				signed int _t1447;
				void* _t1451;
				signed int _t1452;
				void* _t1453;
				signed int _t1454;
				void* _t1455;
				void* _t1482;

				_t1334 = __edi;
				_push(0x108);
				E0137C242(0x13973d9, __ebx, __edi, __esi);
				_t1176 =  *(_t1451 + 0xc);
				_t1370 = 0;
				 *((intOrPtr*)(_t1451 - 0x100)) = __ecx;
				 *(_t1451 - 0x110) =  *(_t1451 + 8);
				 *(_t1451 - 0x108) = _t1176;
				 *(_t1451 - 0xf4) = 0;
				 *((intOrPtr*)(_t1451 - 4)) = 0;
				_t1457 =  *0x13c2a33;
				if( *0x13c2a33 != 0) {
					_t1452 = _t1452 - 0x1c;
					 *(_t1451 - 0xfc) = _t1452;
					E01319638(_t1452, "DisplayDynamicUI()...");
					E0134BA76(_t1176, 0x13c2b18, _t1332, __edi, 0, _t1457);
				}
				_t770 =  *((intOrPtr*)(_t1176 + 4));
				 *(_t1451 - 0xf0) = _t1370;
				if(_t770 > _t1370) {
					while(1) {
						_t1335 =  *(_t1451 - 0xf0);
						if(_t1335 < _t1370 || _t1335 >= _t770) {
							break;
						}
						_t1336 = _t1335 * 0x198;
						 *(_t1451 - 0xec) = _t1336;
						E013116F0(_t1451 - 0x68,  *_t1176 + _t1336 + 0x28);
						 *((char*)(_t1451 - 4)) = 1;
						_t777 =  *((intOrPtr*)(_t1451 - 0x68));
						_t1333 = _t777;
						if( *((intOrPtr*)(_t1451 - 0x54)) < 0x10) {
							_t1333 = _t1451 - 0x68;
							_t777 = _t1451 - 0x68;
						}
						_t778 = _t777 +  *((intOrPtr*)(_t1451 - 0x58));
						_t1217 =  *((intOrPtr*)(_t1451 - 0x68));
						if( *((intOrPtr*)(_t1451 - 0x54)) < 0x10) {
							_t1217 = _t1451 - 0x68;
						}
						E013275E2(_t1451 - 0x114, _t1217, _t778, _t1333);
						_t1452 = _t1452 + 0x10;
						if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
							break;
						}
						_t783 =  *_t1176 + _t1336;
						 *((intOrPtr*)(_t1451 - 0x90)) =  *((intOrPtr*)(_t783 + 0xfc));
						_t784 = _t783 + 0xd0;
						 *((intOrPtr*)(_t1451 - 0x88)) =  *((intOrPtr*)(_t783 + 0xf4)) +  *((intOrPtr*)(_t783 + 0xfc));
						 *(_t1451 - 0x94) =  *((intOrPtr*)(_t784 + 0x28));
						 *((intOrPtr*)(_t1451 - 0x8c)) =  *((intOrPtr*)(_t784 + 0x20)) +  *((intOrPtr*)(_t784 + 0x28));
						E013116F0(_t1451 - 0xe8, _t784);
						 *((char*)(_t1451 - 4)) = 2;
						if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
							break;
						}
						E01319B08(_t1451 - 0xcc,  *_t1176 +  *(_t1451 - 0xec) + 0x44);
						 *((char*)(_t1451 - 4)) = 3;
						_t1334 = E01375190("bitmap");
						if(E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, _t791, "bitmap") != 0) {
							_t1334 = E01375190("png");
							if(E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, _t797, "png") != 0) {
								if(E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, E01375190("text"), "text") == 0) {
									L230:
									 *((intOrPtr*)(_t1451 - 0x1c)) = 7;
									 *(_t1451 - 0x20) = _t1370;
									 *(_t1451 - 0x30) = 0;
									 *((char*)(_t1451 - 4)) = 4;
									__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
									if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
										break;
									}
									_t1235 = _t1451 - 0x84;
									E01319B08(_t1451 - 0x84,  *_t1176 +  *(_t1451 - 0xec) + 0x44);
									_t1181 =  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70;
									_t1341 = _t1451 - 0x84;
									 *((char*)(_t1451 - 4)) = 5;
									_t806 = E0131FD87(_t1451 - 0x84, _t1451 - 0x84, _t1181);
									__eflags = _t806 - 0xffffffff;
									if(_t806 <= 0xffffffff) {
										_t1341 = 7;
										 *((short*)(_t1451 - 0x4c)) = 0;
										 *((intOrPtr*)(_t1451 - 0x38)) = _t1341;
										 *(_t1451 - 0x3c) = _t1370;
										E0131A995(_t1451 - 0x4c, _t1451 - 0x84, _t1370, 0xffffffff);
										 *((intOrPtr*)(_t1451 - 4)) = _t1341;
										_t651 = _t1451 - 0xf4;
										 *_t651 =  *(_t1451 - 0xf4) | 0x00000002;
										__eflags =  *_t651;
										_t810 = _t1451 - 0x4c;
									} else {
										_t1370 = _t1181;
										_t810 = E0131FD37(_t1451 - 0xb0, _t1235, _t1333, _t1341, _t1451 - 0xb0);
										 *((char*)(_t1451 - 4)) = 6;
										 *(_t1451 - 0xf4) =  *(_t1451 - 0xf4) | 0x00000001;
									}
									E0131A941(_t1451 - 0x30, _t810);
									__eflags =  *(_t1451 - 0xf4) & 0x00000002;
									if(( *(_t1451 - 0xf4) & 0x00000002) != 0) {
										_t658 = _t1451 - 0xf4;
										 *_t658 =  *(_t1451 - 0xf4) & 0xfffffffd;
										__eflags =  *_t658;
										E0131AA87(_t1451 - 0x4c, 1, 0);
									}
									 *((intOrPtr*)(_t1451 - 4)) = 5;
									__eflags =  *(_t1451 - 0xf4) & 0x00000001;
									if(__eflags != 0) {
										_t665 = _t1451 - 0xf4;
										 *_t665 =  *(_t1451 - 0xf4) & 0xfffffffe;
										__eflags =  *_t665;
										E0131AA87(_t1451 - 0xb0, 1, 0);
									}
									_t812 = E013753A6(_t1341, _t1370, __eflags);
									_t1238 = 0x74;
									 *(_t1451 - 0xfc) = _t812;
									 *((char*)(_t1451 - 4)) = 8;
									__eflags = _t812;
									if(__eflags == 0) {
										_t1334 = 0;
										__eflags = 0;
									} else {
										_push(_t812);
										_t1334 = E0132A15A(_t1181, _t1341, _t1370, __eflags);
									}
									_push(_t1238);
									 *((char*)(_t1451 - 4)) = 5;
									 *_t1452 =  *_t1452 & 0x00000000;
									__eflags =  *((intOrPtr*)(_t1451 - 0x1c)) - 8;
									_t814 =  *(_t1451 - 0x30);
									 *(_t1451 - 0xfc) = _t1452;
									if( *((intOrPtr*)(_t1451 - 0x1c)) < 8) {
										_t814 = _t1451 - 0x30;
									}
									_push(_t814);
									_push(_t1238);
									 *_t1452 = _t1451 - 0x94;
									 *(_t1451 - 0xfc) = _t1452;
									_push( *( *(_t1451 - 0x110)));
									E013449ED(_t1334); // executed
									__eflags = _t1334;
									if(_t1334 == 0) {
										_t680 = _t1451 - 0x104;
										 *_t680 =  *(_t1451 - 0x104) & 0x00000000;
										__eflags =  *_t680;
									} else {
										_t678 = _t1334 + 4; // 0x4
										 *(_t1451 - 0x104) = _t678;
									}
									E013454B5(_t1451 - 0x104,  *((intOrPtr*)(_t1451 - 0x100)) + 0x600);
									__eflags = _t1334;
									if(_t1334 == 0) {
										_t686 = _t1451 - 0x104;
										 *_t686 =  *(_t1451 - 0x104) & 0x00000000;
										__eflags =  *_t686;
									} else {
										_t684 = _t1334 + 4; // 0x4
										 *(_t1451 - 0x104) = _t684;
									}
									_t1452 = _t1452 - 0x1c;
									 *(_t1451 - 0xfc) = _t1452;
									E013116F0(_t1452, _t1451 + 0x10);
									_t1373 =  *(_t1451 - 0xf0);
									_t1183 =  *(_t1451 - 0x108);
									__eflags = _t1373 -  *((intOrPtr*)(_t1183 + 4));
									if(__eflags >= 0) {
										goto L282;
									}
									_push( *_t1183 +  *(_t1451 - 0xec));
									_push( *(_t1451 - 0x104));
									E013318DF(_t1183,  *((intOrPtr*)(_t1451 - 0x100)), _t1334, _t1373, __eflags); // executed
									__eflags = _t1373 -  *((intOrPtr*)(_t1183 + 4));
									if(_t1373 >=  *((intOrPtr*)(_t1183 + 4))) {
										goto L282;
									}
									_t1376 =  *_t1183 +  *(_t1451 - 0xec) + 0xb4;
									_t825 = E0132061F( *_t1183 +  *(_t1451 - 0xec) + 0xb4, 0x13a0f5e);
									__eflags = _t825;
									if(_t825 != 0) {
										 *((char*)(_t1334 + 0x2c)) = 0;
										__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1183 + 4));
										if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1183 + 4))) {
											goto L282;
										}
										_t1452 = _t1452 - 0x1c;
										__eflags =  *_t1183 +  *(_t1451 - 0xec) + 0xb4;
										 *(_t1451 - 0xfc) = _t1452;
										E013116F0(_t1452,  *_t1183 +  *(_t1451 - 0xec) + 0xb4);
										 *((intOrPtr*)(_t1334 + 0x24)) = E01333172(_t1183, _t1334, _t1376, __eflags);
									}
									__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1183 + 4));
									if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1183 + 4))) {
										goto L282;
									}
									_t827 = E0132061F( *_t1183 +  *(_t1451 - 0xec) + 0x98, 0x13a0f5e);
									__eflags = _t827;
									if(_t827 == 0) {
										_t1380 =  *(_t1451 - 0xec);
									} else {
										__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1183 + 4));
										if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1183 + 4))) {
											goto L282;
										}
										_t1380 =  *(_t1451 - 0xec);
										_t1452 = _t1452 - 0x1c;
										 *(_t1451 - 0xfc) = _t1452;
										E013116F0(_t1452,  *_t1183 + _t1380 + 0x98);
										 *((intOrPtr*)(_t1334 + 0x28)) = E01333172(_t1183, _t1334, _t1380, __eflags);
									}
									_t1242 =  *(_t1451 - 0xf0);
									__eflags = _t1242 -  *((intOrPtr*)(_t1183 + 4));
									if(_t1242 >=  *((intOrPtr*)(_t1183 + 4))) {
										goto L282;
									}
									_t828 =  *_t1183;
									__eflags =  *(_t828 + _t1380 + 0x100) - 0xffffffff;
									if( *(_t828 + _t1380 + 0x100) == 0xffffffff) {
										_t723 = _t1334 + 0x30;
										 *_t723 =  *(_t1334 + 0x30) | 0xffffffff;
										__eflags =  *_t723;
									} else {
										 *(_t1334 + 0x30) =  *(_t828 + _t1380 + 0x100);
										 *((char*)(_t1334 + 0x34)) = 0;
									}
									__eflags = _t1242 -  *((intOrPtr*)(_t1183 + 4));
									if(_t1242 >=  *((intOrPtr*)(_t1183 + 4))) {
										goto L282;
									}
									_t829 =  *_t1183;
									__eflags =  *((char*)(_t829 + _t1380 + 0x104));
									if( *((char*)(_t829 + _t1380 + 0x104)) != 0) {
										 *((char*)(_t1334 + 0x2d)) =  *((intOrPtr*)(_t829 + _t1380 + 0x104));
										 *((char*)(_t1334 + 0x34)) = 0;
									}
									__eflags = _t1242 -  *((intOrPtr*)(_t1183 + 4));
									if(_t1242 >=  *((intOrPtr*)(_t1183 + 4))) {
										goto L282;
									}
									_t830 =  *_t1183;
									__eflags =  *((char*)(_t830 + _t1380 + 0x105));
									if( *((char*)(_t830 + _t1380 + 0x105)) != 0) {
										 *((char*)(_t1334 + 0x2e)) =  *((intOrPtr*)(_t830 + _t1380 + 0x105));
										 *((char*)(_t1334 + 0x34)) = 0;
									}
									__eflags = _t1242 -  *((intOrPtr*)(_t1183 + 4));
									if(_t1242 >=  *((intOrPtr*)(_t1183 + 4))) {
										goto L282;
									}
									_t831 =  *_t1183;
									__eflags =  *((char*)(_t831 + _t1380 + 0x106));
									if( *((char*)(_t831 + _t1380 + 0x106)) != 0) {
										 *((char*)(_t1334 + 0x2f)) =  *((intOrPtr*)(_t831 + _t1380 + 0x106));
										 *((char*)(_t1334 + 0x34)) = 0;
									}
									__eflags = _t1242 -  *((intOrPtr*)(_t1183 + 4));
									if(_t1242 >=  *((intOrPtr*)(_t1183 + 4))) {
										goto L282;
									}
									_t832 = E0132061F( *_t1183 +  *(_t1451 - 0xec) + 0x108, 0x13a0f5e);
									__eflags = _t832;
									if(_t832 == 0) {
										_t833 = E01375190("Tahoma");
										_t754 = _t1334 + 0x38; // 0x38
										E01311568(_t754, __eflags, "Tahoma", _t833);
									} else {
										__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1183 + 4));
										if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1183 + 4))) {
											goto L282;
										}
										_t752 = _t1334 + 0x38; // 0x38
										E01311716(_t752,  *_t1183 +  *(_t1451 - 0xec) + 0x108, 0, 0xffffffff);
										 *((char*)(_t1334 + 0x34)) = 0;
									}
									goto L277;
								} else {
									if(E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, E01375190("hyperlink"), "hyperlink") != 0) {
										L17:
										_t1345 = E01375190("checkbox");
										_t866 = E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, _t864, "checkbox");
										_t1471 = _t866;
										if(_t866 != 0) {
											_t1347 = E01375190("radio");
											__eflags = E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, _t867, "radio");
											if(__eflags != 0) {
												_t872 = E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, E01375190("hyperlink"), "hyperlink");
												__eflags = _t872;
												if(_t872 != 0) {
													L180:
													_t1334 = E01375190("scrolltext");
													__eflags = E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, _t873, "scrolltext");
													if(__eflags == 0) {
														_push(0x84);
														_t876 = E013753A6(_t1334, _t1370, __eflags);
														 *(_t1451 - 0xfc) = _t876;
														 *((char*)(_t1451 - 4)) = 0x19;
														__eflags = _t876 - _t1370;
														if(__eflags == 0) {
															 *(_t1451 - 0xf8) = _t1370;
														} else {
															_push(_t876);
															 *(_t1451 - 0xf8) = E0132A510(_t1176, _t1334, _t1370, __eflags);
														}
														 *((intOrPtr*)(_t1451 - 0x1c)) = 7;
														 *(_t1451 - 0x20) = _t1370;
														 *(_t1451 - 0x30) = 0;
														 *((char*)(_t1451 - 4)) = 0x1a;
														__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
														if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
															break;
														}
														_t1263 = _t1451 - 0x84;
														E01319B08(_t1451 - 0x84,  *_t1176 +  *(_t1451 - 0xec) + 0x44);
														 *((char*)(_t1451 - 4)) = 0x1b;
														_t1351 = _t1451 - 0x84;
														 *(_t1451 - 0x104) =  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70;
														_t885 = E0131FD87(_t1451 - 0x84, _t1451 - 0x84,  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70);
														__eflags = _t885 - 0xffffffff;
														if(_t885 <= 0xffffffff) {
															 *((short*)(_t1451 - 0x4c)) = 0;
															 *((intOrPtr*)(_t1451 - 0x38)) = 7;
															 *(_t1451 - 0x3c) = _t1370;
															E0131A995(_t1451 - 0x4c, _t1451 - 0x84, _t1370, 0xffffffff);
															 *((intOrPtr*)(_t1451 - 4)) = 0x1d;
															_t535 = _t1451 - 0xf4;
															 *_t535 =  *(_t1451 - 0xf4) | 0x00000200;
															__eflags =  *_t535;
															_t889 = _t1451 - 0x4c;
														} else {
															_t889 = E0131FD37(_t1451 - 0xb0, _t1263, _t1333, _t1351, _t1451 - 0xb0);
															 *((char*)(_t1451 - 4)) = 0x1c;
															 *(_t1451 - 0xf4) =  *(_t1451 - 0xf4) | 0x00000100;
															_t1370 = 0;
														}
														E0131A941(_t1451 - 0x30, _t889);
														__eflags =  *(_t1451 - 0xf4) & 0x00000200;
														if(( *(_t1451 - 0xf4) & 0x00000200) != 0) {
															_t542 = _t1451 - 0xf4;
															 *_t542 =  *(_t1451 - 0xf4) & 0xfffffdff;
															__eflags =  *_t542;
															E0131AA87(_t1451 - 0x4c, 1, _t1370);
														}
														 *((intOrPtr*)(_t1451 - 4)) = 0x1b;
														__eflags =  *(_t1451 - 0xf4) & 0x00000100;
														if(( *(_t1451 - 0xf4) & 0x00000100) != 0) {
															_t549 = _t1451 - 0xf4;
															 *_t549 =  *(_t1451 - 0xf4) & 0xfffffeff;
															__eflags =  *_t549;
															E0131AA87(_t1451 - 0xb0, 1, _t1370);
														}
														__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
														if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
															break;
														}
														_t1387 =  *_t1176 +  *(_t1451 - 0xec) + 0x98;
														_t892 = E0132061F( *_t1176 +  *(_t1451 - 0xec) + 0x98, 0x13a0f5e);
														__eflags = _t892;
														if(_t892 == 0) {
															_t1352 =  *(_t1451 - 0xf8);
														} else {
															__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
															if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
																goto L282;
															}
															_t1452 = _t1452 - 0x1c;
															 *(_t1451 - 0xfc) = _t1452;
															E013116F0(_t1452,  *_t1176 +  *(_t1451 - 0xec) + 0x98);
															_t933 = E01333172(_t1176, _t1351, _t1387, __eflags);
															_t1352 =  *(_t1451 - 0xf8);
															 *((intOrPtr*)(_t1352 + 0x3c)) = _t933;
														}
														_t1388 =  *(_t1451 - 0xf0);
														__eflags = _t1388 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1388 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t893 =  *_t1176;
														_t1266 =  *(_t1451 - 0xec);
														__eflags =  *(_t893 + _t1266 + 0x100) - 0xffffffff;
														if( *(_t893 + _t1266 + 0x100) == 0xffffffff) {
															_t572 = _t1352 + 0x78;
															 *_t572 =  *(_t1352 + 0x78) | 0xffffffff;
															__eflags =  *_t572;
														} else {
															 *(_t1352 + 0x78) =  *(_t893 + _t1266 + 0x100);
															 *((char*)(_t1352 + 0x7f)) = 0;
														}
														__eflags = _t1388 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1388 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t894 =  *_t1176;
														__eflags =  *((char*)(_t894 + _t1266 + 0x104));
														if( *((char*)(_t894 + _t1266 + 0x104)) != 0) {
															 *((char*)(_t1352 + 0x7c)) =  *((intOrPtr*)(_t894 + _t1266 + 0x104));
															 *((char*)(_t1352 + 0x7f)) = 0;
														}
														__eflags = _t1388 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1388 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t895 =  *_t1176;
														__eflags =  *((char*)(_t895 + _t1266 + 0x105));
														if( *((char*)(_t895 + _t1266 + 0x105)) != 0) {
															 *((char*)(_t1352 + 0x7d)) =  *((intOrPtr*)(_t895 + _t1266 + 0x105));
															 *((char*)(_t1352 + 0x7f)) = 0;
														}
														__eflags = _t1388 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1388 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t896 =  *_t1176;
														__eflags =  *((char*)(_t896 + _t1266 + 0x106));
														if( *((char*)(_t896 + _t1266 + 0x106)) != 0) {
															 *((char*)(_t1352 + 0x7e)) =  *((intOrPtr*)(_t896 + _t1266 + 0x106));
															 *((char*)(_t1352 + 0x7f)) = 0;
														}
														__eflags = _t1388 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1388 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t897 = E0132061F( *_t1176 +  *(_t1451 - 0xec) + 0x108, 0x13a0f5e);
														__eflags = _t897;
														if(_t897 == 0) {
															E01311568(_t1352 + 0x5c, __eflags, "Tahoma", E01375190("Tahoma"));
															_t1393 =  *(_t1451 - 0xf0);
														} else {
															_t1393 =  *(_t1451 - 0xf0);
															__eflags = _t1393 -  *((intOrPtr*)(_t1176 + 4));
															if(_t1393 >=  *((intOrPtr*)(_t1176 + 4))) {
																goto L282;
															}
															E01311716(_t1352 + 0x5c,  *_t1176 +  *(_t1451 - 0xec) + 0x108, 0, 0xffffffff);
															 *((char*)(_t1352 + 0x7f)) = 0;
														}
														__eflags = _t1393 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1393 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t1269 =  *(_t1451 - 0xec);
														 *((char*)(_t1352 + 0x81)) =  *((intOrPtr*)( *_t1176 + _t1269 + 0x15c));
														__eflags = _t1393 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1393 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														 *((char*)(_t1352 + 0x80)) =  *((intOrPtr*)( *_t1176 + _t1269 + 0x15d));
														__eflags = _t1393 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1393 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t905 =  *((intOrPtr*)( *_t1176 + _t1269 + 0x15e));
														 *((char*)(_t1352 + 0x82)) = _t905;
														__eflags = _t1393 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1393 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t1189 =  *((intOrPtr*)( *_t1176 + _t1269 + 0x15f));
														 *((char*)(_t1352 + 0x83)) = _t1189;
														_t1270 = 0x50001000;
														__eflags = _t905;
														if(_t905 != 0) {
															_t1270 = 0x50001004;
															__eflags = 0x50001000;
														}
														__eflags =  *((char*)(_t1352 + 0x81));
														if( *((char*)(_t1352 + 0x81)) != 0) {
															_t1270 = _t1270 | 0x00200040;
															__eflags = _t1270;
														}
														__eflags =  *((char*)(_t1352 + 0x80));
														if( *((char*)(_t1352 + 0x80)) != 0) {
															_t1270 = _t1270 | 0x00100080;
															__eflags = _t1270;
														}
														__eflags = _t1189;
														if(_t1189 != 0) {
															_t1270 = _t1270 | 0x00000800;
															__eflags = _t1270;
														}
														_push(_t1270);
														 *_t1452 =  *_t1452 & 0x00000000;
														__eflags =  *((intOrPtr*)(_t1451 - 0x1c)) - 8;
														_t907 =  *(_t1451 - 0x30);
														 *(_t1451 - 0xfc) = _t1452;
														if( *((intOrPtr*)(_t1451 - 0x1c)) < 8) {
															_t907 = _t1451 - 0x30;
														}
														_push(_t1270);
														_push(_t907);
														_push(_t1270);
														 *_t1452 = _t1451 - 0x94;
														 *(_t1451 - 0xfc) = _t1452;
														_push( *( *(_t1451 - 0x110)));
														E01344E56(_t1352);
														E013209BC(_t1333, _t1352);
														goto L122;
													}
												} else {
													_t1353 =  *(_t1451 - 0xf0);
													__eflags = _t1353 -  *((intOrPtr*)(_t1176 + 4));
													if(_t1353 >=  *((intOrPtr*)(_t1176 + 4))) {
														break;
													}
													__eflags =  *((intOrPtr*)( *_t1176 +  *(_t1451 - 0xec) + 0xe0)) - _t1370;
													if(__eflags == 0) {
														goto L180;
													} else {
														_push(0x8c);
														_t940 = E013753A6(_t1353, _t1370, __eflags);
														 *(_t1451 - 0xfc) = _t940;
														 *((char*)(_t1451 - 4)) = 0x13;
														__eflags = _t940 - _t1370;
														if(__eflags == 0) {
															 *(_t1451 - 0xf8) = _t1370;
														} else {
															_push(_t940);
															 *(_t1451 - 0xf8) = E0132A411(_t1176, _t1353, _t1370, __eflags);
														}
														 *(_t1451 - 0xfc) =  *(_t1451 - 0xf8);
														 *((intOrPtr*)(_t1451 - 0x1c)) = 7;
														 *(_t1451 - 0x20) = _t1370;
														 *(_t1451 - 0x30) = 0;
														 *((char*)(_t1451 - 4)) = 0x14;
														__eflags = _t1353 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1353 >=  *((intOrPtr*)(_t1176 + 4))) {
															break;
														}
														_t1280 = _t1451 - 0x84;
														E01319B08(_t1451 - 0x84,  *_t1176 +  *(_t1451 - 0xec) + 0x44);
														_t1354 = _t1451 - 0x84;
														 *((char*)(_t1451 - 4)) = 0x15;
														_t944 = E0131FD87(_t1451 - 0x84, _t1451 - 0x84,  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70);
														__eflags = _t944 - 0xffffffff;
														if(_t944 <= 0xffffffff) {
															 *((short*)(_t1451 - 0x4c)) = 0;
															 *((intOrPtr*)(_t1451 - 0x38)) = 7;
															 *(_t1451 - 0x3c) = _t1370;
															E0131A995(_t1451 - 0x4c, _t1451 - 0x84, _t1370, 0xffffffff);
															 *((intOrPtr*)(_t1451 - 4)) = 0x17;
															_t391 = _t1451 - 0xf4;
															 *_t391 =  *(_t1451 - 0xf4) | 0x00000080;
															__eflags =  *_t391;
															_t948 = _t1451 - 0x4c;
														} else {
															_t948 = E0131FD37(_t1451 - 0xb0, _t1280, _t1333, _t1354, _t1451 - 0xb0);
															 *((char*)(_t1451 - 4)) = 0x16;
															 *(_t1451 - 0xf4) =  *(_t1451 - 0xf4) | 0x00000040;
														}
														E0131A941(_t1451 - 0x30, _t948);
														__eflags =  *(_t1451 - 0xf4) & 0x00000080;
														if(( *(_t1451 - 0xf4) & 0x00000080) != 0) {
															_t398 = _t1451 - 0xf4;
															 *_t398 =  *(_t1451 - 0xf4) & 0xffffff7f;
															__eflags =  *_t398;
															E0131AA87(_t1451 - 0x4c, 1, 0);
														}
														 *((intOrPtr*)(_t1451 - 4)) = 0x15;
														__eflags =  *(_t1451 - 0xf4) & 0x00000040;
														if(( *(_t1451 - 0xf4) & 0x00000040) != 0) {
															_t405 = _t1451 - 0xf4;
															 *_t405 =  *(_t1451 - 0xf4) & 0xffffffbf;
															__eflags =  *_t405;
															E0131AA87(_t1451 - 0xb0, 1, 0);
														}
														_t1398 =  *(_t1451 - 0x30);
														__eflags =  *((intOrPtr*)(_t1451 - 0x1c)) - 8;
														if( *((intOrPtr*)(_t1451 - 0x1c)) < 8) {
															_t1398 = _t1451 - 0x30;
														}
														_t1355 =  *( *(_t1451 - 0x110));
														__eflags =  *0x13bfb80; // 0x0
														if(__eflags == 0) {
															 *0x13bfb80 = 0;
														}
														_push( *((intOrPtr*)(_t1451 - 0x114)));
														_t953 = E0131D71A(0x13bfb50,  *(_t1451 - 0xf8) + 0x20);
														_t1453 = _t1452 + 0xc;
														_t954 = _t953 & 0x0000ffff;
														__eflags = _t1398;
														if (__eflags != 0) goto L142;
														_t1197 =  *(_t1451 - 0xf8);
														E01347E09( *(_t1451 - 0xf8), __eflags, _t1355, _t1451 - 0x94, _t1398, 0x50000000, 0, 0, _t954); // executed
														_t1334 =  *(_t1451 - 0x108);
														_push(0xffffffff);
														_push(0xfde9);
														_push(0xfde9);
														__eflags =  *(_t1451 - 0xf0) -  *(_t1334 + 4);
														if( *(_t1451 - 0xf0) >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t1454 = _t1453 - 0x1c;
														 *(_t1451 - 0x10c) = _t1454;
														E013116F0(_t1454,  *_t1334 +  *(_t1451 - 0xec) + 0xd0);
														_push(_t1451 - 0xb0);
														_t964 = E0135BED6(_t1197, _t1334, _t1398, __eflags);
														_t1455 = _t1454 + 0x2c;
														 *((char*)(_t1451 - 4)) = 0x18;
														__eflags =  *((intOrPtr*)(_t964 + 0x14)) - 8;
														if(__eflags >= 0) {
															_t964 =  *_t964;
														}
														_t1399 =  *(_t1451 - 0xf8);
														_push(_t964);
														_push(_t1399);
														E01344A79(_t1197, _t1334, _t1399, __eflags);
														 *((char*)(_t1451 - 4)) = 0x15;
														E0131AA87(_t1451 - 0xb0, 1, 0);
														__eflags = _t1399;
														if(_t1399 == 0) {
															_t428 = _t1451 - 0x104;
															 *_t428 =  *(_t1451 - 0x104) & 0x00000000;
															__eflags =  *_t428;
														} else {
															 *(_t1451 - 0x104) = _t1399 + 4;
														}
														E013454B5(_t1451 - 0x104,  *((intOrPtr*)(_t1451 - 0x100)) + 0x600);
														_t1199 =  *(_t1451 - 0xf8);
														__eflags = _t1199;
														if(_t1199 == 0) {
															_t435 = _t1451 - 0x104;
															 *_t435 =  *(_t1451 - 0x104) & 0x00000000;
															__eflags =  *_t435;
														} else {
															 *(_t1451 - 0x104) = _t1199 + 4;
														}
														_t1452 = _t1455 - 0x1c;
														 *(_t1451 - 0x10c) = _t1452;
														E013116F0(_t1452, _t1451 + 0x10);
														_t1402 =  *(_t1451 - 0xf0);
														__eflags = _t1402 -  *(_t1334 + 4);
														if(__eflags >= 0) {
															goto L282;
														}
														_push( *_t1334 +  *(_t1451 - 0xec));
														_push( *(_t1451 - 0x104));
														E013318DF(_t1199,  *((intOrPtr*)(_t1451 - 0x100)), _t1334, _t1402, __eflags);
														__eflags = _t1402 -  *(_t1334 + 4);
														if(_t1402 >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t1405 =  *_t1334 +  *(_t1451 - 0xec) + 0xb4;
														_t973 = E0132061F( *_t1334 +  *(_t1451 - 0xec) + 0xb4, 0x13a0f5e);
														__eflags = _t973;
														if(_t973 != 0) {
															 *((char*)(_t1199 + 0x64)) = 0;
															__eflags =  *(_t1451 - 0xf0) -  *(_t1334 + 4);
															if( *(_t1451 - 0xf0) >=  *(_t1334 + 4)) {
																goto L282;
															}
															_t1452 = _t1452 - 0x1c;
															__eflags =  *_t1334 +  *(_t1451 - 0xec) + 0xb4;
															 *(_t1451 - 0x10c) = _t1452;
															E013116F0(_t1452,  *_t1334 +  *(_t1451 - 0xec) + 0xb4);
															 *((intOrPtr*)(_t1199 + 0x5c)) = E01333172(_t1199, _t1334, _t1405, __eflags);
														}
														__eflags =  *(_t1451 - 0xf0) -  *(_t1334 + 4);
														if( *(_t1451 - 0xf0) >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t975 = E0132061F( *_t1334 +  *(_t1451 - 0xec) + 0x98, 0x13a0f5e);
														__eflags = _t975;
														if(_t975 == 0) {
															_t1409 =  *(_t1451 - 0xec);
															 *((char*)(_t1199 + 0x6d)) = 1;
														} else {
															__eflags =  *(_t1451 - 0xf0) -  *(_t1334 + 4);
															if( *(_t1451 - 0xf0) >=  *(_t1334 + 4)) {
																goto L282;
															}
															_t1409 =  *(_t1451 - 0xec);
															_t1452 = _t1452 - 0x1c;
															 *(_t1451 - 0x10c) = _t1452;
															E013116F0(_t1452,  *_t1334 + _t1409 + 0x98);
															 *((intOrPtr*)(_t1199 + 0x60)) = E01333172(_t1199, _t1334, _t1409, __eflags);
															 *((char*)(_t1199 + 0x6d)) = 0;
														}
														_t1287 =  *(_t1451 - 0xf0);
														__eflags = _t1287 -  *(_t1334 + 4);
														if(_t1287 >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t976 =  *_t1334;
														__eflags =  *(_t976 + _t1409 + 0x100) - 0xffffffff;
														if( *(_t976 + _t1409 + 0x100) == 0xffffffff) {
															_t472 = _t1199 + 0x68;
															 *_t472 =  *(_t1199 + 0x68) | 0xffffffff;
															__eflags =  *_t472;
														} else {
															 *(_t1199 + 0x68) =  *(_t976 + _t1409 + 0x100);
														}
														__eflags = _t1287 -  *(_t1334 + 4);
														if(_t1287 >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t977 =  *_t1334;
														__eflags =  *((char*)(_t977 + _t1409 + 0x104));
														if( *((char*)(_t977 + _t1409 + 0x104)) != 0) {
															 *((char*)(_t1199 + 0x65)) =  *((intOrPtr*)(_t977 + _t1409 + 0x104));
															 *((char*)(_t1199 + 0x6c)) = 0;
														}
														__eflags = _t1287 -  *(_t1334 + 4);
														if(_t1287 >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t978 =  *_t1334;
														__eflags =  *((char*)(_t978 + _t1409 + 0x105));
														if( *((char*)(_t978 + _t1409 + 0x105)) != 0) {
															 *((char*)(_t1199 + 0x66)) =  *((intOrPtr*)(_t978 + _t1409 + 0x105));
															 *((char*)(_t1199 + 0x6c)) = 0;
														}
														__eflags = _t1287 -  *(_t1334 + 4);
														if(_t1287 >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t979 =  *_t1334;
														__eflags =  *((char*)(_t979 + _t1409 + 0x107));
														if( *((char*)(_t979 + _t1409 + 0x107)) != 0) {
															 *((char*)(_t1199 + 0x67)) =  *((intOrPtr*)(_t979 + _t1409 + 0x106));
															 *((char*)(_t1199 + 0x6c)) = 0;
														}
														__eflags = _t1287 -  *(_t1334 + 4);
														if(_t1287 >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t980 = E0132061F( *_t1334 +  *(_t1451 - 0xec) + 0x108, 0x13a0f5e);
														__eflags = _t980;
														if(_t980 == 0) {
															E01311568(_t1199 + 0x70, __eflags, "Tahoma", E01375190("Tahoma"));
														} else {
															__eflags =  *(_t1451 - 0xf0) -  *(_t1334 + 4);
															if( *(_t1451 - 0xf0) >=  *(_t1334 + 4)) {
																goto L282;
															}
															E01311716(_t1199 + 0x70, _t1334, 0, 0xffffffff);
															 *((char*)(_t1199 + 0x6c)) = 0;
														}
														E013454B5(_t1451 - 0xfc,  *((intOrPtr*)(_t1451 - 0x100)) + 0x134);
														goto L277;
													}
												}
											} else {
												_push(0x120);
												_t1007 = E013753A6(_t1347, _t1370, __eflags);
												 *(_t1451 - 0xfc) = _t1007;
												 *((char*)(_t1451 - 4)) = 0xe;
												__eflags = _t1007 - _t1370;
												if(__eflags == 0) {
													 *(_t1451 - 0xf8) = _t1370;
												} else {
													_push(_t1007);
													 *(_t1451 - 0xf8) = E0131FE5B(_t1176, _t1347, _t1370, __eflags);
												}
												 *(_t1451 - 0xfc) =  *(_t1451 - 0xf8);
												 *((intOrPtr*)(_t1451 - 0x1c)) = 7;
												 *(_t1451 - 0x20) = _t1370;
												 *(_t1451 - 0x30) = 0;
												 *((char*)(_t1451 - 4)) = 0xf;
												__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
												if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
													break;
												}
												_t1296 = _t1451 - 0x84;
												E01319B08(_t1451 - 0x84,  *_t1176 +  *(_t1451 - 0xec) + 0x44);
												 *((char*)(_t1451 - 4)) = 0x10;
												_t1358 = _t1451 - 0x84;
												 *(_t1451 - 0x104) =  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70;
												_t1017 = E0131FD87(_t1451 - 0x84, _t1451 - 0x84,  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70);
												__eflags = _t1017 - 0xffffffff;
												if(_t1017 <= 0xffffffff) {
													 *((short*)(_t1451 - 0x4c)) = 0;
													 *((intOrPtr*)(_t1451 - 0x38)) = 7;
													 *(_t1451 - 0x3c) = _t1370;
													E0131A995(_t1451 - 0x4c, _t1451 - 0x84, _t1370, 0xffffffff);
													 *((intOrPtr*)(_t1451 - 4)) = 0x12;
													_t239 = _t1451 - 0xf4;
													 *_t239 =  *(_t1451 - 0xf4) | 0x00000020;
													__eflags =  *_t239;
													_t1021 = _t1451 - 0x4c;
												} else {
													_t1021 = E0131FD37(_t1451 - 0xb0, _t1296, _t1333, _t1358, _t1451 - 0xb0);
													 *((char*)(_t1451 - 4)) = 0x11;
													 *(_t1451 - 0xf4) =  *(_t1451 - 0xf4) | 0x00000010;
													_t1370 = 0;
												}
												E0131A941(_t1451 - 0x30, _t1021);
												__eflags =  *(_t1451 - 0xf4) & 0x00000020;
												if(( *(_t1451 - 0xf4) & 0x00000020) != 0) {
													_t246 = _t1451 - 0xf4;
													 *_t246 =  *(_t1451 - 0xf4) & 0xffffffdf;
													__eflags =  *_t246;
													E0131AA87(_t1451 - 0x4c, 1, _t1370);
												}
												 *((intOrPtr*)(_t1451 - 4)) = 0x10;
												__eflags =  *(_t1451 - 0xf4) & 0x00000010;
												if(( *(_t1451 - 0xf4) & 0x00000010) != 0) {
													_t253 = _t1451 - 0xf4;
													 *_t253 =  *(_t1451 - 0xf4) & 0xffffffef;
													__eflags =  *_t253;
													E0131AA87(_t1451 - 0xb0, 1, _t1370);
												}
												_t1359 =  *(_t1451 - 0xf0);
												__eflags = _t1359 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1359 >=  *((intOrPtr*)(_t1176 + 4))) {
													break;
												}
												E01311716( *(_t1451 - 0xf8) + 0x6c,  *_t1176 +  *(_t1451 - 0xec) + 0xc, _t1370, 0xffffffff);
												__eflags = _t1359 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1359 >=  *((intOrPtr*)(_t1176 + 4))) {
													break;
												}
												 *((intOrPtr*)( *(_t1451 - 0xf8) + 0x88)) =  *_t1176 +  *(_t1451 - 0xec) + 0xec;
												__eflags = _t1359 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1359 >=  *((intOrPtr*)(_t1176 + 4))) {
													break;
												}
												_t1420 =  *_t1176 +  *(_t1451 - 0xec) + 0xb4;
												_t1030 = E0132061F( *_t1176 +  *(_t1451 - 0xec) + 0xb4, 0x13a0f5e);
												_t1360 =  *(_t1451 - 0xf8);
												__eflags = _t1030;
												if(_t1030 != 0) {
													 *((char*)(_t1360 + 0x68)) = 0;
													__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
													if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
														goto L282;
													}
													_t1452 = _t1452 - 0x1c;
													__eflags =  *_t1176 +  *(_t1451 - 0xec) + 0xb4;
													 *(_t1451 - 0x10c) = _t1452;
													E013116F0(_t1452,  *_t1176 +  *(_t1451 - 0xec) + 0xb4);
													 *((intOrPtr*)(_t1360 + 0x60)) = E01333172(_t1176, _t1360, _t1420, __eflags);
												}
												__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
												if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
													goto L282;
												}
												_t1032 = E0132061F( *_t1176 +  *(_t1451 - 0xec) + 0x98, 0x13a0f5e);
												__eflags = _t1032;
												if(_t1032 == 0) {
													_t1424 =  *(_t1451 - 0xec);
												} else {
													__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
													if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
														goto L282;
													}
													_t1424 =  *(_t1451 - 0xec);
													_t1452 = _t1452 - 0x1c;
													 *(_t1451 - 0x10c) = _t1452;
													E013116F0(_t1452,  *_t1176 + _t1424 + 0x98);
													 *((intOrPtr*)(_t1360 + 0x64)) = E01333172(_t1176, _t1360, _t1424, __eflags);
												}
												_t1302 =  *(_t1451 - 0xf0);
												__eflags = _t1302 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1302 >=  *((intOrPtr*)(_t1176 + 4))) {
													goto L282;
												}
												_t1033 =  *_t1176;
												__eflags =  *(_t1033 + _t1424 + 0x100) - 0xffffffff;
												if( *(_t1033 + _t1424 + 0x100) == 0xffffffff) {
													_t292 = _t1360 + 0x90;
													 *_t292 =  *(_t1360 + 0x90) | 0xffffffff;
													__eflags =  *_t292;
												} else {
													 *(_t1360 + 0x90) =  *(_t1033 + _t1424 + 0x100);
													 *((char*)(_t1360 + 0x94)) = 0;
												}
												__eflags = _t1302 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1302 >=  *((intOrPtr*)(_t1176 + 4))) {
													goto L282;
												}
												_t1034 =  *_t1176;
												__eflags =  *((char*)(_t1034 + _t1424 + 0x104));
												if( *((char*)(_t1034 + _t1424 + 0x104)) != 0) {
													 *((char*)(_t1360 + 0x8c)) =  *((intOrPtr*)(_t1034 + _t1424 + 0x104));
													 *((char*)(_t1360 + 0x94)) = 0;
												}
												__eflags = _t1302 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1302 >=  *((intOrPtr*)(_t1176 + 4))) {
													goto L282;
												}
												_t1035 =  *_t1176;
												__eflags =  *((char*)(_t1035 + _t1424 + 0x105));
												if( *((char*)(_t1035 + _t1424 + 0x105)) != 0) {
													 *((char*)(_t1360 + 0x8d)) =  *((intOrPtr*)(_t1035 + _t1424 + 0x105));
													 *((char*)(_t1360 + 0x94)) = 0;
												}
												__eflags = _t1302 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1302 >=  *((intOrPtr*)(_t1176 + 4))) {
													goto L282;
												}
												_t1036 =  *_t1176;
												__eflags =  *((char*)(_t1036 + _t1424 + 0x106));
												if( *((char*)(_t1036 + _t1424 + 0x106)) != 0) {
													 *((char*)(_t1360 + 0x8e)) =  *((intOrPtr*)(_t1036 + _t1424 + 0x106));
													 *((char*)(_t1360 + 0x94)) = 0;
												}
												__eflags = _t1302 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1302 >=  *((intOrPtr*)(_t1176 + 4))) {
													goto L282;
												}
												_t1037 = E0132061F( *_t1176 +  *(_t1451 - 0xec) + 0x108, 0x13a0f5e);
												__eflags = _t1037;
												if(_t1037 == 0) {
													E01311568(_t1360 + 0x104, __eflags, "Tahoma", E01375190("Tahoma"));
													_t1429 = 0;
													__eflags = 0;
												} else {
													__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
													if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
														goto L282;
													}
													_t1429 = 0;
													E01311716(_t1360 + 0x104,  *_t1176 +  *(_t1451 - 0xec) + 0x108, 0, 0xffffffff);
													 *((char*)(_t1360 + 0x94)) = 0;
												}
												E0131A995(_t1360 + 0xb4, _t1451 - 0x30, _t1429, 0xffffffff);
												__eflags =  *((intOrPtr*)(_t1451 - 0x1c)) - 8;
												_t1201 =  *(_t1451 - 0x30);
												if( *((intOrPtr*)(_t1451 - 0x1c)) < 8) {
													_t1201 = _t1451 - 0x30;
												}
												 *(_t1451 - 0x10c) =  *( *(_t1451 - 0x110));
												__eflags =  *0x13bfd30 - _t1429; // 0x0
												if(__eflags == 0) {
													 *0x13bfd30 = _t1429;
												}
												_push( *((intOrPtr*)(_t1451 - 0x114)));
												_t1045 = E0131D71A(0x13bfd00, _t1360 + 0x20);
												_t1452 = _t1452 + 0xc;
												_t1046 = _t1045 & 0x0000ffff;
												__eflags = _t1201 - _t1429;
												if(__eflags == 0) {
													_t1201 = 0;
													__eflags = 0;
												}
												E01347E09(_t1360, __eflags,  *(_t1451 - 0x10c), _t1451 - 0x94, _t1201, 0x50000009, _t1429, 0, _t1046);
												_t1352 =  *(_t1451 - 0xf8);
												 *((intOrPtr*)(_t1352 + 0xd0)) =  *((intOrPtr*)(_t1451 - 0x100));
												E01311716(_t1352 + 0x98, _t1451 + 0x10, 0, 0xffffffff);
												_t1203 =  *(_t1451 - 0xf0);
												_t1430 =  *(_t1451 - 0x108);
												__eflags = _t1203 -  *((intOrPtr*)(_t1430 + 4));
												if(_t1203 >=  *((intOrPtr*)(_t1430 + 4))) {
													goto L282;
												}
												E01311716(_t1352 + 0xe4,  *_t1430 +  *(_t1451 - 0xec) + 0x164, 0, 0xffffffff);
												__eflags = _t1203 -  *((intOrPtr*)(_t1430 + 4));
												if(_t1203 >=  *((intOrPtr*)(_t1430 + 4))) {
													goto L282;
												}
												 *((char*)(_t1352 + 0x100)) =  *((intOrPtr*)( *_t1430 +  *(_t1451 - 0xec) + 0x180));
												__eflags = _t1203 -  *((intOrPtr*)(_t1430 + 4));
												if(_t1203 >=  *((intOrPtr*)(_t1430 + 4))) {
													goto L282;
												}
												E0134470C( *_t1430 +  *(_t1451 - 0xec) + 0x184, _t1352 + 0xd4);
												__eflags = _t1203 -  *((intOrPtr*)(_t1430 + 4));
												if(_t1203 >=  *((intOrPtr*)(_t1430 + 4))) {
													goto L282;
												}
												E01320401( *((intOrPtr*)( *_t1430 +  *(_t1451 - 0xec) + 0xec)), _t1203, _t1352,  *_t1430 +  *(_t1451 - 0xec));
												__eflags =  *((intOrPtr*)(_t1451 - 0x100)) + 0x618;
												E013454B5(_t1451 - 0xfc,  *((intOrPtr*)(_t1451 - 0x100)) + 0x618);
												L122:
												_t1334 = _t1352 + 4;
												 *(_t1451 - 0xfc) = _t1334;
												_t1190 = _t1451 - 0xfc;
												goto L68;
											}
										} else {
											_push(0xf4);
											_t1089 = E013753A6(_t1345, _t1370, _t1471);
											 *(_t1451 - 0xfc) = _t1089;
											 *((char*)(_t1451 - 4)) = 9;
											_t1472 = _t1089 - _t1370;
											if(_t1089 == _t1370) {
												 *(_t1451 - 0xf8) = _t1370;
											} else {
												_push(_t1089);
												 *(_t1451 - 0xf8) = E0132A1F9(_t1176, _t1345, _t1370, _t1472);
											}
											 *(_t1451 - 0x10c) =  *(_t1451 - 0xf8);
											 *((intOrPtr*)(_t1451 - 0x1c)) = 7;
											 *(_t1451 - 0x20) = _t1370;
											 *(_t1451 - 0x30) = 0;
											 *((char*)(_t1451 - 4)) = 0xa;
											if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
												break;
											}
											_t1315 = _t1451 - 0x84;
											E01319B08(_t1451 - 0x84,  *_t1176 +  *(_t1451 - 0xec) + 0x44);
											 *((char*)(_t1451 - 4)) = 0xb;
											_t1361 = _t1451 - 0x84;
											 *(_t1451 - 0x104) =  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70;
											if(E0131FD87(_t1451 - 0x84, _t1451 - 0x84,  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70) <= 0xffffffff) {
												 *((short*)(_t1451 - 0x4c)) = 0;
												 *((intOrPtr*)(_t1451 - 0x38)) = 7;
												 *(_t1451 - 0x3c) = _t1370;
												E0131A995(_t1451 - 0x4c, _t1451 - 0x84, _t1370, 0xffffffff);
												 *((intOrPtr*)(_t1451 - 4)) = 0xd;
												_t85 = _t1451 - 0xf4;
												 *_t85 =  *(_t1451 - 0xf4) | 0x00000008;
												__eflags =  *_t85;
												_t1103 = _t1451 - 0x4c;
											} else {
												_t1103 = E0131FD37(_t1451 - 0xb0, _t1315, _t1333, _t1361, _t1451 - 0xb0);
												 *((char*)(_t1451 - 4)) = 0xc;
												 *(_t1451 - 0xf4) =  *(_t1451 - 0xf4) | 0x00000004;
												_t1370 = 0;
											}
											E0131A941(_t1451 - 0x30, _t1103);
											if(( *(_t1451 - 0xf4) & 0x00000008) != 0) {
												 *(_t1451 - 0xf4) =  *(_t1451 - 0xf4) & 0xfffffff7;
												E0131AA87(_t1451 - 0x4c, 1, _t1370);
											}
											 *((intOrPtr*)(_t1451 - 4)) = 0xb;
											if(( *(_t1451 - 0xf4) & 0x00000004) != 0) {
												 *(_t1451 - 0xf4) =  *(_t1451 - 0xf4) & 0xfffffffb;
												E0131AA87(_t1451 - 0xb0, 1, _t1370);
											}
											if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
												break;
											}
											_t1362 =  *(_t1451 - 0xf8);
											E01311716(_t1362 + 0x38,  *_t1176 +  *(_t1451 - 0xec) + 0xc, _t1370, 0xffffffff);
											if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
												break;
											}
											 *((intOrPtr*)(_t1362 + 0x70)) =  *_t1176 +  *(_t1451 - 0xec) + 0xec;
											_t1211 =  *(_t1451 - 0x30);
											if( *((intOrPtr*)(_t1451 - 0x1c)) < 8) {
												_t1211 = _t1451 - 0x30;
											}
											 *(_t1451 - 0x104) =  *( *(_t1451 - 0x110));
											_t1482 =  *0x13bfca0 - _t1370; // 0x0
											if(_t1482 == 0) {
												 *0x13bfca0 = _t1370;
											}
											_push( *((intOrPtr*)(_t1451 - 0x114)));
											_t1113 = E0131D71A(0x13bfc70, _t1362 + 0x20);
											_t1452 = _t1452 + 0xc;
											_t1114 = _t1113 & 0x0000ffff;
											if(_t1211 == _t1370) {
												_t1211 = 0;
											}
											_t1212 =  *(_t1451 - 0xf8);
											E01347E09(_t1212, 0,  *(_t1451 - 0x104), _t1451 - 0x94, _t1211, 0x50000003, _t1370, _t1370, _t1114); // executed
											_t1436 =  *(_t1451 - 0xf0);
											_t1364 =  *(_t1451 - 0x108);
											if(_t1436 >=  *((intOrPtr*)(_t1364 + 4))) {
												L282:
												_push(0);
												_push(0);
												L281:
												RaiseException(0xc000008c, 1, ??, ??);
												goto L282;
											}
											E01311716(_t1212 + 0xa0,  *_t1364 +  *(_t1451 - 0xec) + 0x164, 0, 0xffffffff);
											if(_t1436 >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											E0134470C( *_t1364 +  *(_t1451 - 0xec) + 0x184, _t1212 + 0xbc);
											 *((intOrPtr*)(_t1212 + 0x9c)) =  *((intOrPtr*)(_t1451 - 0x100));
											if(_t1436 >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_t1439 =  *_t1364 +  *(_t1451 - 0xec) + 0xb4;
											if(E0132061F( *_t1364 +  *(_t1451 - 0xec) + 0xb4, 0x13a0f5e) != 0) {
												 *((char*)(_t1212 + 0x34)) = 0;
												if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1364 + 4))) {
													goto L282;
												}
												_t1452 = _t1452 - 0x1c;
												 *(_t1451 - 0xfc) = _t1452;
												E013116F0(_t1452,  *_t1364 +  *(_t1451 - 0xec) + 0xb4);
												 *((intOrPtr*)(_t1212 + 0x2c)) = E01333172(_t1212, _t1364, _t1439,  *_t1364 +  *(_t1451 - 0xec) + 0xb4);
											}
											if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_t1442 =  *_t1364 +  *(_t1451 - 0xec) + 0x98;
											if(E0132061F( *_t1364 +  *(_t1451 - 0xec) + 0x98, 0x13a0f5e) != 0) {
												if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1364 + 4))) {
													goto L282;
												}
												_t1452 = _t1452 - 0x1c;
												 *(_t1451 - 0xfc) = _t1452;
												E013116F0(_t1452,  *_t1364 +  *(_t1451 - 0xec) + 0x98);
												 *((intOrPtr*)(_t1212 + 0x30)) = E01333172(_t1212, _t1364, _t1442,  *_t1364 +  *(_t1451 - 0xec) + 0x98);
											}
											if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											if(E0132061F( *_t1364 +  *(_t1451 - 0xec) + 0x108, 0x13a0f5e) == 0) {
												E01311568(_t1212 + 0x54, __eflags, "Tahoma", E01375190("Tahoma"));
												_t1447 =  *(_t1451 - 0xec);
											} else {
												if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1364 + 4))) {
													goto L282;
												}
												_t1447 =  *(_t1451 - 0xec);
												E01311716(_t1212 + 0x54,  *_t1364 + _t1447 + 0x108, 0, 0xffffffff);
											}
											_t1323 =  *(_t1451 - 0xf0);
											if(_t1323 >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_t1133 =  *_t1364;
											if( *(_t1133 + _t1447 + 0x100) == 0xffffffff) {
												_t166 = _t1212 + 0x78;
												 *_t166 =  *(_t1212 + 0x78) | 0xffffffff;
												__eflags =  *_t166;
											} else {
												 *(_t1212 + 0x78) =  *(_t1133 + _t1447 + 0x100);
												 *((char*)(_t1212 + 0x7c)) = 0;
											}
											if(_t1323 >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_t1134 =  *_t1364;
											if( *((char*)(_t1134 + _t1447 + 0x104)) != 0) {
												 *((char*)(_t1212 + 0x74)) =  *((intOrPtr*)(_t1134 + _t1447 + 0x104));
												 *((char*)(_t1212 + 0x7c)) = 0;
											}
											if(_t1323 >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_t1135 =  *_t1364;
											if( *((char*)(_t1135 + _t1447 + 0x105)) != 0) {
												 *((char*)(_t1212 + 0x75)) =  *((intOrPtr*)(_t1135 + _t1447 + 0x105));
												 *((char*)(_t1212 + 0x7c)) = 0;
											}
											if(_t1323 >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_t1136 =  *_t1364;
											if( *((char*)(_t1136 + _t1447 + 0x106)) != 0) {
												 *((char*)(_t1212 + 0x76)) =  *((intOrPtr*)(_t1136 + _t1447 + 0x106));
												 *((char*)(_t1212 + 0x7c)) = 0;
											}
											if(_t1323 >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_t1324 = _t1212 + 0x80;
											E01311716(_t1212 + 0x80,  *_t1364 + _t1447 + 0x140, 0, 0xffffffff);
											if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_push( *( *_t1364 +  *(_t1451 - 0xec) + 0xec) & 0x000000ff);
											E01321318(_t1212, _t1324, _t1212);
											E013454B5(_t1451 - 0x10c,  *((intOrPtr*)(_t1451 - 0x100)) + 0x60c);
											_t1334 =  *(_t1451 - 0xf8) + 4;
											 *(_t1451 - 0x10c) = _t1334;
											_t1190 = _t1451 - 0x10c;
											L68:
											_t1396 =  *((intOrPtr*)(_t1451 - 0x100)) + 0x600;
											E013454B5(_t1190,  *((intOrPtr*)(_t1451 - 0x100)) + 0x600);
											_t1452 = _t1452 - 0x1c;
											 *(_t1451 - 0xfc) = _t1452;
											E013116F0(_t1452, _t1451 + 0x10);
											_t916 =  *(_t1451 - 0x108);
											_t1509 =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t916 + 4));
											if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t916 + 4))) {
												goto L282;
											}
											_push( *_t916 +  *(_t1451 - 0xec));
											_push(_t1334);
											E013318DF(_t1190,  *((intOrPtr*)(_t1451 - 0x100)), _t1334, _t1396, _t1509);
											L277:
											E0131AA87(_t1451 - 0x84, 1, 0);
											E0131AA87(_t1451 - 0x30, 1, 0);
											_t1176 =  *(_t1451 - 0x108);
											_t1370 = 0;
										}
									} else {
										if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
											break;
										}
										if( *((intOrPtr*)( *_t1176 +  *(_t1451 - 0xec) + 0xe0)) == _t1370) {
											goto L230;
										} else {
											goto L17;
										}
									}
								}
							}
						}
						E0131AA87(_t1451 - 0xcc, 1, _t1370);
						E01311524(_t1451 - 0xe8, 1, _t1370);
						 *((char*)(_t1451 - 4)) = 0;
						E01311524(_t1451 - 0x68, 1, _t1370);
						 *(_t1451 - 0xf0) =  *(_t1451 - 0xf0) + 1;
						_t770 =  *((intOrPtr*)(_t1176 + 4));
						if( *(_t1451 - 0xf0) < _t770) {
							continue;
						}
						goto L279;
					}
					_push(_t1370);
					_push(_t1370);
					goto L281;
				}
				L279:
				E01311524(_t1451 + 0x10, 1, _t1370);
				return E0137C2C5(_t1176, _t1334, _t1370);
			}




















































































































                                                                                                                                                                                                                                0x013318df
                                                                                                                                                                                                                                0x013318df
                                                                                                                                                                                                                                0x013318e9
                                                                                                                                                                                                                                0x013318f1
                                                                                                                                                                                                                                0x013318f4
                                                                                                                                                                                                                                0x013318f6
                                                                                                                                                                                                                                0x013318fc
                                                                                                                                                                                                                                0x01331902
                                                                                                                                                                                                                                0x01331908
                                                                                                                                                                                                                                0x0133190e
                                                                                                                                                                                                                                0x01331911
                                                                                                                                                                                                                                0x01331918
                                                                                                                                                                                                                                0x0133191a
                                                                                                                                                                                                                                0x0133191f
                                                                                                                                                                                                                                0x0133192a
                                                                                                                                                                                                                                0x01331934
                                                                                                                                                                                                                                0x01331934
                                                                                                                                                                                                                                0x01331939
                                                                                                                                                                                                                                0x0133193c
                                                                                                                                                                                                                                0x01331944
                                                                                                                                                                                                                                0x0133194a
                                                                                                                                                                                                                                0x0133194a
                                                                                                                                                                                                                                0x01331952
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331962
                                                                                                                                                                                                                                0x01331971
                                                                                                                                                                                                                                0x01331977
                                                                                                                                                                                                                                0x0133197c
                                                                                                                                                                                                                                0x01331984
                                                                                                                                                                                                                                0x01331987
                                                                                                                                                                                                                                0x01331989
                                                                                                                                                                                                                                0x0133198b
                                                                                                                                                                                                                                0x0133198e
                                                                                                                                                                                                                                0x0133198e
                                                                                                                                                                                                                                0x01331990
                                                                                                                                                                                                                                0x01331997
                                                                                                                                                                                                                                0x0133199a
                                                                                                                                                                                                                                0x0133199c
                                                                                                                                                                                                                                0x0133199c
                                                                                                                                                                                                                                0x013319a9
                                                                                                                                                                                                                                0x013319b4
                                                                                                                                                                                                                                0x013319ba
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013319c2
                                                                                                                                                                                                                                0x013319ca
                                                                                                                                                                                                                                0x013319dc
                                                                                                                                                                                                                                0x013319e1
                                                                                                                                                                                                                                0x013319ea
                                                                                                                                                                                                                                0x013319f7
                                                                                                                                                                                                                                0x01331a03
                                                                                                                                                                                                                                0x01331a0e
                                                                                                                                                                                                                                0x01331a15
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331a2d
                                                                                                                                                                                                                                0x01331a38
                                                                                                                                                                                                                                0x01331a43
                                                                                                                                                                                                                                0x01331a52
                                                                                                                                                                                                                                0x01331a65
                                                                                                                                                                                                                                0x01331a74
                                                                                                                                                                                                                                0x01331a96
                                                                                                                                                                                                                                0x01332d48
                                                                                                                                                                                                                                0x01332d4a
                                                                                                                                                                                                                                0x01332d51
                                                                                                                                                                                                                                0x01332d54
                                                                                                                                                                                                                                0x01332d5e
                                                                                                                                                                                                                                0x01332d62
                                                                                                                                                                                                                                0x01332d65
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332d73
                                                                                                                                                                                                                                0x01332d7d
                                                                                                                                                                                                                                0x01332d88
                                                                                                                                                                                                                                0x01332d8f
                                                                                                                                                                                                                                0x01332d95
                                                                                                                                                                                                                                0x01332d99
                                                                                                                                                                                                                                0x01332d9e
                                                                                                                                                                                                                                0x01332da1
                                                                                                                                                                                                                                0x01332dc0
                                                                                                                                                                                                                                0x01332dc5
                                                                                                                                                                                                                                0x01332dd4
                                                                                                                                                                                                                                0x01332dd7
                                                                                                                                                                                                                                0x01332dda
                                                                                                                                                                                                                                0x01332ddf
                                                                                                                                                                                                                                0x01332de2
                                                                                                                                                                                                                                0x01332de2
                                                                                                                                                                                                                                0x01332de2
                                                                                                                                                                                                                                0x01332de9
                                                                                                                                                                                                                                0x01332da3
                                                                                                                                                                                                                                0x01332daa
                                                                                                                                                                                                                                0x01332dac
                                                                                                                                                                                                                                0x01332db1
                                                                                                                                                                                                                                0x01332db5
                                                                                                                                                                                                                                0x01332db5
                                                                                                                                                                                                                                0x01332df0
                                                                                                                                                                                                                                0x01332df5
                                                                                                                                                                                                                                0x01332dfc
                                                                                                                                                                                                                                0x01332dfe
                                                                                                                                                                                                                                0x01332dfe
                                                                                                                                                                                                                                0x01332dfe
                                                                                                                                                                                                                                0x01332e0c
                                                                                                                                                                                                                                0x01332e0c
                                                                                                                                                                                                                                0x01332e11
                                                                                                                                                                                                                                0x01332e18
                                                                                                                                                                                                                                0x01332e1f
                                                                                                                                                                                                                                0x01332e21
                                                                                                                                                                                                                                0x01332e21
                                                                                                                                                                                                                                0x01332e21
                                                                                                                                                                                                                                0x01332e32
                                                                                                                                                                                                                                0x01332e32
                                                                                                                                                                                                                                0x01332e39
                                                                                                                                                                                                                                0x01332e3e
                                                                                                                                                                                                                                0x01332e3f
                                                                                                                                                                                                                                0x01332e45
                                                                                                                                                                                                                                0x01332e49
                                                                                                                                                                                                                                0x01332e4b
                                                                                                                                                                                                                                0x01332e57
                                                                                                                                                                                                                                0x01332e57
                                                                                                                                                                                                                                0x01332e4d
                                                                                                                                                                                                                                0x01332e4d
                                                                                                                                                                                                                                0x01332e53
                                                                                                                                                                                                                                0x01332e53
                                                                                                                                                                                                                                0x01332e59
                                                                                                                                                                                                                                0x01332e5a
                                                                                                                                                                                                                                0x01332e60
                                                                                                                                                                                                                                0x01332e63
                                                                                                                                                                                                                                0x01332e67
                                                                                                                                                                                                                                0x01332e6a
                                                                                                                                                                                                                                0x01332e70
                                                                                                                                                                                                                                0x01332e72
                                                                                                                                                                                                                                0x01332e72
                                                                                                                                                                                                                                0x01332e75
                                                                                                                                                                                                                                0x01332e76
                                                                                                                                                                                                                                0x01332e7f
                                                                                                                                                                                                                                0x01332e87
                                                                                                                                                                                                                                0x01332e8d
                                                                                                                                                                                                                                0x01332e91
                                                                                                                                                                                                                                0x01332e96
                                                                                                                                                                                                                                0x01332e98
                                                                                                                                                                                                                                0x01332ea5
                                                                                                                                                                                                                                0x01332ea5
                                                                                                                                                                                                                                0x01332ea5
                                                                                                                                                                                                                                0x01332e9a
                                                                                                                                                                                                                                0x01332e9a
                                                                                                                                                                                                                                0x01332e9d
                                                                                                                                                                                                                                0x01332e9d
                                                                                                                                                                                                                                0x01332ebe
                                                                                                                                                                                                                                0x01332ec3
                                                                                                                                                                                                                                0x01332ec5
                                                                                                                                                                                                                                0x01332ed2
                                                                                                                                                                                                                                0x01332ed2
                                                                                                                                                                                                                                0x01332ed2
                                                                                                                                                                                                                                0x01332ec7
                                                                                                                                                                                                                                0x01332ec7
                                                                                                                                                                                                                                0x01332eca
                                                                                                                                                                                                                                0x01332eca
                                                                                                                                                                                                                                0x01332ed9
                                                                                                                                                                                                                                0x01332ee1
                                                                                                                                                                                                                                0x01332ee8
                                                                                                                                                                                                                                0x01332eed
                                                                                                                                                                                                                                0x01332ef3
                                                                                                                                                                                                                                0x01332ef9
                                                                                                                                                                                                                                0x01332efc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332f10
                                                                                                                                                                                                                                0x01332f11
                                                                                                                                                                                                                                0x01332f17
                                                                                                                                                                                                                                0x01332f1c
                                                                                                                                                                                                                                0x01332f1f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332f32
                                                                                                                                                                                                                                0x01332f38
                                                                                                                                                                                                                                0x01332f3d
                                                                                                                                                                                                                                0x01332f3f
                                                                                                                                                                                                                                0x01332f47
                                                                                                                                                                                                                                0x01332f4b
                                                                                                                                                                                                                                0x01332f4e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332f5c
                                                                                                                                                                                                                                0x01332f5f
                                                                                                                                                                                                                                0x01332f66
                                                                                                                                                                                                                                0x01332f6d
                                                                                                                                                                                                                                0x01332f77
                                                                                                                                                                                                                                0x01332f77
                                                                                                                                                                                                                                0x01332f80
                                                                                                                                                                                                                                0x01332f83
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332f9c
                                                                                                                                                                                                                                0x01332fa1
                                                                                                                                                                                                                                0x01332fa3
                                                                                                                                                                                                                                0x01332fde
                                                                                                                                                                                                                                0x01332fa5
                                                                                                                                                                                                                                0x01332fab
                                                                                                                                                                                                                                0x01332fae
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332fb6
                                                                                                                                                                                                                                0x01332fbc
                                                                                                                                                                                                                                0x01332fc8
                                                                                                                                                                                                                                0x01332fcf
                                                                                                                                                                                                                                0x01332fd9
                                                                                                                                                                                                                                0x01332fd9
                                                                                                                                                                                                                                0x01332fe4
                                                                                                                                                                                                                                0x01332fea
                                                                                                                                                                                                                                0x01332fed
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332ff3
                                                                                                                                                                                                                                0x01332ff5
                                                                                                                                                                                                                                0x01332ffd
                                                                                                                                                                                                                                0x0133300f
                                                                                                                                                                                                                                0x0133300f
                                                                                                                                                                                                                                0x0133300f
                                                                                                                                                                                                                                0x01332fff
                                                                                                                                                                                                                                0x01333006
                                                                                                                                                                                                                                0x01333009
                                                                                                                                                                                                                                0x01333009
                                                                                                                                                                                                                                0x01333013
                                                                                                                                                                                                                                0x01333016
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133301c
                                                                                                                                                                                                                                0x0133301e
                                                                                                                                                                                                                                0x01333026
                                                                                                                                                                                                                                0x0133302f
                                                                                                                                                                                                                                0x01333032
                                                                                                                                                                                                                                0x01333032
                                                                                                                                                                                                                                0x01333036
                                                                                                                                                                                                                                0x01333039
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133303f
                                                                                                                                                                                                                                0x01333041
                                                                                                                                                                                                                                0x01333049
                                                                                                                                                                                                                                0x01333052
                                                                                                                                                                                                                                0x01333055
                                                                                                                                                                                                                                0x01333055
                                                                                                                                                                                                                                0x01333059
                                                                                                                                                                                                                                0x0133305c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01333062
                                                                                                                                                                                                                                0x01333064
                                                                                                                                                                                                                                0x0133306c
                                                                                                                                                                                                                                0x01333075
                                                                                                                                                                                                                                0x01333078
                                                                                                                                                                                                                                0x01333078
                                                                                                                                                                                                                                0x0133307c
                                                                                                                                                                                                                                0x0133307f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01333098
                                                                                                                                                                                                                                0x0133309d
                                                                                                                                                                                                                                0x0133309f
                                                                                                                                                                                                                                0x013330d7
                                                                                                                                                                                                                                0x013330df
                                                                                                                                                                                                                                0x013330e2
                                                                                                                                                                                                                                0x013330a1
                                                                                                                                                                                                                                0x013330a7
                                                                                                                                                                                                                                0x013330aa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013330c3
                                                                                                                                                                                                                                0x013330c6
                                                                                                                                                                                                                                0x013330cb
                                                                                                                                                                                                                                0x013330cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331a9c
                                                                                                                                                                                                                                0x01331ab8
                                                                                                                                                                                                                                0x01331add
                                                                                                                                                                                                                                0x01331aea
                                                                                                                                                                                                                                0x01331af2
                                                                                                                                                                                                                                0x01331af7
                                                                                                                                                                                                                                0x01331af9
                                                                                                                                                                                                                                0x01331fe8
                                                                                                                                                                                                                                0x01331ff5
                                                                                                                                                                                                                                0x01331ff7
                                                                                                                                                                                                                                0x013324e3
                                                                                                                                                                                                                                0x013324e8
                                                                                                                                                                                                                                0x013324ea
                                                                                                                                                                                                                                0x0133298d
                                                                                                                                                                                                                                0x0133299a
                                                                                                                                                                                                                                0x013329a7
                                                                                                                                                                                                                                0x013329a9
                                                                                                                                                                                                                                0x013329af
                                                                                                                                                                                                                                0x013329b4
                                                                                                                                                                                                                                0x013329ba
                                                                                                                                                                                                                                0x013329c0
                                                                                                                                                                                                                                0x013329c4
                                                                                                                                                                                                                                0x013329c6
                                                                                                                                                                                                                                0x013329d6
                                                                                                                                                                                                                                0x013329c8
                                                                                                                                                                                                                                0x013329c8
                                                                                                                                                                                                                                0x013329ce
                                                                                                                                                                                                                                0x013329ce
                                                                                                                                                                                                                                0x013329de
                                                                                                                                                                                                                                0x013329e5
                                                                                                                                                                                                                                0x013329e8
                                                                                                                                                                                                                                0x013329f2
                                                                                                                                                                                                                                0x013329f6
                                                                                                                                                                                                                                0x013329f9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332a07
                                                                                                                                                                                                                                0x01332a11
                                                                                                                                                                                                                                0x01332a21
                                                                                                                                                                                                                                0x01332a26
                                                                                                                                                                                                                                0x01332a2c
                                                                                                                                                                                                                                0x01332a32
                                                                                                                                                                                                                                0x01332a37
                                                                                                                                                                                                                                0x01332a3a
                                                                                                                                                                                                                                0x01332a64
                                                                                                                                                                                                                                0x01332a73
                                                                                                                                                                                                                                0x01332a7a
                                                                                                                                                                                                                                0x01332a7d
                                                                                                                                                                                                                                0x01332a82
                                                                                                                                                                                                                                0x01332a89
                                                                                                                                                                                                                                0x01332a89
                                                                                                                                                                                                                                0x01332a89
                                                                                                                                                                                                                                0x01332a93
                                                                                                                                                                                                                                0x01332a3c
                                                                                                                                                                                                                                0x01332a49
                                                                                                                                                                                                                                0x01332a4e
                                                                                                                                                                                                                                0x01332a52
                                                                                                                                                                                                                                0x01332a5c
                                                                                                                                                                                                                                0x01332a5c
                                                                                                                                                                                                                                0x01332a9a
                                                                                                                                                                                                                                0x01332a9f
                                                                                                                                                                                                                                0x01332aa9
                                                                                                                                                                                                                                0x01332aab
                                                                                                                                                                                                                                0x01332aab
                                                                                                                                                                                                                                0x01332aab
                                                                                                                                                                                                                                0x01332abb
                                                                                                                                                                                                                                0x01332abb
                                                                                                                                                                                                                                0x01332ac0
                                                                                                                                                                                                                                0x01332ac7
                                                                                                                                                                                                                                0x01332ad1
                                                                                                                                                                                                                                0x01332ad3
                                                                                                                                                                                                                                0x01332ad3
                                                                                                                                                                                                                                0x01332ad3
                                                                                                                                                                                                                                0x01332ae6
                                                                                                                                                                                                                                0x01332ae6
                                                                                                                                                                                                                                0x01332af1
                                                                                                                                                                                                                                0x01332af4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332b07
                                                                                                                                                                                                                                0x01332b0d
                                                                                                                                                                                                                                0x01332b12
                                                                                                                                                                                                                                0x01332b14
                                                                                                                                                                                                                                0x01332b53
                                                                                                                                                                                                                                0x01332b16
                                                                                                                                                                                                                                0x01332b1c
                                                                                                                                                                                                                                0x01332b1f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332b2d
                                                                                                                                                                                                                                0x01332b37
                                                                                                                                                                                                                                0x01332b3e
                                                                                                                                                                                                                                0x01332b43
                                                                                                                                                                                                                                0x01332b48
                                                                                                                                                                                                                                0x01332b4e
                                                                                                                                                                                                                                0x01332b4e
                                                                                                                                                                                                                                0x01332b59
                                                                                                                                                                                                                                0x01332b5f
                                                                                                                                                                                                                                0x01332b62
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332b68
                                                                                                                                                                                                                                0x01332b6a
                                                                                                                                                                                                                                0x01332b70
                                                                                                                                                                                                                                0x01332b78
                                                                                                                                                                                                                                0x01332b8a
                                                                                                                                                                                                                                0x01332b8a
                                                                                                                                                                                                                                0x01332b8a
                                                                                                                                                                                                                                0x01332b7a
                                                                                                                                                                                                                                0x01332b81
                                                                                                                                                                                                                                0x01332b84
                                                                                                                                                                                                                                0x01332b84
                                                                                                                                                                                                                                0x01332b8e
                                                                                                                                                                                                                                0x01332b91
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332b97
                                                                                                                                                                                                                                0x01332b99
                                                                                                                                                                                                                                0x01332ba1
                                                                                                                                                                                                                                0x01332baa
                                                                                                                                                                                                                                0x01332bad
                                                                                                                                                                                                                                0x01332bad
                                                                                                                                                                                                                                0x01332bb1
                                                                                                                                                                                                                                0x01332bb4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332bba
                                                                                                                                                                                                                                0x01332bbc
                                                                                                                                                                                                                                0x01332bc4
                                                                                                                                                                                                                                0x01332bcd
                                                                                                                                                                                                                                0x01332bd0
                                                                                                                                                                                                                                0x01332bd0
                                                                                                                                                                                                                                0x01332bd4
                                                                                                                                                                                                                                0x01332bd7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332bdd
                                                                                                                                                                                                                                0x01332bdf
                                                                                                                                                                                                                                0x01332be7
                                                                                                                                                                                                                                0x01332bf0
                                                                                                                                                                                                                                0x01332bf3
                                                                                                                                                                                                                                0x01332bf3
                                                                                                                                                                                                                                0x01332bf7
                                                                                                                                                                                                                                0x01332bfa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332c13
                                                                                                                                                                                                                                0x01332c18
                                                                                                                                                                                                                                0x01332c1a
                                                                                                                                                                                                                                0x01332c5c
                                                                                                                                                                                                                                0x01332c61
                                                                                                                                                                                                                                0x01332c1c
                                                                                                                                                                                                                                0x01332c1c
                                                                                                                                                                                                                                0x01332c22
                                                                                                                                                                                                                                0x01332c25
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332c40
                                                                                                                                                                                                                                0x01332c45
                                                                                                                                                                                                                                0x01332c45
                                                                                                                                                                                                                                0x01332c67
                                                                                                                                                                                                                                0x01332c6a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332c72
                                                                                                                                                                                                                                0x01332c7f
                                                                                                                                                                                                                                0x01332c85
                                                                                                                                                                                                                                0x01332c88
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332c97
                                                                                                                                                                                                                                0x01332c9d
                                                                                                                                                                                                                                0x01332ca0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332ca8
                                                                                                                                                                                                                                0x01332caf
                                                                                                                                                                                                                                0x01332cb5
                                                                                                                                                                                                                                0x01332cb8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332cc2
                                                                                                                                                                                                                                0x01332cc8
                                                                                                                                                                                                                                0x01332cce
                                                                                                                                                                                                                                0x01332cd3
                                                                                                                                                                                                                                0x01332cd5
                                                                                                                                                                                                                                0x01332cd7
                                                                                                                                                                                                                                0x01332cd7
                                                                                                                                                                                                                                0x01332cd7
                                                                                                                                                                                                                                0x01332cda
                                                                                                                                                                                                                                0x01332ce1
                                                                                                                                                                                                                                0x01332ce3
                                                                                                                                                                                                                                0x01332ce3
                                                                                                                                                                                                                                0x01332ce3
                                                                                                                                                                                                                                0x01332ce9
                                                                                                                                                                                                                                0x01332cf0
                                                                                                                                                                                                                                0x01332cf2
                                                                                                                                                                                                                                0x01332cf2
                                                                                                                                                                                                                                0x01332cf2
                                                                                                                                                                                                                                0x01332cf8
                                                                                                                                                                                                                                0x01332cfa
                                                                                                                                                                                                                                0x01332cfc
                                                                                                                                                                                                                                0x01332cfc
                                                                                                                                                                                                                                0x01332cfc
                                                                                                                                                                                                                                0x01332d02
                                                                                                                                                                                                                                0x01332d05
                                                                                                                                                                                                                                0x01332d08
                                                                                                                                                                                                                                0x01332d0c
                                                                                                                                                                                                                                0x01332d0f
                                                                                                                                                                                                                                0x01332d15
                                                                                                                                                                                                                                0x01332d17
                                                                                                                                                                                                                                0x01332d17
                                                                                                                                                                                                                                0x01332d1a
                                                                                                                                                                                                                                0x01332d1b
                                                                                                                                                                                                                                0x01332d1c
                                                                                                                                                                                                                                0x01332d25
                                                                                                                                                                                                                                0x01332d2d
                                                                                                                                                                                                                                0x01332d33
                                                                                                                                                                                                                                0x01332d37
                                                                                                                                                                                                                                0x01332d3e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332d3e
                                                                                                                                                                                                                                0x013324f0
                                                                                                                                                                                                                                0x013324f0
                                                                                                                                                                                                                                0x013324f6
                                                                                                                                                                                                                                0x013324f9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332507
                                                                                                                                                                                                                                0x0133250d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332513
                                                                                                                                                                                                                                0x01332513
                                                                                                                                                                                                                                0x01332518
                                                                                                                                                                                                                                0x0133251e
                                                                                                                                                                                                                                0x01332524
                                                                                                                                                                                                                                0x01332528
                                                                                                                                                                                                                                0x0133252a
                                                                                                                                                                                                                                0x0133253a
                                                                                                                                                                                                                                0x0133252c
                                                                                                                                                                                                                                0x0133252c
                                                                                                                                                                                                                                0x01332532
                                                                                                                                                                                                                                0x01332532
                                                                                                                                                                                                                                0x01332546
                                                                                                                                                                                                                                0x0133254e
                                                                                                                                                                                                                                0x01332555
                                                                                                                                                                                                                                0x01332558
                                                                                                                                                                                                                                0x0133255c
                                                                                                                                                                                                                                0x01332560
                                                                                                                                                                                                                                0x01332563
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332571
                                                                                                                                                                                                                                0x0133257b
                                                                                                                                                                                                                                0x0133258d
                                                                                                                                                                                                                                0x01332593
                                                                                                                                                                                                                                0x01332597
                                                                                                                                                                                                                                0x0133259c
                                                                                                                                                                                                                                0x0133259f
                                                                                                                                                                                                                                0x013325c0
                                                                                                                                                                                                                                0x013325cf
                                                                                                                                                                                                                                0x013325d6
                                                                                                                                                                                                                                0x013325d9
                                                                                                                                                                                                                                0x013325de
                                                                                                                                                                                                                                0x013325e5
                                                                                                                                                                                                                                0x013325e5
                                                                                                                                                                                                                                0x013325e5
                                                                                                                                                                                                                                0x013325ef
                                                                                                                                                                                                                                0x013325a1
                                                                                                                                                                                                                                0x013325aa
                                                                                                                                                                                                                                0x013325af
                                                                                                                                                                                                                                0x013325b3
                                                                                                                                                                                                                                0x013325b3
                                                                                                                                                                                                                                0x013325f6
                                                                                                                                                                                                                                0x013325fb
                                                                                                                                                                                                                                0x01332602
                                                                                                                                                                                                                                0x01332604
                                                                                                                                                                                                                                0x01332604
                                                                                                                                                                                                                                0x01332604
                                                                                                                                                                                                                                0x01332615
                                                                                                                                                                                                                                0x01332615
                                                                                                                                                                                                                                0x0133261a
                                                                                                                                                                                                                                0x01332621
                                                                                                                                                                                                                                0x01332628
                                                                                                                                                                                                                                0x0133262a
                                                                                                                                                                                                                                0x0133262a
                                                                                                                                                                                                                                0x0133262a
                                                                                                                                                                                                                                0x0133263b
                                                                                                                                                                                                                                0x0133263b
                                                                                                                                                                                                                                0x01332640
                                                                                                                                                                                                                                0x01332645
                                                                                                                                                                                                                                0x01332649
                                                                                                                                                                                                                                0x0133264b
                                                                                                                                                                                                                                0x0133264b
                                                                                                                                                                                                                                0x01332654
                                                                                                                                                                                                                                0x01332656
                                                                                                                                                                                                                                0x0133265c
                                                                                                                                                                                                                                0x0133265e
                                                                                                                                                                                                                                0x0133265e
                                                                                                                                                                                                                                0x01332664
                                                                                                                                                                                                                                0x01332679
                                                                                                                                                                                                                                0x0133267e
                                                                                                                                                                                                                                0x01332681
                                                                                                                                                                                                                                0x01332684
                                                                                                                                                                                                                                0x01332686
                                                                                                                                                                                                                                0x0133268a
                                                                                                                                                                                                                                0x013326a0
                                                                                                                                                                                                                                0x013326a5
                                                                                                                                                                                                                                0x013326b0
                                                                                                                                                                                                                                0x013326b2
                                                                                                                                                                                                                                0x013326b3
                                                                                                                                                                                                                                0x013326ba
                                                                                                                                                                                                                                0x013326bd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013326cb
                                                                                                                                                                                                                                0x013326d5
                                                                                                                                                                                                                                0x013326dc
                                                                                                                                                                                                                                0x013326e7
                                                                                                                                                                                                                                0x013326e8
                                                                                                                                                                                                                                0x013326ed
                                                                                                                                                                                                                                0x013326f0
                                                                                                                                                                                                                                0x013326f4
                                                                                                                                                                                                                                0x013326f8
                                                                                                                                                                                                                                0x013326fa
                                                                                                                                                                                                                                0x013326fa
                                                                                                                                                                                                                                0x013326fc
                                                                                                                                                                                                                                0x01332702
                                                                                                                                                                                                                                0x01332703
                                                                                                                                                                                                                                0x01332704
                                                                                                                                                                                                                                0x01332713
                                                                                                                                                                                                                                0x01332717
                                                                                                                                                                                                                                0x0133271c
                                                                                                                                                                                                                                0x0133271e
                                                                                                                                                                                                                                0x0133272b
                                                                                                                                                                                                                                0x0133272b
                                                                                                                                                                                                                                0x0133272b
                                                                                                                                                                                                                                0x01332720
                                                                                                                                                                                                                                0x01332723
                                                                                                                                                                                                                                0x01332723
                                                                                                                                                                                                                                0x01332744
                                                                                                                                                                                                                                0x01332749
                                                                                                                                                                                                                                0x0133274f
                                                                                                                                                                                                                                0x01332751
                                                                                                                                                                                                                                0x0133275e
                                                                                                                                                                                                                                0x0133275e
                                                                                                                                                                                                                                0x0133275e
                                                                                                                                                                                                                                0x01332753
                                                                                                                                                                                                                                0x01332756
                                                                                                                                                                                                                                0x01332756
                                                                                                                                                                                                                                0x01332765
                                                                                                                                                                                                                                0x0133276d
                                                                                                                                                                                                                                0x01332774
                                                                                                                                                                                                                                0x01332779
                                                                                                                                                                                                                                0x0133277f
                                                                                                                                                                                                                                0x01332782
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332796
                                                                                                                                                                                                                                0x01332797
                                                                                                                                                                                                                                0x0133279d
                                                                                                                                                                                                                                0x013327a2
                                                                                                                                                                                                                                0x013327a5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013327b8
                                                                                                                                                                                                                                0x013327be
                                                                                                                                                                                                                                0x013327c3
                                                                                                                                                                                                                                0x013327c5
                                                                                                                                                                                                                                0x013327cd
                                                                                                                                                                                                                                0x013327d1
                                                                                                                                                                                                                                0x013327d4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013327e2
                                                                                                                                                                                                                                0x013327e5
                                                                                                                                                                                                                                0x013327ec
                                                                                                                                                                                                                                0x013327f3
                                                                                                                                                                                                                                0x013327fd
                                                                                                                                                                                                                                0x013327fd
                                                                                                                                                                                                                                0x01332806
                                                                                                                                                                                                                                0x01332809
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332822
                                                                                                                                                                                                                                0x01332827
                                                                                                                                                                                                                                0x01332829
                                                                                                                                                                                                                                0x01332868
                                                                                                                                                                                                                                0x0133286e
                                                                                                                                                                                                                                0x0133282b
                                                                                                                                                                                                                                0x01332831
                                                                                                                                                                                                                                0x01332834
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133283c
                                                                                                                                                                                                                                0x01332842
                                                                                                                                                                                                                                0x0133284e
                                                                                                                                                                                                                                0x01332855
                                                                                                                                                                                                                                0x0133285f
                                                                                                                                                                                                                                0x01332862
                                                                                                                                                                                                                                0x01332862
                                                                                                                                                                                                                                0x01332872
                                                                                                                                                                                                                                0x01332878
                                                                                                                                                                                                                                0x0133287b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332881
                                                                                                                                                                                                                                0x01332883
                                                                                                                                                                                                                                0x0133288b
                                                                                                                                                                                                                                0x01332899
                                                                                                                                                                                                                                0x01332899
                                                                                                                                                                                                                                0x01332899
                                                                                                                                                                                                                                0x0133288d
                                                                                                                                                                                                                                0x01332894
                                                                                                                                                                                                                                0x01332894
                                                                                                                                                                                                                                0x0133289d
                                                                                                                                                                                                                                0x013328a0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013328a6
                                                                                                                                                                                                                                0x013328a8
                                                                                                                                                                                                                                0x013328b0
                                                                                                                                                                                                                                0x013328b9
                                                                                                                                                                                                                                0x013328bc
                                                                                                                                                                                                                                0x013328bc
                                                                                                                                                                                                                                0x013328c0
                                                                                                                                                                                                                                0x013328c3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013328c9
                                                                                                                                                                                                                                0x013328cb
                                                                                                                                                                                                                                0x013328d3
                                                                                                                                                                                                                                0x013328dc
                                                                                                                                                                                                                                0x013328df
                                                                                                                                                                                                                                0x013328df
                                                                                                                                                                                                                                0x013328e3
                                                                                                                                                                                                                                0x013328e6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013328ec
                                                                                                                                                                                                                                0x013328ee
                                                                                                                                                                                                                                0x013328f6
                                                                                                                                                                                                                                0x013328ff
                                                                                                                                                                                                                                0x01332902
                                                                                                                                                                                                                                0x01332902
                                                                                                                                                                                                                                0x01332906
                                                                                                                                                                                                                                0x01332909
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332922
                                                                                                                                                                                                                                0x01332927
                                                                                                                                                                                                                                0x01332929
                                                                                                                                                                                                                                0x0133296c
                                                                                                                                                                                                                                0x0133292b
                                                                                                                                                                                                                                0x01332931
                                                                                                                                                                                                                                0x01332934
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332950
                                                                                                                                                                                                                                0x01332955
                                                                                                                                                                                                                                0x01332955
                                                                                                                                                                                                                                0x01332983
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332983
                                                                                                                                                                                                                                0x0133250d
                                                                                                                                                                                                                                0x01331ffd
                                                                                                                                                                                                                                0x01331ffd
                                                                                                                                                                                                                                0x01332002
                                                                                                                                                                                                                                0x01332008
                                                                                                                                                                                                                                0x0133200e
                                                                                                                                                                                                                                0x01332012
                                                                                                                                                                                                                                0x01332014
                                                                                                                                                                                                                                0x01332024
                                                                                                                                                                                                                                0x01332016
                                                                                                                                                                                                                                0x01332016
                                                                                                                                                                                                                                0x0133201c
                                                                                                                                                                                                                                0x0133201c
                                                                                                                                                                                                                                0x01332030
                                                                                                                                                                                                                                0x01332038
                                                                                                                                                                                                                                0x0133203f
                                                                                                                                                                                                                                0x01332042
                                                                                                                                                                                                                                0x0133204c
                                                                                                                                                                                                                                0x01332050
                                                                                                                                                                                                                                0x01332053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332061
                                                                                                                                                                                                                                0x0133206b
                                                                                                                                                                                                                                0x0133207b
                                                                                                                                                                                                                                0x01332080
                                                                                                                                                                                                                                0x01332086
                                                                                                                                                                                                                                0x0133208c
                                                                                                                                                                                                                                0x01332091
                                                                                                                                                                                                                                0x01332094
                                                                                                                                                                                                                                0x013320bb
                                                                                                                                                                                                                                0x013320ca
                                                                                                                                                                                                                                0x013320d1
                                                                                                                                                                                                                                0x013320d4
                                                                                                                                                                                                                                0x013320d9
                                                                                                                                                                                                                                0x013320e0
                                                                                                                                                                                                                                0x013320e0
                                                                                                                                                                                                                                0x013320e0
                                                                                                                                                                                                                                0x013320e7
                                                                                                                                                                                                                                0x01332096
                                                                                                                                                                                                                                0x013320a3
                                                                                                                                                                                                                                0x013320a8
                                                                                                                                                                                                                                0x013320ac
                                                                                                                                                                                                                                0x013320b3
                                                                                                                                                                                                                                0x013320b3
                                                                                                                                                                                                                                0x013320ee
                                                                                                                                                                                                                                0x013320f3
                                                                                                                                                                                                                                0x013320fa
                                                                                                                                                                                                                                0x013320fc
                                                                                                                                                                                                                                0x013320fc
                                                                                                                                                                                                                                0x013320fc
                                                                                                                                                                                                                                0x01332109
                                                                                                                                                                                                                                0x01332109
                                                                                                                                                                                                                                0x0133210e
                                                                                                                                                                                                                                0x01332115
                                                                                                                                                                                                                                0x0133211c
                                                                                                                                                                                                                                0x0133211e
                                                                                                                                                                                                                                0x0133211e
                                                                                                                                                                                                                                0x0133211e
                                                                                                                                                                                                                                0x0133212e
                                                                                                                                                                                                                                0x0133212e
                                                                                                                                                                                                                                0x01332133
                                                                                                                                                                                                                                0x01332139
                                                                                                                                                                                                                                0x0133213c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133215a
                                                                                                                                                                                                                                0x0133215f
                                                                                                                                                                                                                                0x01332162
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133217b
                                                                                                                                                                                                                                0x01332181
                                                                                                                                                                                                                                0x01332184
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332197
                                                                                                                                                                                                                                0x0133219d
                                                                                                                                                                                                                                0x013321a2
                                                                                                                                                                                                                                0x013321a8
                                                                                                                                                                                                                                0x013321aa
                                                                                                                                                                                                                                0x013321b2
                                                                                                                                                                                                                                0x013321b6
                                                                                                                                                                                                                                0x013321b9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013321c7
                                                                                                                                                                                                                                0x013321ca
                                                                                                                                                                                                                                0x013321d1
                                                                                                                                                                                                                                0x013321d8
                                                                                                                                                                                                                                0x013321e2
                                                                                                                                                                                                                                0x013321e2
                                                                                                                                                                                                                                0x013321eb
                                                                                                                                                                                                                                0x013321ee
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332207
                                                                                                                                                                                                                                0x0133220c
                                                                                                                                                                                                                                0x0133220e
                                                                                                                                                                                                                                0x01332249
                                                                                                                                                                                                                                0x01332210
                                                                                                                                                                                                                                0x01332216
                                                                                                                                                                                                                                0x01332219
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332221
                                                                                                                                                                                                                                0x01332227
                                                                                                                                                                                                                                0x01332233
                                                                                                                                                                                                                                0x0133223a
                                                                                                                                                                                                                                0x01332244
                                                                                                                                                                                                                                0x01332244
                                                                                                                                                                                                                                0x0133224f
                                                                                                                                                                                                                                0x01332255
                                                                                                                                                                                                                                0x01332258
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133225e
                                                                                                                                                                                                                                0x01332260
                                                                                                                                                                                                                                0x01332268
                                                                                                                                                                                                                                0x01332280
                                                                                                                                                                                                                                0x01332280
                                                                                                                                                                                                                                0x01332280
                                                                                                                                                                                                                                0x0133226a
                                                                                                                                                                                                                                0x01332271
                                                                                                                                                                                                                                0x01332277
                                                                                                                                                                                                                                0x01332277
                                                                                                                                                                                                                                0x01332287
                                                                                                                                                                                                                                0x0133228a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332290
                                                                                                                                                                                                                                0x01332292
                                                                                                                                                                                                                                0x0133229a
                                                                                                                                                                                                                                0x013322a3
                                                                                                                                                                                                                                0x013322a9
                                                                                                                                                                                                                                0x013322a9
                                                                                                                                                                                                                                0x013322b0
                                                                                                                                                                                                                                0x013322b3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013322b9
                                                                                                                                                                                                                                0x013322bb
                                                                                                                                                                                                                                0x013322c3
                                                                                                                                                                                                                                0x013322cc
                                                                                                                                                                                                                                0x013322d2
                                                                                                                                                                                                                                0x013322d2
                                                                                                                                                                                                                                0x013322d9
                                                                                                                                                                                                                                0x013322dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013322e2
                                                                                                                                                                                                                                0x013322e4
                                                                                                                                                                                                                                0x013322ec
                                                                                                                                                                                                                                0x013322f5
                                                                                                                                                                                                                                0x013322fb
                                                                                                                                                                                                                                0x013322fb
                                                                                                                                                                                                                                0x01332302
                                                                                                                                                                                                                                0x01332305
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133231e
                                                                                                                                                                                                                                0x01332323
                                                                                                                                                                                                                                0x01332325
                                                                                                                                                                                                                                0x01332372
                                                                                                                                                                                                                                0x01332377
                                                                                                                                                                                                                                0x01332377
                                                                                                                                                                                                                                0x01332327
                                                                                                                                                                                                                                0x0133232d
                                                                                                                                                                                                                                0x01332330
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332340
                                                                                                                                                                                                                                0x01332350
                                                                                                                                                                                                                                0x01332355
                                                                                                                                                                                                                                0x01332355
                                                                                                                                                                                                                                0x01332386
                                                                                                                                                                                                                                0x0133238b
                                                                                                                                                                                                                                0x0133238f
                                                                                                                                                                                                                                0x01332392
                                                                                                                                                                                                                                0x01332394
                                                                                                                                                                                                                                0x01332394
                                                                                                                                                                                                                                0x0133239f
                                                                                                                                                                                                                                0x013323a5
                                                                                                                                                                                                                                0x013323ab
                                                                                                                                                                                                                                0x013323ad
                                                                                                                                                                                                                                0x013323ad
                                                                                                                                                                                                                                0x013323b3
                                                                                                                                                                                                                                0x013323c2
                                                                                                                                                                                                                                0x013323c7
                                                                                                                                                                                                                                0x013323ca
                                                                                                                                                                                                                                0x013323cd
                                                                                                                                                                                                                                0x013323cf
                                                                                                                                                                                                                                0x013323d1
                                                                                                                                                                                                                                0x013323d1
                                                                                                                                                                                                                                0x013323d1
                                                                                                                                                                                                                                0x013323ed
                                                                                                                                                                                                                                0x013323f2
                                                                                                                                                                                                                                0x01332400
                                                                                                                                                                                                                                0x01332412
                                                                                                                                                                                                                                0x01332417
                                                                                                                                                                                                                                0x0133241d
                                                                                                                                                                                                                                0x01332423
                                                                                                                                                                                                                                0x01332426
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332444
                                                                                                                                                                                                                                0x01332449
                                                                                                                                                                                                                                0x0133244c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332460
                                                                                                                                                                                                                                0x01332466
                                                                                                                                                                                                                                0x01332469
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332482
                                                                                                                                                                                                                                0x01332487
                                                                                                                                                                                                                                0x0133248a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133249e
                                                                                                                                                                                                                                0x013324a9
                                                                                                                                                                                                                                0x013324b5
                                                                                                                                                                                                                                0x013324ba
                                                                                                                                                                                                                                0x013324ba
                                                                                                                                                                                                                                0x013324bd
                                                                                                                                                                                                                                0x013324c3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013324c3
                                                                                                                                                                                                                                0x01331aff
                                                                                                                                                                                                                                0x01331aff
                                                                                                                                                                                                                                0x01331b04
                                                                                                                                                                                                                                0x01331b0a
                                                                                                                                                                                                                                0x01331b10
                                                                                                                                                                                                                                0x01331b14
                                                                                                                                                                                                                                0x01331b16
                                                                                                                                                                                                                                0x01331b26
                                                                                                                                                                                                                                0x01331b18
                                                                                                                                                                                                                                0x01331b18
                                                                                                                                                                                                                                0x01331b1e
                                                                                                                                                                                                                                0x01331b1e
                                                                                                                                                                                                                                0x01331b32
                                                                                                                                                                                                                                0x01331b3a
                                                                                                                                                                                                                                0x01331b41
                                                                                                                                                                                                                                0x01331b44
                                                                                                                                                                                                                                0x01331b4e
                                                                                                                                                                                                                                0x01331b55
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331b63
                                                                                                                                                                                                                                0x01331b6d
                                                                                                                                                                                                                                0x01331b7d
                                                                                                                                                                                                                                0x01331b82
                                                                                                                                                                                                                                0x01331b88
                                                                                                                                                                                                                                0x01331b96
                                                                                                                                                                                                                                0x01331bbd
                                                                                                                                                                                                                                0x01331bcc
                                                                                                                                                                                                                                0x01331bd3
                                                                                                                                                                                                                                0x01331bd6
                                                                                                                                                                                                                                0x01331bdb
                                                                                                                                                                                                                                0x01331be2
                                                                                                                                                                                                                                0x01331be2
                                                                                                                                                                                                                                0x01331be2
                                                                                                                                                                                                                                0x01331be9
                                                                                                                                                                                                                                0x01331b98
                                                                                                                                                                                                                                0x01331ba5
                                                                                                                                                                                                                                0x01331baa
                                                                                                                                                                                                                                0x01331bae
                                                                                                                                                                                                                                0x01331bb5
                                                                                                                                                                                                                                0x01331bb5
                                                                                                                                                                                                                                0x01331bf0
                                                                                                                                                                                                                                0x01331bfc
                                                                                                                                                                                                                                0x01331bfe
                                                                                                                                                                                                                                0x01331c0b
                                                                                                                                                                                                                                0x01331c0b
                                                                                                                                                                                                                                0x01331c10
                                                                                                                                                                                                                                0x01331c1e
                                                                                                                                                                                                                                0x01331c20
                                                                                                                                                                                                                                0x01331c30
                                                                                                                                                                                                                                0x01331c30
                                                                                                                                                                                                                                0x01331c3e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331c4c
                                                                                                                                                                                                                                0x01331c5c
                                                                                                                                                                                                                                0x01331c6a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331c7e
                                                                                                                                                                                                                                0x01331c85
                                                                                                                                                                                                                                0x01331c88
                                                                                                                                                                                                                                0x01331c8a
                                                                                                                                                                                                                                0x01331c8a
                                                                                                                                                                                                                                0x01331c95
                                                                                                                                                                                                                                0x01331c9b
                                                                                                                                                                                                                                0x01331ca1
                                                                                                                                                                                                                                0x01331ca3
                                                                                                                                                                                                                                0x01331ca3
                                                                                                                                                                                                                                0x01331ca9
                                                                                                                                                                                                                                0x01331cb8
                                                                                                                                                                                                                                0x01331cbd
                                                                                                                                                                                                                                0x01331cc0
                                                                                                                                                                                                                                0x01331cc5
                                                                                                                                                                                                                                0x01331cc7
                                                                                                                                                                                                                                0x01331cc7
                                                                                                                                                                                                                                0x01331cd2
                                                                                                                                                                                                                                0x01331ce5
                                                                                                                                                                                                                                0x01331cea
                                                                                                                                                                                                                                0x01331cf0
                                                                                                                                                                                                                                0x01331cf9
                                                                                                                                                                                                                                0x0133316c
                                                                                                                                                                                                                                0x0133316c
                                                                                                                                                                                                                                0x0133316e
                                                                                                                                                                                                                                0x0133315f
                                                                                                                                                                                                                                0x01333166
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01333166
                                                                                                                                                                                                                                0x01331d17
                                                                                                                                                                                                                                0x01331d1f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331d38
                                                                                                                                                                                                                                0x01331d43
                                                                                                                                                                                                                                0x01331d4c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331d5f
                                                                                                                                                                                                                                0x01331d6c
                                                                                                                                                                                                                                0x01331d74
                                                                                                                                                                                                                                0x01331d7b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331d89
                                                                                                                                                                                                                                0x01331d93
                                                                                                                                                                                                                                0x01331d9a
                                                                                                                                                                                                                                0x01331da4
                                                                                                                                                                                                                                0x01331da4
                                                                                                                                                                                                                                0x01331db0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331dc3
                                                                                                                                                                                                                                0x01331dd0
                                                                                                                                                                                                                                0x01331ddb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331de9
                                                                                                                                                                                                                                0x01331df3
                                                                                                                                                                                                                                0x01331dfa
                                                                                                                                                                                                                                0x01331e04
                                                                                                                                                                                                                                0x01331e04
                                                                                                                                                                                                                                0x01331e10
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331e30
                                                                                                                                                                                                                                0x01331e70
                                                                                                                                                                                                                                0x01331e75
                                                                                                                                                                                                                                0x01331e32
                                                                                                                                                                                                                                0x01331e3b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331e43
                                                                                                                                                                                                                                0x01331e58
                                                                                                                                                                                                                                0x01331e58
                                                                                                                                                                                                                                0x01331e7b
                                                                                                                                                                                                                                0x01331e84
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331e8a
                                                                                                                                                                                                                                0x01331e94
                                                                                                                                                                                                                                0x01331ea6
                                                                                                                                                                                                                                0x01331ea6
                                                                                                                                                                                                                                0x01331ea6
                                                                                                                                                                                                                                0x01331e96
                                                                                                                                                                                                                                0x01331e9d
                                                                                                                                                                                                                                0x01331ea0
                                                                                                                                                                                                                                0x01331ea0
                                                                                                                                                                                                                                0x01331ead
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331eb3
                                                                                                                                                                                                                                0x01331ebd
                                                                                                                                                                                                                                0x01331ec6
                                                                                                                                                                                                                                0x01331ec9
                                                                                                                                                                                                                                0x01331ec9
                                                                                                                                                                                                                                0x01331ed0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331ed6
                                                                                                                                                                                                                                0x01331ee0
                                                                                                                                                                                                                                0x01331ee9
                                                                                                                                                                                                                                0x01331eec
                                                                                                                                                                                                                                0x01331eec
                                                                                                                                                                                                                                0x01331ef3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331ef9
                                                                                                                                                                                                                                0x01331f03
                                                                                                                                                                                                                                0x01331f0c
                                                                                                                                                                                                                                0x01331f0f
                                                                                                                                                                                                                                0x01331f0f
                                                                                                                                                                                                                                0x01331f16
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331f29
                                                                                                                                                                                                                                0x01331f30
                                                                                                                                                                                                                                0x01331f3e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331f53
                                                                                                                                                                                                                                0x01331f56
                                                                                                                                                                                                                                0x01331f6d
                                                                                                                                                                                                                                0x01331f78
                                                                                                                                                                                                                                0x01331f7b
                                                                                                                                                                                                                                0x01331f81
                                                                                                                                                                                                                                0x01331f87
                                                                                                                                                                                                                                0x01331f8d
                                                                                                                                                                                                                                0x01331f93
                                                                                                                                                                                                                                0x01331f98
                                                                                                                                                                                                                                0x01331fa0
                                                                                                                                                                                                                                0x01331fa7
                                                                                                                                                                                                                                0x01331fac
                                                                                                                                                                                                                                0x01331fb8
                                                                                                                                                                                                                                0x01331fbb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331fcf
                                                                                                                                                                                                                                0x01331fd0
                                                                                                                                                                                                                                0x01331fd1
                                                                                                                                                                                                                                0x013330e7
                                                                                                                                                                                                                                0x013330f1
                                                                                                                                                                                                                                0x013330fd
                                                                                                                                                                                                                                0x01333102
                                                                                                                                                                                                                                0x01333108
                                                                                                                                                                                                                                0x01333108
                                                                                                                                                                                                                                0x01331aba
                                                                                                                                                                                                                                0x01331ac3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331ad7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331ad7
                                                                                                                                                                                                                                0x01331ab8
                                                                                                                                                                                                                                0x01331a96
                                                                                                                                                                                                                                0x01331a74
                                                                                                                                                                                                                                0x01333113
                                                                                                                                                                                                                                0x01333121
                                                                                                                                                                                                                                0x0133312c
                                                                                                                                                                                                                                0x01333130
                                                                                                                                                                                                                                0x01333135
                                                                                                                                                                                                                                0x0133313b
                                                                                                                                                                                                                                0x01333144
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01333144
                                                                                                                                                                                                                                0x0133315d
                                                                                                                                                                                                                                0x0133315e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133315e
                                                                                                                                                                                                                                0x0133314a
                                                                                                                                                                                                                                0x01333150
                                                                                                                                                                                                                                0x0133315a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 013318E9
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01331A3C
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01331A5E
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01331A80
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01331AA2
                                                                                                                                                                                                                                  • Part of subcall function 01320766: _memcmp.LIBCMT ref: 0132078A
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01331AE3
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01331FE1
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01332364
                                                                                                                                                                                                                                  • Part of subcall function 01311716: _memmove.LIBCMT ref: 0131178B
                                                                                                                                                                                                                                  • Part of subcall function 01320401: EnableWindow.USER32(?,00000001), ref: 0132050A
                                                                                                                                                                                                                                  • Part of subcall function 01320401: InvalidateRect.USER32(?,00000000,00000000), ref: 01320574
                                                                                                                                                                                                                                  • Part of subcall function 013454B5: __recalloc.LIBCMT ref: 013454F3
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 013324D4
                                                                                                                                                                                                                                  • Part of subcall function 013753A6: _malloc.LIBCMT ref: 013753C0
                                                                                                                                                                                                                                  • Part of subcall function 0131FE5B: __EH_prolog3.LIBCMT ref: 0131FE62
                                                                                                                                                                                                                                  • Part of subcall function 0131A995: _memmove.LIBCMT ref: 0131AA0A
                                                                                                                                                                                                                                  • Part of subcall function 0132061F: _strlen.LIBCMT ref: 01320626
                                                                                                                                                                                                                                  • Part of subcall function 01333172: __EH_prolog3_GS.LIBCMT ref: 0133317C
                                                                                                                                                                                                                                  • Part of subcall function 01333172: __wcstoui64.LIBCMT ref: 013332BF
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,00000108,013314B0,?,?,?,?,?,0000006A,?,000000A0), ref: 01333166
                                                                                                                                                                                                                                  • Part of subcall function 0131A995: std::_Xinvalid_argument.LIBCPMT ref: 0131A9AF
                                                                                                                                                                                                                                  • Part of subcall function 01311716: std::_Xinvalid_argument.LIBCPMT ref: 01311730
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _strlen$H_prolog3_$Xinvalid_argument_memmovestd::_$CurrentEnableExceptionH_prolog3InvalidateLocalProcessRaiseRectTimeWindow__recalloc__wcstoui64_malloc_memcmp_memsetswprintf
                                                                                                                                                                                                                                • String ID: @$DisplayDynamicUI()...$Tahoma$bitmap$checkbox$hyperlink$png$radio$scrolltext$text
                                                                                                                                                                                                                                • API String ID: 2021226817-2579417856
                                                                                                                                                                                                                                • Opcode ID: 449e507b002a01a377b2cbd5be14f1abbf9ebbdb382f973d7850ce82b7df033e
                                                                                                                                                                                                                                • Instruction ID: d1941b4615cb21aa595623d80dc997c94d60e69ff061b06b350a3a9517cd2acb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 449e507b002a01a377b2cbd5be14f1abbf9ebbdb382f973d7850ce82b7df033e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6FF29C7190026ADFDB25DF68CC80BEDBBB4BF15318F0481D4E959AB281D770AA85CF64
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013189DE, Relevance: 32.2, APIs: 4, Strings: 14, Instructions: 739COMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1373 13189de-1318a07 call 137c242 call 1319b30 1378 1318a0d-1318a4a LoadStringW call 1319b30 call 1319f97 1373->1378 1379 131943c-131944a call 131aa87 1373->1379 1387 1318a4f-1318a98 call 131e279 1378->1387 1384 131944c-1319451 call 137c2c5 1379->1384 1391 1318aa0-1318b32 call 1319b08 * 2 call 131d8b6 1387->1391 1392 1318a9a 1387->1392 1399 13193f8-1319437 call 131ab10 call 131aa87 * 2 call 13194b6 call 131aa87 1391->1399 1400 1318b38-1318b44 1391->1400 1392->1391 1399->1379 1401 1318b46 1400->1401 1402 1318b4b-1318b60 call 131aa30 1400->1402 1401->1402 1408 1318b66-1318bbb call 131d937 call 131b6a8 call 131aa87 1402->1408 1409 1318ce8-1318cf4 1402->1409 1435 1318bc1-1318c67 call 1319b08 call 131d937 call 131b6a8 call 131aa87 call 1319f97 call 13196ae call 13194b6 call 131aa87 1408->1435 1436 1319452 1408->1436 1413 1318cf6 1409->1413 1414 1318cfb-1318d10 call 131aa30 1409->1414 1413->1414 1421 1318d16-1318d72 call 131d937 call 131b6a8 call 131aa87 1414->1421 1422 1318e59-1318e65 1414->1422 1457 1318e20 1421->1457 1458 1318d78-1318e1e call 1319b08 call 131d937 call 131b6a8 call 131aa87 call 1319f97 call 13196ae call 13194b6 call 131aa87 1421->1458 1425 1318e67 1422->1425 1426 1318e6c-1318e81 call 131aa30 1422->1426 1425->1426 1438 1318e83-1318ed2 call 1319b30 * 2 call 135c5a9 call 131aa87 1426->1438 1439 1318ed7-1318ee3 1426->1439 1473 1319356-131935c 1435->1473 1552 1318c6d-1318c74 1435->1552 1437 1319454-13194a9 call 131ab10 call 131aa87 * 2 call 13194b6 call 131aa87 * 2 1436->1437 1437->1384 1500 13193d0-13193dc call 131aa87 1438->1500 1442 1318ee5 1439->1442 1443 1318eea-1318eff call 131aa30 1439->1443 1442->1443 1460 1318f01-1318f32 call 131d937 1443->1460 1461 1318f37-1318f43 1443->1461 1465 1318e22-1318e24 1457->1465 1458->1465 1486 1319109 1460->1486 1468 1318f45 1461->1468 1469 1318f4a-1318f5f call 131aa30 1461->1469 1465->1473 1474 1318e2a-1318e31 1465->1474 1468->1469 1495 1318f65-1318fba call 131d937 call 131b6a8 call 131aa87 1469->1495 1496 131900b-1319017 1469->1496 1476 13193e1-13193f0 1473->1476 1482 1318ce0-1318ce3 1474->1482 1483 1318e37-1318e4f call 1319b30 1474->1483 1476->1400 1484 13193f6 1476->1484 1482->1437 1483->1422 1484->1399 1494 131910e-1319118 call 131b6a8 1486->1494 1520 131911a-131912b call 131aa87 1494->1520 1540 1318fc0-1318fc4 1495->1540 1541 131934d-1319350 1495->1541 1506 1319019 1496->1506 1507 131901e-1319033 call 131aa30 1496->1507 1500->1476 1506->1507 1524 1319035-1319068 call 131d937 call 131b6a8 1507->1524 1525 131906d-1319079 1507->1525 1520->1473 1524->1520 1531 1319080-1319095 call 131aa30 1525->1531 1532 131907b 1525->1532 1550 1319097-13190ba call 131d937 1531->1550 1551 13190bc-13190c8 1531->1551 1532->1531 1546 13194ab-13194b5 call 1363221 1540->1546 1547 1318fca-1318fce 1540->1547 1541->1473 1556 1318fd0-1318fd2 1547->1556 1557 1318fd4 1547->1557 1550->1486 1553 13190ca 1551->1553 1554 13190cf-13190e4 call 131aa30 1551->1554 1552->1482 1560 1318c76-1318cdb call 1319b30 call 131b6a8 call 1376d83 call 131b74b call 135be26 call 134ba76 call 131aa87 1552->1560 1553->1554 1572 1319130-131913c 1554->1572 1573 13190e6-1319105 call 131d937 1554->1573 1564 1318fd6-1318fda 1556->1564 1557->1564 1560->1482 1564->1541 1569 1318fe0-1319006 call 131a995 call 131d937 1564->1569 1569->1494 1575 1319143-1319158 call 131aa30 1572->1575 1576 131913e 1572->1576 1573->1486 1587 1319202-131920e 1575->1587 1588 131915e-13191b3 call 131d937 call 131b6a8 call 131aa87 1575->1588 1576->1575 1591 1319210 1587->1591 1592 1319215-131922a call 131aa30 1587->1592 1588->1541 1613 13191b9-13191bd 1588->1613 1591->1592 1602 1319361-1319368 1592->1602 1603 1319230-131928c call 131d937 call 131b6a8 call 131aa87 1592->1603 1602->1476 1604 131936a-13193cf call 131a995 call 131b6a8 call 135be26 call 134ba76 1602->1604 1603->1541 1626 1319292-1319296 1603->1626 1604->1500 1613->1546 1616 13191c3-13191c7 1613->1616 1620 13191c9-13191cb 1616->1620 1621 13191cd 1616->1621 1624 13191cf-13191d3 1620->1624 1621->1624 1624->1541 1625 13191d9-13191f9 call 131a995 call 131d937 1624->1625 1625->1587 1626->1546 1629 131929c-13192a0 1626->1629 1632 13192a2-13192a4 1629->1632 1633 13192a6 1629->1633 1636 13192a8-13192ac 1632->1636 1633->1636 1636->1541 1638 13192b2-13192ca call 131a995 1636->1638 1641 1319335-1319344 call 131d937 1638->1641 1642 13192cc-1319330 call 135dae1 call 131aa87 * 2 1638->1642 1641->1541 1642->1641
                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                			E013189DE(void* __ebx, void* __edx, char __edi, void* __esi, void* __eflags) {
				signed char _t226;
				intOrPtr _t233;
				intOrPtr* _t239;
				void* _t241;
				intOrPtr* _t242;
				intOrPtr* _t245;
				char _t247;
				intOrPtr* _t248;
				intOrPtr* _t251;
				intOrPtr* _t254;
				intOrPtr* _t257;
				intOrPtr* _t260;
				intOrPtr* _t263;
				intOrPtr* _t266;
				void* _t278;
				intOrPtr* _t282;
				char _t283;
				void* _t284;
				void* _t289;
				intOrPtr _t292;
				void* _t299;
				void* _t308;
				void* _t311;
				void* _t323;
				intOrPtr _t327;
				void* _t337;
				void* _t345;
				void* _t357;
				intOrPtr _t361;
				void* _t364;
				char _t377;
				intOrPtr _t378;
				intOrPtr _t379;
				intOrPtr _t380;
				intOrPtr _t381;
				intOrPtr _t382;
				intOrPtr _t383;
				intOrPtr _t384;
				intOrPtr _t385;
				intOrPtr _t386;
				intOrPtr _t387;
				char* _t388;
				char* _t390;
				signed char _t391;
				char* _t395;
				short* _t437;
				void* _t441;
				short* _t453;
				short* _t468;
				void* _t540;
				intOrPtr* _t541;
				void* _t549;
				void* _t550;
				intOrPtr* _t551;
				intOrPtr* _t552;
				intOrPtr _t553;

				_t527 = __esi;
				_t513 = __edi;
				_t512 = __edx;
				_push(0x3b0);
				E0137C242(0x13989f8, __ebx, __edi, __esi);
				E01319B30(_t549 - 0x238,  *((intOrPtr*)(_t549 + 8)));
				_t377 = 0;
				 *((intOrPtr*)(_t549 - 4)) = 0;
				_t555 =  *((intOrPtr*)(_t549 - 0x228));
				if( *((intOrPtr*)(_t549 - 0x228)) == 0) {
					L86:
					E0131AA87(_t549 - 0x238, 1, _t377);
					__eflags = 0;
					goto L87;
				} else {
					LoadStringW( *0x13c1728, 0x72, _t549 - 0x1a4, 0x190);
					E01319B30(_t549 - 0x254, _t549 - 0x1a4);
					_push(_t549 - 0x3bc);
					 *((char*)(_t549 - 4)) = 1;
					E01319F97(0, _t549 - 0x238, __edi, __esi, _t555); // executed
					 *((intOrPtr*)(_t549 - 0x1fc)) = _t549 - 0x3bc;
					 *((intOrPtr*)(_t549 - 0x1e4)) = 7;
					 *((intOrPtr*)(_t549 - 0x1e8)) = 0;
					 *((short*)(_t549 - 0x1f8)) = 0;
					_push(_t549 - 0x1f8);
					_push(_t549 - 0x3bc);
					 *((char*)(_t549 - 4)) = 3;
					_t226 =  *( *((intOrPtr*)( *((intOrPtr*)(E0131E279(0, _t549 - 0x238, _t512, __edi, __esi, _t555))) + 4)) + _t225 + 0xc);
					_t556 = _t226 & 0x00000006;
					if((_t226 & 0x00000006) != 0) {
						 *((intOrPtr*)(_t549 - 0x1fc)) = 0;
					}
					 *((intOrPtr*)(_t549 - 0x21c)) = _t377;
					 *((intOrPtr*)(_t549 - 0x204)) = 7;
					 *((intOrPtr*)(_t549 - 0x208)) = _t377;
					 *((short*)(_t549 - 0x218)) = 0;
					_t551 = _t550 - 0x20;
					 *((char*)(_t549 - 4)) = 5;
					 *((intOrPtr*)(_t549 - 0x25c)) = _t551;
					 *_t551 = _t377;
					E01319B08(_t551 + 4, _t549 - 0x218);
					_t552 = _t551 - 0x20;
					 *((char*)(_t549 - 4)) = 6;
					 *_t552 =  *((intOrPtr*)(_t549 - 0x1fc));
					 *((intOrPtr*)(_t549 - 0x258)) = _t552;
					E01319B08(_t552 + 4, _t549 - 0x1f8);
					 *((char*)(_t549 - 4)) = 5;
					E0131D8B6(_t377, _t513, _t549 - 0x26c, _t556);
					 *((char*)(_t549 - 4)) = 7;
					_t233 =  *((intOrPtr*)(_t549 - 0x268));
					_t513 =  *((intOrPtr*)(_t549 - 0x26c));
					 *((intOrPtr*)(_t549 - 0x25c)) = _t233;
					 *((intOrPtr*)(_t549 - 0x258)) = _t513;
					if(_t513 == _t233) {
						L85:
						_t527 = _t549 - 0x26c;
						E0131AB10(_t549 - 0x26c);
						E0131AA87(_t549 - 0x218, 1, _t377);
						E0131AA87(_t549 - 0x1f8, 1, _t377);
						 *((char*)(_t549 - 4)) = 1;
						L91();
						E0131AA87(_t549 - 0x254, 1, _t377);
						goto L86;
					} else {
						do {
							_t239 =  *0x13c2eb4; // 0x74002d
							if( *0x13c2ec8 < 8) {
								_t239 = 0x13c2eb4;
							}
							_t378 =  *0x13c2ec4; // 0x3
							_t241 = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t378, _t513, 0, _t239);
							_t559 = _t241;
							if(_t241 != 0) {
								__eflags =  *0x13c2e58 - 8;
								_t242 =  *0x13c2e44; // 0x64002d
								if( *0x13c2e58 < 8) {
									_t242 = 0x13c2e44;
								}
								_t379 =  *0x13c2e54; // 0x3
								__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t379, _t513, 0, _t242);
								if(__eflags != 0) {
									__eflags =  *0x13c2d20 - 8;
									_t245 =  *0x13c2d0c; // 0x72002d
									if( *0x13c2d20 < 8) {
										_t245 = 0x13c2d0c;
									}
									_t380 =  *0x13c2d1c; // 0x3
									_t247 = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t380, _t513, 0, _t245);
									__eflags = _t247;
									if(_t247 != 0) {
										__eflags =  *0x13c2f68 - 8;
										_t248 =  *0x13c2f54; // 0x62002d
										if( *0x13c2f68 < 8) {
											_t248 = 0x13c2f54;
										}
										_t381 =  *0x13c2f64; // 0x2
										__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t381, _t513, 0, _t248);
										if(__eflags != 0) {
											__eflags =  *0x13c2e3c - 8;
											_t251 =  *0x13c2e28; // 0x70002d
											if( *0x13c2e3c < 8) {
												_t251 = 0x13c2e28;
											}
											_t382 =  *0x13c2e38; // 0x4
											__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t382, _t513, 0, _t251);
											if(__eflags != 0) {
												__eflags =  *0x13c2d04 - 8;
												_t254 =  *0x13c2cf0; // 0x6e002d
												if( *0x13c2d04 < 8) {
													_t254 = 0x13c2cf0;
												}
												_t383 =  *0x13c2d00; // 0x3
												__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t383, _t513, 0, _t254);
												if(__eflags != 0) {
													__eflags =  *0x13c2b10 - 8;
													_t257 =  *0x13c2afc; // 0x73002d
													if( *0x13c2b10 < 8) {
														_t257 = 0x13c2afc;
													}
													_t384 =  *0x13c2b0c; // 0x3
													__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t384, _t513, 0, _t257);
													if(__eflags != 0) {
														__eflags =  *0x13c2eac - 8;
														_t260 =  *0x13c2e98; // 0x61002d
														if( *0x13c2eac < 8) {
															_t260 = 0x13c2e98;
														}
														_t385 =  *0x13c2ea8; // 0x3
														__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t385, _t513, 0, _t260);
														if(__eflags != 0) {
															__eflags =  *0x13c2f4c - 8;
															_t263 =  *0x13c2f38; // 0x62002d
															if( *0x13c2f4c < 8) {
																_t263 = 0x13c2f38;
															}
															_t386 =  *0x13c2f48; // 0x3
															__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t386, _t513, 0, _t263);
															if(__eflags != 0) {
																__eflags =  *0x13c2e90 - 8;
																_t266 =  *0x13c2e7c; // 0x6c002d
																if( *0x13c2e90 < 8) {
																	_t266 = 0x13c2e7c;
																}
																_t387 =  *0x13c2e8c; // 0x2
																__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t387, _t513, 0, _t266);
																if(__eflags != 0) {
																	__eflags =  *0x13c2a33;
																	if( *0x13c2a33 != 0) {
																		__eflags = 0;
																		 *((short*)(_t549 - 0x1dc)) = 0;
																		 *((intOrPtr*)(_t549 - 0x1c8)) = 7;
																		 *(_t549 - 0x1cc) = 0;
																		E0131A995(_t549 - 0x1dc, _t549 - 0x254, 0, 0xffffffff);
																		 *((char*)(_t549 - 4)) = 0x20;
																		E0131B6A8(_t549 - 0x1dc, _t513, 0, 0xffffffff);
																		_t552 = _t552 - 0x1c;
																		 *((intOrPtr*)(_t549 - 0x258)) = _t552;
																		_push(_t552);
																		E0135BE26(_t387, _t549 - 0x1dc, _t513, 0, __eflags);
																		E0134BA76(_t387, 0x13c2b18, _t512, _t513, 0, __eflags);
																		_push(0);
																		goto L82;
																	}
																	goto L83;
																} else {
																	_t388 = " ";
																	_push(_t388);
																	_push(_t549 - 0x1c0);
																	_t514 = 0x13c2e7c;
																	 *0x13c2a33 = 1;
																	_t278 = E0131D937(_t388, 0x13c2e7c, 0, __eflags);
																	_t540 = 0x13c2eec;
																	 *((char*)(_t549 - 4)) = 0x1c;
																	E0131B6A8(0x13c2eec, _t278, 0, 0xffffffff);
																	 *((char*)(_t549 - 4)) = 7;
																	E0131AA87(_t549 - 0x1c0, 1, 0);
																	_t282 =  *((intOrPtr*)(_t549 - 0x258)) + 0x1c;
																	 *((intOrPtr*)(_t549 - 0x258)) = _t282;
																	__eflags = _t282 -  *((intOrPtr*)(_t549 - 0x25c));
																	if(_t282 ==  *((intOrPtr*)(_t549 - 0x25c))) {
																		goto L78;
																	} else {
																		__eflags =  *((intOrPtr*)(_t282 + 0x10));
																		if(__eflags <= 0) {
																			goto L90;
																		} else {
																			__eflags =  *((intOrPtr*)(_t282 + 0x14)) - 8;
																			if( *((intOrPtr*)(_t282 + 0x14)) < 8) {
																				_t437 = _t282;
																			} else {
																				_t437 =  *_t282;
																			}
																			__eflags =  *_t437 - 0x2d;
																			if( *_t437 == 0x2d) {
																				goto L78;
																			} else {
																				E0131A995(0x13bf00c, _t282, 0, 0xffffffff);
																				__eflags =  *0x13bf01c;
																				if(__eflags == 0) {
																					 *(_t549 - 0x1b0) =  *(_t549 - 0x1b0) & 0x00000000;
																					_t292 = 7;
																					 *((intOrPtr*)(_t549 - 0x1ac)) = _t292;
																					 *((short*)(_t549 - 0x1c0)) = 0;
																					 *(_t549 - 0x1cc) =  *(_t549 - 0x1cc) & 0;
																					 *((intOrPtr*)(_t549 - 0x1c8)) = _t292;
																					__eflags = 0;
																					 *((short*)(_t549 - 0x1dc)) = 0;
																					 *((char*)(_t549 - 4)) = 0x1e;
																					E0135DAE1(_t549 - 0x1c0, _t512, 0, 0x13bf00c, _t549 - 0x1dc);
																					E0131AA87(_t549 - 0x1dc, 1, 0);
																					 *((char*)(_t549 - 4)) = 7;
																					E0131AA87(_t549 - 0x1c0, 1, 0);
																				}
																				_push(_t388);
																				_push(_t549 - 0x1c0);
																				_t289 = E0131D937(_t388, 0x13bf00c, _t540, __eflags);
																				 *((char*)(_t549 - 4)) = 0x1f;
																				goto L40;
																			}
																			goto L79;
																		}
																	}
																}
															} else {
																_t388 = " ";
																_push(_t388);
																_push(_t549 - 0x1c0);
																_t514 = 0x13c2f38;
																_t299 = E0131D937(_t388, 0x13c2f38, 0, __eflags);
																_t540 = 0x13c2eec;
																 *((char*)(_t549 - 4)) = 0x1a;
																E0131B6A8(0x13c2eec, _t299, 0, 0xffffffff);
																 *((char*)(_t549 - 4)) = 7;
																E0131AA87(_t549 - 0x1c0, 1, 0);
																_t282 =  *((intOrPtr*)(_t549 - 0x258)) + 0x1c;
																 *((intOrPtr*)(_t549 - 0x258)) = _t282;
																__eflags = _t282 -  *((intOrPtr*)(_t549 - 0x25c));
																if(_t282 ==  *((intOrPtr*)(_t549 - 0x25c))) {
																	goto L78;
																} else {
																	__eflags =  *((intOrPtr*)(_t282 + 0x10));
																	if(__eflags <= 0) {
																		goto L90;
																	} else {
																		__eflags =  *((intOrPtr*)(_t282 + 0x14)) - 8;
																		if( *((intOrPtr*)(_t282 + 0x14)) < 8) {
																			_t453 = _t282;
																		} else {
																			_t453 =  *_t282;
																		}
																		__eflags =  *_t453 - 0x2d;
																		if( *_t453 == 0x2d) {
																			goto L78;
																		} else {
																			E0131A995(0x13bf028, _t282, 0, 0xffffffff);
																			_push(_t388);
																			_push(_t549 - 0x1c0);
																			_t289 = E0131D937(_t388, 0x13bf028, _t540, __eflags);
																			 *((char*)(_t549 - 4)) = 0x1b;
																			goto L40;
																		}
																		goto L79;
																	}
																}
															}
														} else {
															_push(" ");
															_push(_t549 - 0x1c0);
															 *0x13c2a32 = 1;
															_t289 = E0131D937(_t385, 0x13c2e98, 0, __eflags);
															 *((char*)(_t549 - 4)) = 0x19;
															goto L53;
														}
													} else {
														_push(" ");
														_push(_t549 - 0x1c0);
														 *0x13c2a31 = 1;
														_t289 = E0131D937(_t384, 0x13c2afc, 0, __eflags);
														 *((char*)(_t549 - 4)) = 0x18;
														goto L53;
													}
												} else {
													_push(" ");
													_push(_t549 - 0x1c0);
													 *0x13c2a30 = 0;
													_t308 = E0131D937(0, 0x13c2cf0, 0, __eflags);
													 *((char*)(_t549 - 4)) = 0x17;
													E0131B6A8(0x13c2eec, _t308, 0, 0xffffffff);
													_push(0);
													goto L55;
												}
											} else {
												_t388 = " ";
												_push(_t388);
												_push(_t549 - 0x1c0);
												_t514 = 0x13c2e28;
												_t311 = E0131D937(_t388, 0x13c2e28, 0, __eflags);
												_t540 = 0x13c2eec;
												 *((char*)(_t549 - 4)) = 0x15;
												E0131B6A8(0x13c2eec, _t311, 0, 0xffffffff);
												 *((char*)(_t549 - 4)) = 7;
												E0131AA87(_t549 - 0x1c0, 1, 0);
												_t282 =  *((intOrPtr*)(_t549 - 0x258)) + 0x1c;
												 *((intOrPtr*)(_t549 - 0x258)) = _t282;
												__eflags = _t282 -  *((intOrPtr*)(_t549 - 0x25c));
												if(_t282 ==  *((intOrPtr*)(_t549 - 0x25c))) {
													L78:
													_t283 = _t282 - 0x1c;
													__eflags = _t283;
													 *((intOrPtr*)(_t549 - 0x258)) = _t283;
													goto L79;
												} else {
													__eflags =  *((intOrPtr*)(_t282 + 0x10));
													if(__eflags <= 0) {
														L90:
														_t284 = E01363221("invalid string position");
														asm("int3");
														_push(_t540);
														_t541 = _t284 + 0x60;
														E0131A020(_t388, _t541, _t514, _t541, __eflags);
														 *_t541 = 0x13a1494;
														return E01363509(_t541);
													} else {
														__eflags =  *((intOrPtr*)(_t282 + 0x14)) - 8;
														if( *((intOrPtr*)(_t282 + 0x14)) < 8) {
															_t468 = _t282;
														} else {
															_t468 =  *_t282;
														}
														__eflags =  *_t468 - 0x2d;
														if( *_t468 == 0x2d) {
															goto L78;
														} else {
															E0131A995(L"MP3R7", _t282, 0, 0xffffffff);
															_push(_t388);
															_push(_t549 - 0x1c0);
															_t289 = E0131D937(_t388, L"MP3R7", _t540, __eflags);
															 *((char*)(_t549 - 4)) = 0x16;
															L40:
															_t441 = _t540;
															goto L54;
														}
														goto L79;
													}
												}
											}
										} else {
											_push(" ");
											_push(_t549 - 0x1c0);
											 *0x13c2a29 = 1;
											 *0x13c2a28 = 1;
											 *0x13c2a30 = 1;
											_t289 = E0131D937(_t381, 0x13c2f54, 0, __eflags);
											 *((char*)(_t549 - 4)) = 0x14;
											L53:
											_t441 = 0x13c2eec;
											L54:
											E0131B6A8(_t441, _t289, 0, 0xffffffff);
											_push(0);
											L55:
											_push(1);
											 *((char*)(_t549 - 4)) = 7;
											E0131AA87(_t549 - 0x1c0);
											goto L79;
										}
									} else {
										 *0x13c2a2b = 1;
										E01319B30(_t549 - 0x1dc, L"PIP");
										 *((char*)(_t549 - 4)) = 0x12;
										E01319B30(_t549 - 0x1c0, L"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce");
										_t512 = _t549 - 0x1c0;
										 *((char*)(_t549 - 4)) = 0x13;
										E0135C5A9(_t380, _t549 - 0x1dc, _t549 - 0x1c0, _t513, 0, __eflags);
										E0131AA87(_t549 - 0x1c0, 1, 0);
										_push(0);
										L82:
										_push(1);
										 *((char*)(_t549 - 4)) = 7;
										E0131AA87(_t549 - 0x1dc);
										goto L83;
									}
								} else {
									_t390 = " ";
									_push(_t390);
									_push(_t549 - 0x1c0);
									_t522 = 0x13c2e44;
									_t323 = E0131D937(_t390, 0x13c2e44, 0, __eflags);
									 *((char*)(_t549 - 4)) = 0xd;
									E0131B6A8(0x13c2eec, _t323, 0, 0xffffffff);
									 *((char*)(_t549 - 4)) = 7;
									E0131AA87(_t549 - 0x1c0, 1, 0);
									_t327 =  *((intOrPtr*)(_t549 - 0x258)) + 0x1c;
									 *0x13c2a2a = 1;
									 *((intOrPtr*)(_t549 - 0x258)) = _t327;
									__eflags = _t327 -  *((intOrPtr*)(_t549 - 0x25c));
									if(_t327 ==  *((intOrPtr*)(_t549 - 0x25c))) {
										_t391 = 1;
									} else {
										E01319B08(_t549 - 0x1c0, _t327);
										_push(_t390);
										_push(_t549 - 0x1dc);
										 *((char*)(_t549 - 4)) = 0xe;
										_t345 = E0131D937(_t390, _t549 - 0x1c0, 0x13c2eec, __eflags);
										_t522 = 0;
										 *((char*)(_t549 - 4)) = 0xf;
										E0131B6A8(0x13c2eec, _t345, 0, 0xffffffff);
										 *((char*)(_t549 - 4)) = 0xe;
										E0131AA87(_t549 - 0x1dc, 1, 0);
										_push(_t549 - 0x314);
										E01319F97(_t390, _t549 - 0x1c0, 0, 0x13c2eec, __eflags);
										_push(0x13bee24);
										_push(_t549 - 0x314);
										 *((char*)(_t549 - 4)) = 0x10;
										E013196AE(_t390, _t549 - 0x1c0, _t512, 0, 0x13c2eec, __eflags);
										_t391 =  *(_t549 +  *((intOrPtr*)( *((intOrPtr*)(_t549 - 0x314)) + 4)) - 0x308) >> 0x00000002 & 0x00000001;
										 *((char*)(_t549 - 4)) = 0xe;
										L91();
										 *((char*)(_t549 - 4)) = 7;
										E0131AA87(_t549 - 0x1c0, 1, 0);
									}
									__eflags = _t391;
									if(_t391 == 0) {
										goto L79;
									} else {
										__eflags =  *0x13c2a33;
										if( *0x13c2a33 == 0) {
											goto L12;
										} else {
											E01319B30(_t549 - 0x1c0, L"Command line argument \"");
											_push(0xffffffff);
											_push(0);
											 *((char*)(_t549 - 4)) = 0x11;
											_push("-di");
											goto L11;
										}
										goto L87;
									}
								}
							} else {
								_t395 = " ";
								_push(_t395);
								_push(_t549 - 0x1c0);
								_t357 = E0131D937(_t395, 0x13c2eb4, 0, _t559);
								 *((char*)(_t549 - 4)) = 8;
								E0131B6A8(0x13c2eec, _t357, 0, 0xffffffff);
								 *((char*)(_t549 - 4)) = 7;
								E0131AA87(_t549 - 0x1c0, 1, 0);
								_t361 =  *((intOrPtr*)(_t549 - 0x258)) + 0x1c;
								 *((intOrPtr*)(_t549 - 0x258)) = _t361;
								_t560 = _t361 -  *((intOrPtr*)(_t549 - 0x25c));
								if(_t361 ==  *((intOrPtr*)(_t549 - 0x25c))) {
									_t513 = 0;
									__eflags = 0;
									goto L89;
								} else {
									E01319B08(_t549 - 0x1c0, _t361);
									_push(_t395);
									_push(_t549 - 0x1dc);
									 *((char*)(_t549 - 4)) = 9;
									_t364 = E0131D937(_t395, _t549 - 0x1c0, 0x13c2eec, _t560);
									_t522 = 0;
									 *((char*)(_t549 - 4)) = 0xa;
									E0131B6A8(0x13c2eec, _t364, 0, 0xffffffff);
									 *((char*)(_t549 - 4)) = 9;
									E0131AA87(_t549 - 0x1dc, 1, 0);
									_push(_t549 - 0x314);
									E01319F97(_t395, _t549 - 0x1c0, 0, 0x13c2eec, _t560);
									_push(0x13c2a2c);
									_push(_t549 - 0x314);
									 *((char*)(_t549 - 4)) = 0xb;
									E013196AE(_t395, _t549 - 0x1c0, _t512, 0, 0x13c2eec, _t560);
									 *((char*)(_t549 - 4)) = 9;
									L91();
									 *((char*)(_t549 - 4)) = 7;
									E0131AA87(_t549 - 0x1c0, 1, 0);
									if(( *(_t549 +  *((intOrPtr*)( *((intOrPtr*)(_t549 - 0x314)) + 4)) - 0x308) >> 0x00000002 & 0x00000001) == 0) {
										L79:
										_t513 =  *((intOrPtr*)(_t549 - 0x258));
										goto L83;
									} else {
										_t562 =  *0x13c2a33;
										if( *0x13c2a33 != 0) {
											E01319B30(_t549 - 0x1c0, L"Command line argument \"");
											_push(0xffffffff);
											_push(0);
											 *((char*)(_t549 - 4)) = 0xc;
											_push("-to");
											L11:
											E0131B6A8(_t549 - 0x1c0);
											_t337 = E01376D83(L"\" should be followed by a numeric value");
											_t547 = _t549 - 0x1c0;
											E0131B74B(_t337, _t549 - 0x1c0, _t562, L"\" should be followed by a numeric value");
											_t553 = _t552 - 0x1c;
											 *((intOrPtr*)(_t549 - 0x25c)) = _t553;
											_push(_t553);
											E0135BE26(_t337, _t549 - 0x1c0, _t522, _t549 - 0x1c0, _t562);
											E0134BA76(_t337, 0x13c2b18, _t512, _t522, _t547, _t562);
											E0131AA87(_t547, 1, 0);
										}
										L12:
										_t513 = 1;
										L89:
										E0131AB10(_t549 - 0x26c);
										_t377 = 0;
										_t527 = 1;
										E0131AA87(_t549 - 0x218, 1, 0);
										E0131AA87(_t549 - 0x1f8, 1, 0);
										 *((char*)(_t549 - 4)) = 1;
										L91();
										E0131AA87(_t549 - 0x254, 1, 0);
										E0131AA87(_t549 - 0x238, 1, 0);
										L87:
										return E0137C2C5(_t377, _t513, _t527);
									}
								}
							}
							goto L92;
							L83:
							_t513 = _t513 + 0x1c;
							 *((intOrPtr*)(_t549 - 0x258)) = _t513;
							__eflags = _t513 -  *((intOrPtr*)(_t549 - 0x25c));
						} while (_t513 !=  *((intOrPtr*)(_t549 - 0x25c)));
						_t377 = 0;
						__eflags = 0;
						goto L85;
					}
				}
				L92:
			}



























































                                                                                                                                                                                                                                0x013189de
                                                                                                                                                                                                                                0x013189de
                                                                                                                                                                                                                                0x013189de
                                                                                                                                                                                                                                0x013189de
                                                                                                                                                                                                                                0x013189e8
                                                                                                                                                                                                                                0x013189f7
                                                                                                                                                                                                                                0x013189fc
                                                                                                                                                                                                                                0x013189fe
                                                                                                                                                                                                                                0x01318a01
                                                                                                                                                                                                                                0x01318a07
                                                                                                                                                                                                                                0x0131943c
                                                                                                                                                                                                                                0x01319445
                                                                                                                                                                                                                                0x0131944a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318a0d
                                                                                                                                                                                                                                0x01318a21
                                                                                                                                                                                                                                0x01318a34
                                                                                                                                                                                                                                0x01318a3f
                                                                                                                                                                                                                                0x01318a46
                                                                                                                                                                                                                                0x01318a4a
                                                                                                                                                                                                                                0x01318a55
                                                                                                                                                                                                                                0x01318a5d
                                                                                                                                                                                                                                0x01318a67
                                                                                                                                                                                                                                0x01318a6d
                                                                                                                                                                                                                                0x01318a7a
                                                                                                                                                                                                                                0x01318a81
                                                                                                                                                                                                                                0x01318a82
                                                                                                                                                                                                                                0x01318a92
                                                                                                                                                                                                                                0x01318a96
                                                                                                                                                                                                                                0x01318a98
                                                                                                                                                                                                                                0x01318a9a
                                                                                                                                                                                                                                0x01318a9a
                                                                                                                                                                                                                                0x01318aa2
                                                                                                                                                                                                                                0x01318aa8
                                                                                                                                                                                                                                0x01318ab2
                                                                                                                                                                                                                                0x01318ab8
                                                                                                                                                                                                                                0x01318abf
                                                                                                                                                                                                                                0x01318ac2
                                                                                                                                                                                                                                0x01318ace
                                                                                                                                                                                                                                0x01318ad8
                                                                                                                                                                                                                                0x01318ada
                                                                                                                                                                                                                                0x01318adf
                                                                                                                                                                                                                                0x01318ae2
                                                                                                                                                                                                                                0x01318aee
                                                                                                                                                                                                                                0x01318af6
                                                                                                                                                                                                                                0x01318b00
                                                                                                                                                                                                                                0x01318b0b
                                                                                                                                                                                                                                0x01318b0f
                                                                                                                                                                                                                                0x01318b14
                                                                                                                                                                                                                                0x01318b18
                                                                                                                                                                                                                                0x01318b1e
                                                                                                                                                                                                                                0x01318b24
                                                                                                                                                                                                                                0x01318b2a
                                                                                                                                                                                                                                0x01318b32
                                                                                                                                                                                                                                0x013193f8
                                                                                                                                                                                                                                0x013193f8
                                                                                                                                                                                                                                0x013193fe
                                                                                                                                                                                                                                0x0131940c
                                                                                                                                                                                                                                0x0131941a
                                                                                                                                                                                                                                0x01319425
                                                                                                                                                                                                                                0x01319429
                                                                                                                                                                                                                                0x01319437
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318b38
                                                                                                                                                                                                                                0x01318b38
                                                                                                                                                                                                                                0x01318b3f
                                                                                                                                                                                                                                0x01318b44
                                                                                                                                                                                                                                0x01318b46
                                                                                                                                                                                                                                0x01318b46
                                                                                                                                                                                                                                0x01318b4b
                                                                                                                                                                                                                                0x01318b59
                                                                                                                                                                                                                                0x01318b5e
                                                                                                                                                                                                                                0x01318b60
                                                                                                                                                                                                                                0x01318ce8
                                                                                                                                                                                                                                0x01318cef
                                                                                                                                                                                                                                0x01318cf4
                                                                                                                                                                                                                                0x01318cf6
                                                                                                                                                                                                                                0x01318cf6
                                                                                                                                                                                                                                0x01318cfb
                                                                                                                                                                                                                                0x01318d0e
                                                                                                                                                                                                                                0x01318d10
                                                                                                                                                                                                                                0x01318e59
                                                                                                                                                                                                                                0x01318e60
                                                                                                                                                                                                                                0x01318e65
                                                                                                                                                                                                                                0x01318e67
                                                                                                                                                                                                                                0x01318e67
                                                                                                                                                                                                                                0x01318e6c
                                                                                                                                                                                                                                0x01318e7a
                                                                                                                                                                                                                                0x01318e7f
                                                                                                                                                                                                                                0x01318e81
                                                                                                                                                                                                                                0x01318ed7
                                                                                                                                                                                                                                0x01318ede
                                                                                                                                                                                                                                0x01318ee3
                                                                                                                                                                                                                                0x01318ee5
                                                                                                                                                                                                                                0x01318ee5
                                                                                                                                                                                                                                0x01318eea
                                                                                                                                                                                                                                0x01318efd
                                                                                                                                                                                                                                0x01318eff
                                                                                                                                                                                                                                0x01318f37
                                                                                                                                                                                                                                0x01318f3e
                                                                                                                                                                                                                                0x01318f43
                                                                                                                                                                                                                                0x01318f45
                                                                                                                                                                                                                                0x01318f45
                                                                                                                                                                                                                                0x01318f4a
                                                                                                                                                                                                                                0x01318f5d
                                                                                                                                                                                                                                0x01318f5f
                                                                                                                                                                                                                                0x0131900b
                                                                                                                                                                                                                                0x01319012
                                                                                                                                                                                                                                0x01319017
                                                                                                                                                                                                                                0x01319019
                                                                                                                                                                                                                                0x01319019
                                                                                                                                                                                                                                0x0131901e
                                                                                                                                                                                                                                0x01319031
                                                                                                                                                                                                                                0x01319033
                                                                                                                                                                                                                                0x0131906d
                                                                                                                                                                                                                                0x01319074
                                                                                                                                                                                                                                0x01319079
                                                                                                                                                                                                                                0x0131907b
                                                                                                                                                                                                                                0x0131907b
                                                                                                                                                                                                                                0x01319080
                                                                                                                                                                                                                                0x01319093
                                                                                                                                                                                                                                0x01319095
                                                                                                                                                                                                                                0x013190bc
                                                                                                                                                                                                                                0x013190c3
                                                                                                                                                                                                                                0x013190c8
                                                                                                                                                                                                                                0x013190ca
                                                                                                                                                                                                                                0x013190ca
                                                                                                                                                                                                                                0x013190cf
                                                                                                                                                                                                                                0x013190e2
                                                                                                                                                                                                                                0x013190e4
                                                                                                                                                                                                                                0x01319130
                                                                                                                                                                                                                                0x01319137
                                                                                                                                                                                                                                0x0131913c
                                                                                                                                                                                                                                0x0131913e
                                                                                                                                                                                                                                0x0131913e
                                                                                                                                                                                                                                0x01319143
                                                                                                                                                                                                                                0x01319156
                                                                                                                                                                                                                                0x01319158
                                                                                                                                                                                                                                0x01319202
                                                                                                                                                                                                                                0x01319209
                                                                                                                                                                                                                                0x0131920e
                                                                                                                                                                                                                                0x01319210
                                                                                                                                                                                                                                0x01319210
                                                                                                                                                                                                                                0x01319215
                                                                                                                                                                                                                                0x01319228
                                                                                                                                                                                                                                0x0131922a
                                                                                                                                                                                                                                0x01319361
                                                                                                                                                                                                                                0x01319368
                                                                                                                                                                                                                                0x0131936e
                                                                                                                                                                                                                                0x01319370
                                                                                                                                                                                                                                0x01319385
                                                                                                                                                                                                                                0x0131938f
                                                                                                                                                                                                                                0x01319395
                                                                                                                                                                                                                                0x013193a4
                                                                                                                                                                                                                                0x013193a8
                                                                                                                                                                                                                                0x013193ad
                                                                                                                                                                                                                                0x013193b2
                                                                                                                                                                                                                                0x013193b8
                                                                                                                                                                                                                                0x013193bf
                                                                                                                                                                                                                                0x013193ca
                                                                                                                                                                                                                                0x013193cf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013193cf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01319230
                                                                                                                                                                                                                                0x01319230
                                                                                                                                                                                                                                0x0131923b
                                                                                                                                                                                                                                0x0131923c
                                                                                                                                                                                                                                0x0131923d
                                                                                                                                                                                                                                0x01319242
                                                                                                                                                                                                                                0x01319249
                                                                                                                                                                                                                                0x01319253
                                                                                                                                                                                                                                0x0131925b
                                                                                                                                                                                                                                0x0131925f
                                                                                                                                                                                                                                0x0131926e
                                                                                                                                                                                                                                0x01319272
                                                                                                                                                                                                                                0x0131927d
                                                                                                                                                                                                                                0x01319280
                                                                                                                                                                                                                                0x01319286
                                                                                                                                                                                                                                0x0131928c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01319292
                                                                                                                                                                                                                                0x01319292
                                                                                                                                                                                                                                0x01319296
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131929c
                                                                                                                                                                                                                                0x0131929c
                                                                                                                                                                                                                                0x013192a0
                                                                                                                                                                                                                                0x013192a6
                                                                                                                                                                                                                                0x013192a2
                                                                                                                                                                                                                                0x013192a2
                                                                                                                                                                                                                                0x013192a2
                                                                                                                                                                                                                                0x013192a8
                                                                                                                                                                                                                                0x013192ac
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013192b2
                                                                                                                                                                                                                                0x013192be
                                                                                                                                                                                                                                0x013192c3
                                                                                                                                                                                                                                0x013192ca
                                                                                                                                                                                                                                0x013192cc
                                                                                                                                                                                                                                0x013192d5
                                                                                                                                                                                                                                0x013192d8
                                                                                                                                                                                                                                0x013192de
                                                                                                                                                                                                                                0x013192e5
                                                                                                                                                                                                                                0x013192eb
                                                                                                                                                                                                                                0x013192f1
                                                                                                                                                                                                                                0x013192f3
                                                                                                                                                                                                                                0x01319308
                                                                                                                                                                                                                                0x0131930c
                                                                                                                                                                                                                                0x0131931d
                                                                                                                                                                                                                                0x0131932c
                                                                                                                                                                                                                                0x01319330
                                                                                                                                                                                                                                0x01319330
                                                                                                                                                                                                                                0x0131933b
                                                                                                                                                                                                                                0x0131933c
                                                                                                                                                                                                                                0x0131933d
                                                                                                                                                                                                                                0x01319344
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01319344
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013192ac
                                                                                                                                                                                                                                0x01319296
                                                                                                                                                                                                                                0x0131928c
                                                                                                                                                                                                                                0x0131915e
                                                                                                                                                                                                                                0x0131915e
                                                                                                                                                                                                                                0x01319169
                                                                                                                                                                                                                                0x0131916a
                                                                                                                                                                                                                                0x0131916b
                                                                                                                                                                                                                                0x01319170
                                                                                                                                                                                                                                0x0131917a
                                                                                                                                                                                                                                0x01319182
                                                                                                                                                                                                                                0x01319186
                                                                                                                                                                                                                                0x01319195
                                                                                                                                                                                                                                0x01319199
                                                                                                                                                                                                                                0x013191a4
                                                                                                                                                                                                                                0x013191a7
                                                                                                                                                                                                                                0x013191ad
                                                                                                                                                                                                                                0x013191b3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013191b9
                                                                                                                                                                                                                                0x013191b9
                                                                                                                                                                                                                                0x013191bd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013191c3
                                                                                                                                                                                                                                0x013191c3
                                                                                                                                                                                                                                0x013191c7
                                                                                                                                                                                                                                0x013191cd
                                                                                                                                                                                                                                0x013191c9
                                                                                                                                                                                                                                0x013191c9
                                                                                                                                                                                                                                0x013191c9
                                                                                                                                                                                                                                0x013191cf
                                                                                                                                                                                                                                0x013191d3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013191d9
                                                                                                                                                                                                                                0x013191e5
                                                                                                                                                                                                                                0x013191f0
                                                                                                                                                                                                                                0x013191f1
                                                                                                                                                                                                                                0x013191f2
                                                                                                                                                                                                                                0x013191f9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013191f9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013191d3
                                                                                                                                                                                                                                0x013191bd
                                                                                                                                                                                                                                0x013191b3
                                                                                                                                                                                                                                0x013190e6
                                                                                                                                                                                                                                0x013190ec
                                                                                                                                                                                                                                0x013190f1
                                                                                                                                                                                                                                0x013190f7
                                                                                                                                                                                                                                0x013190fe
                                                                                                                                                                                                                                0x01319105
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01319105
                                                                                                                                                                                                                                0x01319097
                                                                                                                                                                                                                                0x0131909d
                                                                                                                                                                                                                                0x013190a2
                                                                                                                                                                                                                                0x013190a8
                                                                                                                                                                                                                                0x013190af
                                                                                                                                                                                                                                0x013190b6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013190b6
                                                                                                                                                                                                                                0x01319035
                                                                                                                                                                                                                                0x0131903b
                                                                                                                                                                                                                                0x01319042
                                                                                                                                                                                                                                0x01319048
                                                                                                                                                                                                                                0x0131904e
                                                                                                                                                                                                                                0x0131905e
                                                                                                                                                                                                                                0x01319062
                                                                                                                                                                                                                                0x01319067
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01319067
                                                                                                                                                                                                                                0x01318f65
                                                                                                                                                                                                                                0x01318f65
                                                                                                                                                                                                                                0x01318f70
                                                                                                                                                                                                                                0x01318f71
                                                                                                                                                                                                                                0x01318f72
                                                                                                                                                                                                                                0x01318f77
                                                                                                                                                                                                                                0x01318f81
                                                                                                                                                                                                                                0x01318f89
                                                                                                                                                                                                                                0x01318f8d
                                                                                                                                                                                                                                0x01318f9c
                                                                                                                                                                                                                                0x01318fa0
                                                                                                                                                                                                                                0x01318fab
                                                                                                                                                                                                                                0x01318fae
                                                                                                                                                                                                                                0x01318fb4
                                                                                                                                                                                                                                0x01318fba
                                                                                                                                                                                                                                0x0131934d
                                                                                                                                                                                                                                0x0131934d
                                                                                                                                                                                                                                0x0131934d
                                                                                                                                                                                                                                0x01319350
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318fc0
                                                                                                                                                                                                                                0x01318fc0
                                                                                                                                                                                                                                0x01318fc4
                                                                                                                                                                                                                                0x013194ab
                                                                                                                                                                                                                                0x013194b0
                                                                                                                                                                                                                                0x013194b5
                                                                                                                                                                                                                                0x013194b6
                                                                                                                                                                                                                                0x013194b7
                                                                                                                                                                                                                                0x013194bc
                                                                                                                                                                                                                                0x013194c2
                                                                                                                                                                                                                                0x013194cf
                                                                                                                                                                                                                                0x01318fca
                                                                                                                                                                                                                                0x01318fca
                                                                                                                                                                                                                                0x01318fce
                                                                                                                                                                                                                                0x01318fd4
                                                                                                                                                                                                                                0x01318fd0
                                                                                                                                                                                                                                0x01318fd0
                                                                                                                                                                                                                                0x01318fd0
                                                                                                                                                                                                                                0x01318fd6
                                                                                                                                                                                                                                0x01318fda
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318fe0
                                                                                                                                                                                                                                0x01318fec
                                                                                                                                                                                                                                0x01318ff7
                                                                                                                                                                                                                                0x01318ff8
                                                                                                                                                                                                                                0x01318ff9
                                                                                                                                                                                                                                0x01319000
                                                                                                                                                                                                                                0x01319004
                                                                                                                                                                                                                                0x01319004
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01319004
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318fda
                                                                                                                                                                                                                                0x01318fc4
                                                                                                                                                                                                                                0x01318fba
                                                                                                                                                                                                                                0x01318f01
                                                                                                                                                                                                                                0x01318f07
                                                                                                                                                                                                                                0x01318f0c
                                                                                                                                                                                                                                0x01318f12
                                                                                                                                                                                                                                0x01318f19
                                                                                                                                                                                                                                0x01318f20
                                                                                                                                                                                                                                0x01318f27
                                                                                                                                                                                                                                0x01318f2e
                                                                                                                                                                                                                                0x01319109
                                                                                                                                                                                                                                0x01319109
                                                                                                                                                                                                                                0x0131910e
                                                                                                                                                                                                                                0x01319113
                                                                                                                                                                                                                                0x01319118
                                                                                                                                                                                                                                0x0131911a
                                                                                                                                                                                                                                0x0131911a
                                                                                                                                                                                                                                0x01319122
                                                                                                                                                                                                                                0x01319126
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01319126
                                                                                                                                                                                                                                0x01318e83
                                                                                                                                                                                                                                0x01318e8e
                                                                                                                                                                                                                                0x01318e95
                                                                                                                                                                                                                                0x01318ea5
                                                                                                                                                                                                                                0x01318ea9
                                                                                                                                                                                                                                0x01318eb4
                                                                                                                                                                                                                                0x01318eba
                                                                                                                                                                                                                                0x01318ebe
                                                                                                                                                                                                                                0x01318ecc
                                                                                                                                                                                                                                0x01318ed1
                                                                                                                                                                                                                                0x013193d0
                                                                                                                                                                                                                                0x013193d0
                                                                                                                                                                                                                                0x013193d8
                                                                                                                                                                                                                                0x013193dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013193dc
                                                                                                                                                                                                                                0x01318d16
                                                                                                                                                                                                                                0x01318d16
                                                                                                                                                                                                                                0x01318d21
                                                                                                                                                                                                                                0x01318d22
                                                                                                                                                                                                                                0x01318d23
                                                                                                                                                                                                                                0x01318d28
                                                                                                                                                                                                                                0x01318d3a
                                                                                                                                                                                                                                0x01318d3e
                                                                                                                                                                                                                                0x01318d4d
                                                                                                                                                                                                                                0x01318d51
                                                                                                                                                                                                                                0x01318d5c
                                                                                                                                                                                                                                0x01318d5f
                                                                                                                                                                                                                                0x01318d66
                                                                                                                                                                                                                                0x01318d6c
                                                                                                                                                                                                                                0x01318d72
                                                                                                                                                                                                                                0x01318e20
                                                                                                                                                                                                                                0x01318d78
                                                                                                                                                                                                                                0x01318d7f
                                                                                                                                                                                                                                0x01318d8a
                                                                                                                                                                                                                                0x01318d8b
                                                                                                                                                                                                                                0x01318d92
                                                                                                                                                                                                                                0x01318d96
                                                                                                                                                                                                                                0x01318d9f
                                                                                                                                                                                                                                0x01318da5
                                                                                                                                                                                                                                0x01318da9
                                                                                                                                                                                                                                0x01318db7
                                                                                                                                                                                                                                0x01318dbb
                                                                                                                                                                                                                                0x01318dc6
                                                                                                                                                                                                                                0x01318dcd
                                                                                                                                                                                                                                0x01318dd2
                                                                                                                                                                                                                                0x01318ddd
                                                                                                                                                                                                                                0x01318dde
                                                                                                                                                                                                                                0x01318de2
                                                                                                                                                                                                                                0x01318e00
                                                                                                                                                                                                                                0x01318e03
                                                                                                                                                                                                                                0x01318e07
                                                                                                                                                                                                                                0x01318e15
                                                                                                                                                                                                                                0x01318e19
                                                                                                                                                                                                                                0x01318e19
                                                                                                                                                                                                                                0x01318e22
                                                                                                                                                                                                                                0x01318e24
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318e2a
                                                                                                                                                                                                                                0x01318e2a
                                                                                                                                                                                                                                0x01318e31
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318e37
                                                                                                                                                                                                                                0x01318e42
                                                                                                                                                                                                                                0x01318e47
                                                                                                                                                                                                                                0x01318e49
                                                                                                                                                                                                                                0x01318e4b
                                                                                                                                                                                                                                0x01318e4f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318e4f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318e31
                                                                                                                                                                                                                                0x01318e24
                                                                                                                                                                                                                                0x01318b66
                                                                                                                                                                                                                                0x01318b66
                                                                                                                                                                                                                                0x01318b71
                                                                                                                                                                                                                                0x01318b72
                                                                                                                                                                                                                                0x01318b78
                                                                                                                                                                                                                                0x01318b8a
                                                                                                                                                                                                                                0x01318b8e
                                                                                                                                                                                                                                0x01318b9d
                                                                                                                                                                                                                                0x01318ba1
                                                                                                                                                                                                                                0x01318bac
                                                                                                                                                                                                                                0x01318baf
                                                                                                                                                                                                                                0x01318bb5
                                                                                                                                                                                                                                0x01318bbb
                                                                                                                                                                                                                                0x01319452
                                                                                                                                                                                                                                0x01319452
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318bc1
                                                                                                                                                                                                                                0x01318bc8
                                                                                                                                                                                                                                0x01318bd3
                                                                                                                                                                                                                                0x01318bd4
                                                                                                                                                                                                                                0x01318bdb
                                                                                                                                                                                                                                0x01318bdf
                                                                                                                                                                                                                                0x01318be8
                                                                                                                                                                                                                                0x01318bee
                                                                                                                                                                                                                                0x01318bf2
                                                                                                                                                                                                                                0x01318c00
                                                                                                                                                                                                                                0x01318c04
                                                                                                                                                                                                                                0x01318c0f
                                                                                                                                                                                                                                0x01318c16
                                                                                                                                                                                                                                0x01318c1b
                                                                                                                                                                                                                                0x01318c26
                                                                                                                                                                                                                                0x01318c27
                                                                                                                                                                                                                                0x01318c2b
                                                                                                                                                                                                                                0x01318c49
                                                                                                                                                                                                                                0x01318c4d
                                                                                                                                                                                                                                0x01318c5b
                                                                                                                                                                                                                                0x01318c5f
                                                                                                                                                                                                                                0x01318c67
                                                                                                                                                                                                                                0x01319356
                                                                                                                                                                                                                                0x01319356
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318c6d
                                                                                                                                                                                                                                0x01318c6d
                                                                                                                                                                                                                                0x01318c74
                                                                                                                                                                                                                                0x01318c81
                                                                                                                                                                                                                                0x01318c86
                                                                                                                                                                                                                                0x01318c88
                                                                                                                                                                                                                                0x01318c89
                                                                                                                                                                                                                                0x01318c8d
                                                                                                                                                                                                                                0x01318c92
                                                                                                                                                                                                                                0x01318c98
                                                                                                                                                                                                                                0x01318ca3
                                                                                                                                                                                                                                0x01318cac
                                                                                                                                                                                                                                0x01318cb2
                                                                                                                                                                                                                                0x01318cb7
                                                                                                                                                                                                                                0x01318cbc
                                                                                                                                                                                                                                0x01318cc2
                                                                                                                                                                                                                                0x01318cc5
                                                                                                                                                                                                                                0x01318cd0
                                                                                                                                                                                                                                0x01318cdb
                                                                                                                                                                                                                                0x01318cdb
                                                                                                                                                                                                                                0x01318ce0
                                                                                                                                                                                                                                0x01318ce2
                                                                                                                                                                                                                                0x01319454
                                                                                                                                                                                                                                0x0131945a
                                                                                                                                                                                                                                0x0131945f
                                                                                                                                                                                                                                0x01319464
                                                                                                                                                                                                                                0x0131946c
                                                                                                                                                                                                                                0x01319479
                                                                                                                                                                                                                                0x01319484
                                                                                                                                                                                                                                0x01319488
                                                                                                                                                                                                                                0x01319495
                                                                                                                                                                                                                                0x013194a2
                                                                                                                                                                                                                                0x0131944c
                                                                                                                                                                                                                                0x01319451
                                                                                                                                                                                                                                0x01319451
                                                                                                                                                                                                                                0x01318c67
                                                                                                                                                                                                                                0x01318bbb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013193e1
                                                                                                                                                                                                                                0x013193e1
                                                                                                                                                                                                                                0x013193e4
                                                                                                                                                                                                                                0x013193ea
                                                                                                                                                                                                                                0x013193ea
                                                                                                                                                                                                                                0x013193f6
                                                                                                                                                                                                                                0x013193f6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013193f6
                                                                                                                                                                                                                                0x01318b32
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 013189E8
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                • LoadStringW.USER32(00000072,?,00000190,?), ref: 01318A21
                                                                                                                                                                                                                                  • Part of subcall function 01319F97: __EH_prolog3.LIBCMT ref: 01319F9E
                                                                                                                                                                                                                                  • Part of subcall function 0131E279: __EH_prolog3_catch.LIBCMT ref: 0131E280
                                                                                                                                                                                                                                  • Part of subcall function 013196AE: __EH_prolog3_catch.LIBCMT ref: 013196B5
                                                                                                                                                                                                                                  • Part of subcall function 013194B6: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 013194C8
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01318CA3
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 013194B0
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: std::_Xinvalid_argument.LIBCPMT ref: 0131B6BF
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: std::_Xinvalid_argument.LIBCPMT ref: 0131B6E1
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: _memmove.LIBCMT ref: 0131B725
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_Xinvalid_argument_setlocalestd::_$H_prolog3_catch_memmove_memset_wcslen$CurrentH_prolog3Ios_base_dtorLoadLocalProcessStringTime__cftoestd::ios_base::_swprintf
                                                                                                                                                                                                                                • String ID: $" should be followed by a numeric value$-au$-di$-nw$-pid$-rb$-se$-to$Command line argument "$HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce$MP3R7$PIP$invalid string position
                                                                                                                                                                                                                                • API String ID: 349657962-2227548180
                                                                                                                                                                                                                                • Opcode ID: d0420090c591e87ee72055727ae52c461b8d5f633a2d7ed1645f342e6b57e7ff
                                                                                                                                                                                                                                • Instruction ID: 290fdc0ba1cd704c9fd11e6c970d770c87efd0e4f63ed06930db08973a7a3b55
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0420090c591e87ee72055727ae52c461b8d5f633a2d7ed1645f342e6b57e7ff
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2552D531905299EEEB29DB6CCC54BDE77B8AF1931CF1401D9D409A7284DBB0AE84CF61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01344B43, Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 256windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1725 1344b43-1344b5d 1726 1344ba0 1725->1726 1727 1344b5f-1344b67 1725->1727 1730 1344ba2-1344ba8 1726->1730 1728 1344b77-1344b7a 1727->1728 1729 1344b69-1344b6b call 134651a 1727->1729 1732 1344b7c-1344b87 IsWindow 1728->1732 1733 1344bab-1344bb4 1728->1733 1736 1344b70 1729->1736 1737 1344b9e 1732->1737 1738 1344b89-1344b94 DestroyWindow 1732->1738 1734 1344c14-1344c17 1733->1734 1735 1344bb6-1344be3 IsWindow 1733->1735 1741 1344c20-1344c23 1734->1741 1742 1344c19-1344c1b 1734->1742 1739 1344be5-1344bef 1735->1739 1740 1344c06-1344c12 1735->1740 1743 1344b73-1344b75 1736->1743 1737->1726 1744 1344b96 1738->1744 1745 1344b9a 1738->1745 1739->1740 1746 1344bf1-1344c00 SendMessageW 1739->1746 1740->1734 1747 1344c25-1344c2d 1741->1747 1748 1344c5b-1344c60 1741->1748 1742->1743 1743->1730 1744->1745 1745->1737 1746->1740 1750 1344c37-1344c3c call 1345e8e 1747->1750 1751 1344c2f-1344c35 1747->1751 1748->1747 1749 1344c62-1344c65 1748->1749 1752 1344c67-1344c6f 1749->1752 1753 1344c88-1344c8b 1749->1753 1759 1344c41-1344c48 1750->1759 1754 1344c4a 1751->1754 1756 1344c80 1752->1756 1757 1344c71-1344c7e InvalidateRect 1752->1757 1753->1752 1758 1344c8d-1344c92 1753->1758 1760 1344c4c 1754->1760 1761 1344c84-1344c86 1756->1761 1757->1761 1762 1344c94-1344cb2 call 1345f0e 1758->1762 1763 1344cc0-1344cc5 1758->1763 1759->1754 1764 1344c50 1760->1764 1761->1760 1762->1726 1778 1344cb8-1344cbb 1762->1778 1767 1344cc7-1344cce 1763->1767 1768 1344cfc-1344d01 1763->1768 1764->1726 1765 1344c56 1764->1765 1765->1743 1772 1344cf5-1344cf7 1767->1772 1773 1344cd0-1344cd5 1767->1773 1769 1344d03-1344d1b PtInRect 1768->1769 1770 1344d38-1344d3d 1768->1770 1769->1736 1775 1344d21-1344d33 SetFocus SetCapture 1769->1775 1776 1344d85-1344d8a 1770->1776 1777 1344d3f-1344d48 GetCapture 1770->1777 1772->1743 1773->1772 1774 1344cd7-1344ced InvalidateRect UpdateWindow 1773->1774 1779 1344cf3 1774->1779 1775->1736 1781 1344d8c-1344d90 1776->1781 1782 1344daf-1344db4 1776->1782 1777->1736 1780 1344d4e-1344d6c ReleaseCapture PtInRect 1777->1780 1778->1730 1779->1772 1780->1736 1785 1344d72-1344d74 call 1346467 1780->1785 1786 1344d92-1344d96 1781->1786 1787 1344d9c-1344daa call 1346467 1781->1787 1783 1344db6-1344dbc 1782->1783 1784 1344dc1-1344dc4 1782->1784 1783->1743 1789 1344dc6-1344ddd call 1345fd2 1784->1789 1790 1344de2-1344de5 1784->1790 1796 1344d79-1344d80 1785->1796 1786->1772 1786->1787 1787->1779 1789->1764 1794 1344de7-1344df5 InvalidateRect UpdateWindow 1790->1794 1795 1344e00-1344e03 1790->1795 1794->1795 1798 1344e05-1344e0a 1795->1798 1799 1344e0f-1344e12 1795->1799 1796->1736 1798->1743 1800 1344e14-1344e1d 1799->1800 1801 1344e2a-1344e2f 1799->1801 1800->1772 1803 1344e23-1344e24 1800->1803 1801->1772 1802 1344e35-1344e38 1801->1802 1802->1726 1804 1344e3e-1344e4b call 1346030 InvalidateRect 1802->1804 1803->1801
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 01344B7F
                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 01344B8C
                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 01344BDB
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000407,00000000,?), ref: 01344C00
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 01344C76
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: __EH_prolog3_GS.LIBCMT ref: 01346524
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: GetClassNameW.USER32 ref: 01346548
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: lstrcmpiW.KERNEL32(?,static), ref: 0134655B
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: GetWindowLongW.USER32 ref: 01346570
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: SetWindowLongW.USER32 ref: 01346584
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: GetWindowLongW.USER32 ref: 0134658F
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: LoadCursorW.USER32(00000000,00007F89), ref: 013465D4
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: GetParent.USER32(?), ref: 013465EA
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 013465F5
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: GetStockObject.GDI32(0000000D), ref: 01346604
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: _memset.LIBCMT ref: 01346629
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: GetObjectW.GDI32(?,0000005C,?), ref: 0134663B
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,?,00000001), ref: 01344CE4
                                                                                                                                                                                                                                • UpdateWindow.USER32(?), ref: 01344CED
                                                                                                                                                                                                                                • PtInRect.USER32(00000000,00000000,?), ref: 01344D13
                                                                                                                                                                                                                                • SetFocus.USER32(?), ref: 01344D24
                                                                                                                                                                                                                                • SetCapture.USER32(?), ref: 01344D2D
                                                                                                                                                                                                                                • GetCapture.USER32 ref: 01344D3F
                                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 01344D4E
                                                                                                                                                                                                                                • PtInRect.USER32(?,?,?), ref: 01344D64
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 01344DEC
                                                                                                                                                                                                                                • UpdateWindow.USER32(?), ref: 01344DF5
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 01344E4B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Rect$Invalidate$CaptureLong$MessageObjectSendUpdate$ClassCursorDestroyFocusH_prolog3_LoadNameParentReleaseStock_memsetlstrcmpi
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3327015229-3916222277
                                                                                                                                                                                                                                • Opcode ID: dc7ca8ad56e92e312e131938008fea89b0277ccebac78fc984c8cc6a28cc2a04
                                                                                                                                                                                                                                • Instruction ID: 79b0234cc3a1cf4f1ad232a8d2121f5e8a367ac3de7c6907ebb9a1c00faae47d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc7ca8ad56e92e312e131938008fea89b0277ccebac78fc984c8cc6a28cc2a04
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9391BE70504205EFDF258F28D98472A7BE8FF88319F14483EE996DA256D735EC80CB55
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131D656, Relevance: 18.1, APIs: 12, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1913 131d656-131d67a call 131800e FindResourceW 1916 131d680-131d699 FindResourceW 1913->1916 1917 131d713-131d719 1913->1917 1918 131d6a2-131d6ae LoadResource 1916->1918 1919 131d69b-131d6a0 LoadResource LockResource 1916->1919 1920 131d6b0-131d6b7 LockResource 1918->1920 1921 131d6fb-131d701 GetLastError 1918->1921 1919->1918 1920->1921 1923 131d6b9-131d6d7 call 1314c30 DialogBoxIndirectParamW 1920->1923 1922 131d704-131d708 1921->1922 1922->1917 1924 131d70a-131d70d SetLastError 1922->1924 1927 131d6d9-131d6dc 1923->1927 1928 131d6de-131d6e4 GetLastError 1923->1928 1924->1917 1927->1928 1929 131d6e7-131d6e9 1927->1929 1928->1929 1929->1922 1930 131d6eb-131d6f9 GlobalHandle GlobalFree 1929->1930 1930->1922
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: EnterCriticalSection.KERNEL32(013C1788,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 0131801F
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: RegisterWindowMessageW.USER32(WM_ATLGETHOST,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 01318030
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: RegisterWindowMessageW.USER32(WM_ATLGETCONTROL,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 0131803C
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: GetClassInfoExW.USER32 ref: 0131805B
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: LoadCursorW.USER32 ref: 01318096
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: RegisterClassExW.USER32 ref: 013180B9
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: _memset.LIBCMT ref: 013180E7
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: GetClassInfoExW.USER32 ref: 01318104
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: LoadCursorW.USER32 ref: 01318145
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: RegisterClassExW.USER32 ref: 01318168
                                                                                                                                                                                                                                • FindResourceW.KERNEL32(?,000000FF,00000005), ref: 0131D673
                                                                                                                                                                                                                                • FindResourceW.KERNEL32(?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D689
                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D69D
                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,00000000,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D6A0
                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,?,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D6AA
                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,?,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D6B1
                                                                                                                                                                                                                                • DialogBoxIndirectParamW.USER32 ref: 0131D6CC
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,Function_0000D061,00000000,?,?,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D6DE
                                                                                                                                                                                                                                • GlobalHandle.KERNEL32(00000000), ref: 0131D6EC
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 0131D6F3
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D6FB
                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D70D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Resource$ClassLoadRegister$ErrorLast$CursorFindGlobalInfoLockMessageWindow$CriticalDialogEnterFreeHandleIndirectParamSection_memset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3062633338-0
                                                                                                                                                                                                                                • Opcode ID: fa6dfc11b78fb1c3d55e30618c929589f15bc0504bb91b4d138fcf22f9917e1d
                                                                                                                                                                                                                                • Instruction ID: 3c4df2c11bf031bc2b3722f873205fc17cf306750de976b9b72c86200631d07c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa6dfc11b78fb1c3d55e30618c929589f15bc0504bb91b4d138fcf22f9917e1d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C218C71900219BBDF256FB99C8CAAE7F7CAB46724F005551E945B3189DB35CA408BA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134695A, Relevance: 52.7, APIs: 29, Strings: 1, Instructions: 228windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 391 134695a-1346977 392 1346b16-1346b72 call 13206d4 GetObjectW * 2 SetBkMode IsWindowEnabled 391->392 393 134697d-1346a11 call 134686a GetClientRect SetBkMode SelectObject 391->393 400 1346b74-1346b77 392->400 401 1346b79-1346b7b GetSysColor 392->401 398 1346a13-1346a28 DrawTextW 393->398 399 1346a2e-1346a39 IsWindowEnabled 393->399 398->399 402 1346a40-1346a42 GetSysColor 399->402 403 1346a3b-1346a3e 399->403 404 1346b81-1346b98 SetTextColor 400->404 401->404 405 1346a48-1346a5f SetTextColor 402->405 403->405 406 1346bad 404->406 407 1346b9a-1346ba2 404->407 408 1346a74 405->408 409 1346a61-1346a69 405->409 412 1346bb0-1346bc4 SelectObject 406->412 410 1346ba4-1346ba8 407->410 411 1346baa-1346bab 407->411 415 1346a77-1346ab7 SelectObject DrawTextW SetTextColor SelectObject 408->415 413 1346a71-1346a72 409->413 414 1346a6b-1346a6f 409->414 410->406 410->411 411->412 416 1346bc6 412->416 417 1346bc9-1346bde GetWindowLongW 412->417 413->415 414->408 414->413 418 1346aec-1346af5 GetFocus 415->418 419 1346ab9-1346ae6 DrawTextW 415->419 416->417 420 1346be0-1346be1 417->420 421 1346be3-1346be5 417->421 422 1346b06-1346b11 SelectObject 418->422 423 1346af7-1346b00 DrawFocusRect 418->423 419->418 424 1346bea-1346c0c DrawTextW GetFocus 420->424 421->424 425 1346be7-1346be9 421->425 426 1346c47-1346c54 call 13748c1 422->426 423->422 427 1346c0e-1346c12 DrawFocusRect 424->427 428 1346c18-1346c39 SetTextColor SelectObject 424->428 425->424 427->428 428->426 429 1346c3b-1346c41 DeleteObject 428->429 429->426
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E0134695A(void* __ebx, void* __edx, struct HDC__* _a4) {
				signed int _v12;
				void* _v24;
				struct tagRECT _v28;
				struct tagRECT _v44;
				void _v144;
				void _v240;
				long _v244;
				WCHAR* _v248;
				void* _v252;
				long _v256;
				void* _v260;
				WCHAR* _v264;
				int _v268;
				void* __edi;
				void* __esi;
				signed int _t112;
				long _t124;
				intOrPtr _t126;
				WCHAR* _t128;
				signed char _t129;
				void* _t133;
				long _t149;
				intOrPtr _t151;
				struct tagRECT* _t153;
				void* _t167;
				signed int _t168;
				void* _t178;
				RECT* _t179;
				RECT* _t183;
				signed int _t185;

				_t177 = __edx;
				_t167 = __ebx;
				_t112 =  *0x13bce20; // 0xb4b6cc09
				_v12 = _t112 ^ _t185;
				if(( *(__ebx + 0x54) >> 0x00000004 & 0x00000001) == 0) {
					_t178 =  *(__ebx + 0x34);
					_v244 = _v244 & 0x00000000;
					E013206D4(__ebx, __edx, _t178, L"Segoe UI",  &_v244, 0x5a, 0, 1, 1);
					GetObjectW(_t178, 0x5c,  &_v240);
					GetObjectW(_v244, 0x5c,  &_v144);
					SetBkMode(_a4, 1);
					if(IsWindowEnabled( *(__ebx + 4)) == 0) {
						_t124 = GetSysColor(0x11);
					} else {
						_t124 =  *(__ebx + 0x4c);
					}
					_t179 = SetTextColor;
					_v260 = SetTextColor(_a4, _t124);
					_t126 =  *((intOrPtr*)(_t167 + 0x30));
					if(_t126 == 0 || ( *(_t167 + 0x54) >> 0x00000001 & 0x00000001) != 0 && ( *(_t167 + 0x58) & 0x00000004) == 0) {
						_push( *(_t167 + 0x34));
					} else {
						_push(_t126);
					}
					_v252 = SelectObject(_a4, ??);
					_t128 =  *((intOrPtr*)(_t167 + 0x24));
					if(_t128 == 0) {
						_t128 =  *((intOrPtr*)(_t167 + 0x28));
					}
					_v248 = _t128;
					_t129 = GetWindowLongW( *(_t167 + 4), 0xfffffff0);
					_t168 = 0;
					if((_t129 & 0x00000001) == 0) {
						if((_t129 & 0x00000002) != 0) {
							_t168 = 2;
						}
					} else {
						_t168 = 1;
					}
					_t183 = _t167 + 0x38;
					DrawTextW(_a4, _v248, 0xffffffff, _t183, _t168 | 0x00000010); // executed
					if(GetFocus() ==  *(_t167 + 4)) {
						DrawFocusRect(_a4, _t183);
					}
					SetTextColor(_a4, _v260);
					_t133 = SelectObject(_a4, _v252);
					if(_v244 != 0) {
						_t133 = DeleteObject(_v244);
					}
					L34:
					return E013748C1(_t133, _t167, _v12 ^ _t185, _t177, _t179, _t183);
				}
				_v244 = 0;
				_v256 = 0;
				_v252 = 0;
				_v268 = 0;
				_v264 = 0;
				_v248 = 0;
				E0134686A(__ebx,  &_v244,  &_v256,  &_v252,  &_v268,  &_v264,  &_v248);
				_v28.left = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				GetClientRect( *(__ebx + 4),  &_v28);
				SetBkMode(_a4, 1);
				_t179 = SelectObject;
				_v260 = SelectObject(_a4,  *(__ebx + 0x34));
				if(_v244 != 0) {
					DrawTextW(_a4, _v244, _v256,  &_v28, 0x10);
				}
				if(IsWindowEnabled( *(_t167 + 4)) == 0) {
					_t149 = GetSysColor(0x11);
				} else {
					_t149 =  *(_t167 + 0x4c);
				}
				_t183 = SetTextColor;
				_v256 = SetTextColor(_a4, _t149);
				_t151 =  *((intOrPtr*)(_t167 + 0x30));
				if(_t151 == 0 || ( *(_t167 + 0x54) >> 0x00000001 & 0x00000001) != 0 && ( *(_t167 + 0x58) & 0x00000004) == 0) {
					_push( *(_t167 + 0x34));
				} else {
					_push(_t151);
				}
				SelectObject(_a4, ??);
				_t153 = _t167 + 0x38;
				_v244 = _t153;
				DrawTextW(_a4, _v252, _v268, _t153, 0x10);
				SetTextColor(_a4, _v256);
				SelectObject(_a4,  *(_t167 + 0x34));
				if(_v264 != 0) {
					_v44.left =  *(_t167 + 0x40);
					_v44.top =  *((intOrPtr*)(_t167 + 0x3c));
					_v44.right = _v28.right;
					_v44.bottom = _v28.bottom;
					DrawTextW(_a4, _v264, _v248,  &_v44, 0x10);
				}
				if(GetFocus() ==  *(_t167 + 4)) {
					DrawFocusRect(_a4, _v244);
				}
				_t133 = SelectObject(_a4, _v260);
				goto L34;
			}

































                                                                                                                                                                                                                                0x0134695a
                                                                                                                                                                                                                                0x0134695a
                                                                                                                                                                                                                                0x01346963
                                                                                                                                                                                                                                0x0134696a
                                                                                                                                                                                                                                0x01346977
                                                                                                                                                                                                                                0x01346b16
                                                                                                                                                                                                                                0x01346b19
                                                                                                                                                                                                                                0x01346b34
                                                                                                                                                                                                                                0x01346b49
                                                                                                                                                                                                                                0x01346b5a
                                                                                                                                                                                                                                0x01346b61
                                                                                                                                                                                                                                0x01346b72
                                                                                                                                                                                                                                0x01346b7b
                                                                                                                                                                                                                                0x01346b74
                                                                                                                                                                                                                                0x01346b74
                                                                                                                                                                                                                                0x01346b74
                                                                                                                                                                                                                                0x01346b81
                                                                                                                                                                                                                                0x01346b8d
                                                                                                                                                                                                                                0x01346b93
                                                                                                                                                                                                                                0x01346b98
                                                                                                                                                                                                                                0x01346bad
                                                                                                                                                                                                                                0x01346baa
                                                                                                                                                                                                                                0x01346baa
                                                                                                                                                                                                                                0x01346baa
                                                                                                                                                                                                                                0x01346bb9
                                                                                                                                                                                                                                0x01346bbf
                                                                                                                                                                                                                                0x01346bc4
                                                                                                                                                                                                                                0x01346bc6
                                                                                                                                                                                                                                0x01346bc6
                                                                                                                                                                                                                                0x01346bce
                                                                                                                                                                                                                                0x01346bd4
                                                                                                                                                                                                                                0x01346bda
                                                                                                                                                                                                                                0x01346bde
                                                                                                                                                                                                                                0x01346be5
                                                                                                                                                                                                                                0x01346be9
                                                                                                                                                                                                                                0x01346be9
                                                                                                                                                                                                                                0x01346be0
                                                                                                                                                                                                                                0x01346be0
                                                                                                                                                                                                                                0x01346be0
                                                                                                                                                                                                                                0x01346bee
                                                                                                                                                                                                                                0x01346bfd
                                                                                                                                                                                                                                0x01346c0c
                                                                                                                                                                                                                                0x01346c12
                                                                                                                                                                                                                                0x01346c12
                                                                                                                                                                                                                                0x01346c21
                                                                                                                                                                                                                                0x01346c2c
                                                                                                                                                                                                                                0x01346c39
                                                                                                                                                                                                                                0x01346c41
                                                                                                                                                                                                                                0x01346c41
                                                                                                                                                                                                                                0x01346c47
                                                                                                                                                                                                                                0x01346c54
                                                                                                                                                                                                                                0x01346c54
                                                                                                                                                                                                                                0x013469ab
                                                                                                                                                                                                                                0x013469b1
                                                                                                                                                                                                                                0x013469b7
                                                                                                                                                                                                                                0x013469bd
                                                                                                                                                                                                                                0x013469c3
                                                                                                                                                                                                                                0x013469c9
                                                                                                                                                                                                                                0x013469cf
                                                                                                                                                                                                                                0x013469d6
                                                                                                                                                                                                                                0x013469dc
                                                                                                                                                                                                                                0x013469dd
                                                                                                                                                                                                                                0x013469de
                                                                                                                                                                                                                                0x013469e6
                                                                                                                                                                                                                                0x013469f1
                                                                                                                                                                                                                                0x013469fa
                                                                                                                                                                                                                                0x01346a05
                                                                                                                                                                                                                                0x01346a11
                                                                                                                                                                                                                                0x01346a28
                                                                                                                                                                                                                                0x01346a28
                                                                                                                                                                                                                                0x01346a39
                                                                                                                                                                                                                                0x01346a42
                                                                                                                                                                                                                                0x01346a3b
                                                                                                                                                                                                                                0x01346a3b
                                                                                                                                                                                                                                0x01346a3b
                                                                                                                                                                                                                                0x01346a48
                                                                                                                                                                                                                                0x01346a54
                                                                                                                                                                                                                                0x01346a5a
                                                                                                                                                                                                                                0x01346a5f
                                                                                                                                                                                                                                0x01346a74
                                                                                                                                                                                                                                0x01346a71
                                                                                                                                                                                                                                0x01346a71
                                                                                                                                                                                                                                0x01346a71
                                                                                                                                                                                                                                0x01346a7a
                                                                                                                                                                                                                                0x01346a7e
                                                                                                                                                                                                                                0x01346a88
                                                                                                                                                                                                                                0x01346a97
                                                                                                                                                                                                                                0x01346aa6
                                                                                                                                                                                                                                0x01346aae
                                                                                                                                                                                                                                0x01346ab7
                                                                                                                                                                                                                                0x01346abc
                                                                                                                                                                                                                                0x01346ac2
                                                                                                                                                                                                                                0x01346ac8
                                                                                                                                                                                                                                0x01346ad0
                                                                                                                                                                                                                                0x01346ae6
                                                                                                                                                                                                                                0x01346ae6
                                                                                                                                                                                                                                0x01346af5
                                                                                                                                                                                                                                0x01346b00
                                                                                                                                                                                                                                0x01346b00
                                                                                                                                                                                                                                0x01346b0f
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 013469E6
                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 013469F1
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01346A03
                                                                                                                                                                                                                                • DrawTextW.USER32 ref: 01346A28
                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 01346A31
                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 01346A42
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 01346A52
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01346A7A
                                                                                                                                                                                                                                • DrawTextW.USER32 ref: 01346A97
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 01346AA6
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01346AAE
                                                                                                                                                                                                                                • DrawTextW.USER32 ref: 01346AE6
                                                                                                                                                                                                                                • GetFocus.USER32 ref: 01346AEC
                                                                                                                                                                                                                                • DrawFocusRect.USER32 ref: 01346B00
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01346B0F
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?,00000000,0000005A,00000000,00000001,00000001,?,?), ref: 01346B49
                                                                                                                                                                                                                                • GetObjectW.GDI32(00000000,0000005C,?,?,?), ref: 01346B5A
                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 01346B61
                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 01346B6A
                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 01346B7B
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 01346B8B
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01346BB3
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 01346BD4
                                                                                                                                                                                                                                • DrawTextW.USER32 ref: 01346BFD
                                                                                                                                                                                                                                • GetFocus.USER32 ref: 01346C03
                                                                                                                                                                                                                                • DrawFocusRect.USER32 ref: 01346C12
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 01346C21
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01346C2C
                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 01346C41
                                                                                                                                                                                                                                  • Part of subcall function 0134686A: lstrlenW.KERNEL32(?,?,00000000,?,?,?,?,013469D4,?,?,?,?,?,?,?,?), ref: 013468A2
                                                                                                                                                                                                                                  • Part of subcall function 0134686A: CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003,?,00000000,?,?,?,?,013469D4,?,?,?), ref: 013468D3
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Object$Text$ColorDrawSelect$Focus$RectWindow$EnabledMode$ClientCompareDeleteLongStringlstrlen
                                                                                                                                                                                                                                • String ID: Segoe UI
                                                                                                                                                                                                                                • API String ID: 288288584-2515502724
                                                                                                                                                                                                                                • Opcode ID: e77705441b4f0af40652010254ff68079e64c45f061572c106f1f398cc0f350c
                                                                                                                                                                                                                                • Instruction ID: 067643abea15afe05e6b5a3ebb2ab6ad6ceb9b121437fecf6279467c68cd8f16
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e77705441b4f0af40652010254ff68079e64c45f061572c106f1f398cc0f350c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C09128B194011AEFDF229F59CC45FE97FB9FF09304F0080A5EA09AA165D772AA90DF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132B1D7, Relevance: 51.1, APIs: 20, Strings: 9, Instructions: 378windowfiletimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 432 132b1d7-132b217 433 132b31a-132b31d 432->433 434 132b21d 432->434 435 132b388-132b3af call 1345350 call 13748c1 433->435 436 132b31f-132b370 call 1319b08 call 1376d83 call 131b74b call 1376d83 call 131b74b 433->436 437 132b221-132b227 434->437 492 132b372 436->492 493 132b374-132b383 RemoveDirectoryW call 131aa87 436->493 440 132b28b-132b28d 437->440 441 132b229-132b22b 437->441 444 132b293-132b299 440->444 445 132b3b0-132b3e1 RaiseException call 137c242 440->445 441->445 446 132b231-132b237 441->446 444->445 449 132b29f-132b2ad 444->449 461 132b3e3-132b447 call 1319638 call 134ba76 call 135be26 call 131d888 call 134ba76 call 1311524 445->461 462 132b449 445->462 446->445 451 132b23d-132b286 call 135be26 call 131d888 call 134ba76 call 1311524 446->451 454 132b2b1-132b2ba GetFileAttributesW 449->454 455 132b2af 449->455 451->440 459 132b2e3-132b2e9 454->459 460 132b2bc-132b2c2 454->460 455->454 459->445 468 132b2ef-132b2fd 459->468 460->445 466 132b2c8-132b2d6 460->466 464 132b44e-132b477 call 13570b1 call 1345b51 call 131f26e 461->464 462->464 499 132b4c0-132b4c7 464->499 500 132b479-132b4bb call 135bfb1 call 131d888 call 134ba76 call 1311524 464->500 472 132b2da-132b2e1 RemoveDirectoryW 466->472 473 132b2d8 466->473 475 132b301-132b302 DeleteFileW 468->475 476 132b2ff 468->476 478 132b308-132b314 472->478 473->472 475->478 476->475 478->433 478->437 492->493 493->435 502 132b55d-132b667 GetDlgItem call 13446cb call 1376d83 call 131b7e3 GetDlgItem call 13446cb GetDlgItem call 13446cb GetDlgItem * 4 SendMessageW call 131f26e call 1330720 call 1319b30 call 131fd87 call 131aa87 499->502 503 132b4cd-132b4f0 SetTimer 499->503 500->499 546 132b712-132b719 502->546 547 132b66d-132b695 call 1319b30 call 131fd37 502->547 503->502 507 132b4f2-132b558 call 135bfb1 call 131d888 call 1347f01 call 134ba76 call 1311524 * 2 503->507 507->502 549 132b724-132b732 PostMessageW 546->549 550 132b71b-132b722 546->550 557 132b697 547->557 558 132b699-132b6cd call 1319b30 call 131aa87 * 2 call 1327839 547->558 551 132b738-132b740 call 137c2c5 549->551 550->549 550->551 557->558 567 132b707-132b70d call 131aa87 558->567 568 132b6cf-132b6e6 ShowWindow 558->568 567->546 568->567 569 132b6e8-132b702 call 1319638 call 134ba76 568->569 569->567
                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                			E0132B1D7(void* __ebx, void* __edx, void* __edi, void* __esi, int _a4) {
				signed int _v8;
				long _v12;
				char _v16;
				signed int _v24;
				signed int _v36;
				char _v48;
				char _v52;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				void* _v88;
				WCHAR* _v92;
				char _v104;
				char _v132;
				char _v160;
				char _v161;
				char _v162;
				signed int _v168;
				int _v172;
				signed int _t107;
				signed int _t109;
				void* _t112;
				void* _t118;
				WCHAR* _t120;
				signed int _t130;
				struct HWND__* _t142;
				void* _t147;
				intOrPtr* _t155;
				signed int _t159;
				int _t164;
				void* _t167;
				void* _t169;
				void* _t175;
				void* _t182;
				WCHAR* _t187;
				WCHAR* _t190;
				void* _t193;
				WCHAR* _t198;
				void* _t202;
				struct HWND__** _t205;
				struct HWND__** _t215;
				void* _t247;
				void* _t248;
				void* _t249;
				int _t254;
				void* _t256;
				WCHAR* _t260;
				char* _t261;
				signed int _t266;
				signed int _t268;
				signed int _t271;
				signed int _t272;
				signed int _t273;
				intOrPtr _t274;
				char _t276;

				_t248 = __edi;
				_t247 = __edx;
				_push(0xffffffff);
				_push(0x139533c);
				_push( *[fs:0x0]);
				_t268 = (_t266 & 0xfffffff8) - 0x4c;
				_t107 =  *0x13bce20; // 0xb4b6cc09
				_v24 = _t107 ^ _t268;
				_push(__ebx);
				_push(__esi);
				_t109 =  *0x13bce20; // 0xb4b6cc09
				_push(_t109 ^ _t268);
				 *[fs:0x0] =  &_v16;
				_t254 = 0;
				if( *((intOrPtr*)(__edi + 0x148)) <= 0) {
					L20:
					_t287 =  *((intOrPtr*)(_t248 + 0x28));
					if( *((intOrPtr*)(_t248 + 0x28)) != 0) {
						E01319B08( &_v80, _t248 + 0x1d4);
						_v12 = 1;
						E0131B74B(E01376D83("\\"),  &_v84, _t287, "\\");
						_t118 = E01376D83(L"apn_pip_local\\");
						_t260 =  &_v88;
						E0131B74B(_t118, _t260, _t287, L"apn_pip_local\\");
						_t120 = _v92;
						if(_v72 < 8) {
							_t120 = _t260;
						}
						RemoveDirectoryW(_t120);
						E0131AA87( &_v80, 1, 0);
					}
					_t112 = E01345350(_t248 + 0x144);
					 *[fs:0x0] = _v16;
					_pop(_t256);
					_pop(_t202);
					return E013748C1(_t112, _t202, _v24 ^ _t268, _t247, _t248, _t256);
				} else {
					_v88 = 0;
					do {
						_t276 =  *0x13c2a33; // 0x0
						if(_t276 == 0) {
							L6:
							if(_t254 < 0 || _t254 >=  *((intOrPtr*)(_t248 + 0x148))) {
								goto L25;
							} else {
								_t187 =  *((intOrPtr*)(_t248 + 0x144)) + _v88;
								if(_t187[0xa] >= 8) {
									_t187 =  *_t187;
								}
								if((GetFileAttributesW(_t187) & 0x00000010) == 0) {
									__eflags = _t254 -  *((intOrPtr*)(_t248 + 0x148));
									if(_t254 >=  *((intOrPtr*)(_t248 + 0x148))) {
										goto L25;
									} else {
										_t190 =  *((intOrPtr*)(_t248 + 0x144)) + _v88;
										__eflags = _t190[0xa] - 8;
										if(__eflags >= 0) {
											_t190 =  *_t190;
										}
										DeleteFileW(_t190);
										goto L19;
									}
								} else {
									if(_t254 >=  *((intOrPtr*)(_t248 + 0x148))) {
										goto L25;
									} else {
										_t198 =  *((intOrPtr*)(_t248 + 0x144)) + _v88;
										if(_t198[0xa] >= 8) {
											_t198 =  *_t198;
										}
										RemoveDirectoryW(_t198);
										goto L19;
									}
								}
							}
						} else {
							if(_t254 < 0) {
								L25:
								RaiseException(0xc000008c, 1, 0, 0);
								asm("int3");
								_push(0xa0);
								E0137C242(0x13980cf, 0, _t248, _t254);
								__eflags =  *0x13c2a33;
								_t261 = _t206;
								_v172 = _a4;
								if(__eflags == 0) {
									_t249 = 0x13c2b18;
								} else {
									_t272 = _t268 - 0x1c;
									_v168 = _t272;
									E01319638(_t272, "OnInitDialog......0");
									_t249 = 0x13c2b18;
									E0134BA76(0, 0x13c2b18, _t247, 0x13c2b18, _t261, __eflags);
									_push( &_v48);
									_t182 = E0135BE26(0, 0x13c2eec, 0x13c2b18, _t261, __eflags);
									_v8 = _v8 & 0x00000000;
									_t273 = _t272 - 0x18;
									_v168 = _t273;
									E0131D888(_t273, _t273, "Reboot command: ", _t182);
									_t268 = _t273 + 0xc;
									E0134BA76(0, 0x13c2b18, _t247, 0x13c2b18, _t261, __eflags);
									_v8 = _v8 | 0xffffffff;
									_t206 =  &_v48;
									E01311524( &_v48, 1, 0);
								}
								_t205 = _t261 + 4;
								E013570B1(_t206, _t247, _t249, _t261, __eflags,  *_t205); // executed
								E01345B51(_t247, _t261, 0x6a);
								 *_v172 =  *_v172 & 0x00000000;
								_t215 = _t205; // executed
								E0131F26E(_t215, _t247); // executed
								__eflags =  *0x13c2a33;
								if(__eflags != 0) {
									_push( *0x13c2a2c);
									_push( &_v48);
									_t175 = E0135BFB1(_t205, _t249, _t261, __eflags);
									_t271 = _t268 - 0x14;
									_v168 = _t271;
									_v8 = 1;
									E0131D888(_t271, _t271, "\tTimeout value: ", _t175);
									_t268 = _t271 + 0xc;
									E0134BA76(_t205, _t249, _t247, _t249, _t261, __eflags);
									_t58 =  &_v8;
									 *_t58 = _v8 | 0xffffffff;
									__eflags =  *_t58;
									_t215 =  &_v48;
									E01311524(_t215, 1, 0);
								}
								_t130 =  *0x13c2a2c; // 0x0
								__eflags = _t130;
								if(__eflags > 0) {
									_t164 = _t130 * 0x3e8;
									_v172 = _t164;
									SetTimer( *_t205, 2, _t164, 0x1340706);
									__eflags =  *0x13c2a33;
									if(__eflags != 0) {
										_push(_v172);
										_push( &_v160);
										_t167 = E0135BFB1(_t205, _t249, _t261, __eflags);
										_v8 = 2;
										_t169 = E0131D888(_t215,  &_v48, "\tSetting timer for: ", _t167);
										_push(_t215);
										_push(_t215);
										_v168 = _t268;
										_v8 = 3;
										E01347F01(_t268, _t268, _t169, "ms");
										_t268 = _t268 + 0xc;
										E0134BA76(_t205, _t249, _t247, _t249, _t261, __eflags);
										E01311524( &_v48, 1, 0);
										_t69 =  &_v8;
										 *_t69 = _v8 | 0xffffffff;
										__eflags =  *_t69;
										E01311524( &_v160, 1, 0);
									}
								}
								E013446CB(GetDlgItem( *_t205, 3), _t261 + 0x38c, _t247, __eflags);
								E0131B7E3(_t261 + 0x3e0, __eflags, L"Cancel", E01376D83(L"Cancel"));
								E013446CB(GetDlgItem( *_t205, 0xd2), _t261 + 0x2ac, _t247, __eflags);
								E013446CB(GetDlgItem( *_t205, 0xd1), _t261 + 0x31c, _t247, __eflags);
								 *((intOrPtr*)(_t261 + 0x408)) = GetDlgItem( *_t205, 0xcf);
								 *((intOrPtr*)(_t261 + 0x404)) = GetDlgItem( *_t205, 0xd0);
								 *((intOrPtr*)(_t261 + 0x40c)) = GetDlgItem( *_t205, 2);
								_t142 = GetDlgItem( *_t205, 0xd8);
								 *(_t261 + 0x25c) = _t142;
								SendMessageW(_t142, 0x401, 0, 0x640000);
								E0131F26E(_t261 + 0x25c, _t247);
								 *(_t261 + 0x140) =  *(_t261 + 0x140) & 0x00000000;
								E01330720(_t205, _t261, _t247, GetDlgItem, _t261, __eflags); // executed
								_v161 = 0;
								E01319B30( &_v48, L"HideEula");
								_t262 = _t261 + 0x128;
								_t251 =  &_v48;
								_v8 = 4;
								_t147 = E0131FD87( &_v48,  &_v48, _t261 + 0x128);
								__eflags = _t147 - 0xffffffff;
								_v162 = _t147 - 0xffffffff > 0;
								_v8 = _v8 | 0xffffffff;
								E0131AA87( &_v48, 1, 0);
								__eflags = _v162;
								if(_v162 != 0) {
									E01319B30( &_v76, L"HideEula");
									_v8 = 5;
									_t155 = E0131FD37( &_v132,  &_v76, _t247,  &_v76,  &_v132);
									_v8 = 6;
									__eflags =  *((intOrPtr*)(_t155 + 0x14)) - 8;
									if( *((intOrPtr*)(_t155 + 0x14)) >= 8) {
										_t155 =  *_t155;
									}
									E01319B30( &_v104, _t155);
									_t262 = 0;
									E0131AA87( &_v132, 1, 0);
									_v8 = 9;
									E0131AA87( &_v76, 1, 0);
									_t251 =  &_v104;
									_t159 = E01327839(_t247,  &_v104, __eflags, "1");
									__eflags = _t159;
									if(_t159 == 0) {
										_v161 = 1;
										ShowWindow( *_t205, 0); // executed
										__eflags =  *0x13c2a33;
										if( *0x13c2a33 != 0) {
											_v168 = _t268 - 0x1c;
											E01319638(_t268 - 0x1c, "Hiding eula disclosure based on setting");
											E0134BA76(_t205, 0x13c2b18, _t247,  &_v104, 0, __eflags);
										}
									}
									E0131AA87( &_v104, 1, _t262);
								}
								__eflags =  *0x13c2a2b;
								if( *0x13c2a2b != 0) {
									L42:
									PostMessageW( *_t205, 0x111, 0xd2, 0); // executed
								} else {
									__eflags = _v161;
									if(_v161 != 0) {
										goto L42;
									}
								}
								__eflags = 1;
								return E0137C2C5(_t205, _t251, _t262);
							} else {
								_t278 = _t254 -  *((intOrPtr*)(_t248 + 0x148));
								if(_t254 >=  *((intOrPtr*)(_t248 + 0x148))) {
									goto L25;
								} else {
									_push( &_v52);
									_t193 = E0135BE26(0,  *((intOrPtr*)(_t248 + 0x144)) + _v88, _t248, _t254, _t278);
									_t274 = _t268 - 0x18;
									_v84 = _t274;
									_v8 = 0;
									E0131D888(_t274, _t274, "Deleting file ", _t193);
									_t268 = _t274 + 0xc;
									E0134BA76(0, 0x13c2b18, _t247, _t248, _t254, _t278);
									_v36 = _v36 | 0xffffffff;
									_t206 =  &_v80;
									E01311524(_t206, 1, 0);
									goto L6;
								}
							}
						}
						goto L44;
						L19:
						_v88 = _v88 + 0x1c;
						_t254 = _t254 + 1;
					} while (_t254 <  *((intOrPtr*)(_t248 + 0x148)));
					goto L20;
				}
				L44:
			}



























































                                                                                                                                                                                                                                0x0132b1d7
                                                                                                                                                                                                                                0x0132b1d7
                                                                                                                                                                                                                                0x0132b1dd
                                                                                                                                                                                                                                0x0132b1df
                                                                                                                                                                                                                                0x0132b1ea
                                                                                                                                                                                                                                0x0132b1eb
                                                                                                                                                                                                                                0x0132b1ee
                                                                                                                                                                                                                                0x0132b1f5
                                                                                                                                                                                                                                0x0132b1f9
                                                                                                                                                                                                                                0x0132b1fa
                                                                                                                                                                                                                                0x0132b1fb
                                                                                                                                                                                                                                0x0132b202
                                                                                                                                                                                                                                0x0132b207
                                                                                                                                                                                                                                0x0132b20f
                                                                                                                                                                                                                                0x0132b217
                                                                                                                                                                                                                                0x0132b31a
                                                                                                                                                                                                                                0x0132b31a
                                                                                                                                                                                                                                0x0132b31d
                                                                                                                                                                                                                                0x0132b32a
                                                                                                                                                                                                                                0x0132b335
                                                                                                                                                                                                                                0x0132b34a
                                                                                                                                                                                                                                0x0132b355
                                                                                                                                                                                                                                0x0132b35e
                                                                                                                                                                                                                                0x0132b362
                                                                                                                                                                                                                                0x0132b36c
                                                                                                                                                                                                                                0x0132b370
                                                                                                                                                                                                                                0x0132b372
                                                                                                                                                                                                                                0x0132b372
                                                                                                                                                                                                                                0x0132b375
                                                                                                                                                                                                                                0x0132b383
                                                                                                                                                                                                                                0x0132b383
                                                                                                                                                                                                                                0x0132b38e
                                                                                                                                                                                                                                0x0132b397
                                                                                                                                                                                                                                0x0132b39f
                                                                                                                                                                                                                                0x0132b3a0
                                                                                                                                                                                                                                0x0132b3af
                                                                                                                                                                                                                                0x0132b21d
                                                                                                                                                                                                                                0x0132b21d
                                                                                                                                                                                                                                0x0132b221
                                                                                                                                                                                                                                0x0132b221
                                                                                                                                                                                                                                0x0132b227
                                                                                                                                                                                                                                0x0132b28b
                                                                                                                                                                                                                                0x0132b28d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b29f
                                                                                                                                                                                                                                0x0132b2a5
                                                                                                                                                                                                                                0x0132b2ad
                                                                                                                                                                                                                                0x0132b2af
                                                                                                                                                                                                                                0x0132b2af
                                                                                                                                                                                                                                0x0132b2ba
                                                                                                                                                                                                                                0x0132b2e3
                                                                                                                                                                                                                                0x0132b2e9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b2ef
                                                                                                                                                                                                                                0x0132b2f5
                                                                                                                                                                                                                                0x0132b2f9
                                                                                                                                                                                                                                0x0132b2fd
                                                                                                                                                                                                                                0x0132b2ff
                                                                                                                                                                                                                                0x0132b2ff
                                                                                                                                                                                                                                0x0132b302
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b302
                                                                                                                                                                                                                                0x0132b2bc
                                                                                                                                                                                                                                0x0132b2c2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b2c8
                                                                                                                                                                                                                                0x0132b2ce
                                                                                                                                                                                                                                0x0132b2d6
                                                                                                                                                                                                                                0x0132b2d8
                                                                                                                                                                                                                                0x0132b2d8
                                                                                                                                                                                                                                0x0132b2db
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b2db
                                                                                                                                                                                                                                0x0132b2c2
                                                                                                                                                                                                                                0x0132b2ba
                                                                                                                                                                                                                                0x0132b229
                                                                                                                                                                                                                                0x0132b22b
                                                                                                                                                                                                                                0x0132b3b0
                                                                                                                                                                                                                                0x0132b3b9
                                                                                                                                                                                                                                0x0132b3bf
                                                                                                                                                                                                                                0x0132b3c0
                                                                                                                                                                                                                                0x0132b3ca
                                                                                                                                                                                                                                0x0132b3cf
                                                                                                                                                                                                                                0x0132b3d9
                                                                                                                                                                                                                                0x0132b3db
                                                                                                                                                                                                                                0x0132b3e1
                                                                                                                                                                                                                                0x0132b449
                                                                                                                                                                                                                                0x0132b3e3
                                                                                                                                                                                                                                0x0132b3e3
                                                                                                                                                                                                                                0x0132b3e8
                                                                                                                                                                                                                                0x0132b3f3
                                                                                                                                                                                                                                0x0132b3f8
                                                                                                                                                                                                                                0x0132b3ff
                                                                                                                                                                                                                                0x0132b407
                                                                                                                                                                                                                                0x0132b40d
                                                                                                                                                                                                                                0x0132b412
                                                                                                                                                                                                                                0x0132b416
                                                                                                                                                                                                                                0x0132b41b
                                                                                                                                                                                                                                0x0132b428
                                                                                                                                                                                                                                0x0132b42d
                                                                                                                                                                                                                                0x0132b432
                                                                                                                                                                                                                                0x0132b437
                                                                                                                                                                                                                                0x0132b43f
                                                                                                                                                                                                                                0x0132b442
                                                                                                                                                                                                                                0x0132b442
                                                                                                                                                                                                                                0x0132b44e
                                                                                                                                                                                                                                0x0132b453
                                                                                                                                                                                                                                0x0132b45b
                                                                                                                                                                                                                                0x0132b466
                                                                                                                                                                                                                                0x0132b469
                                                                                                                                                                                                                                0x0132b46b
                                                                                                                                                                                                                                0x0132b470
                                                                                                                                                                                                                                0x0132b477
                                                                                                                                                                                                                                0x0132b479
                                                                                                                                                                                                                                0x0132b482
                                                                                                                                                                                                                                0x0132b483
                                                                                                                                                                                                                                0x0132b488
                                                                                                                                                                                                                                0x0132b48d
                                                                                                                                                                                                                                0x0132b49a
                                                                                                                                                                                                                                0x0132b4a1
                                                                                                                                                                                                                                0x0132b4a6
                                                                                                                                                                                                                                0x0132b4ab
                                                                                                                                                                                                                                0x0132b4b0
                                                                                                                                                                                                                                0x0132b4b0
                                                                                                                                                                                                                                0x0132b4b0
                                                                                                                                                                                                                                0x0132b4b8
                                                                                                                                                                                                                                0x0132b4bb
                                                                                                                                                                                                                                0x0132b4bb
                                                                                                                                                                                                                                0x0132b4c0
                                                                                                                                                                                                                                0x0132b4c5
                                                                                                                                                                                                                                0x0132b4c7
                                                                                                                                                                                                                                0x0132b4cd
                                                                                                                                                                                                                                0x0132b4dd
                                                                                                                                                                                                                                0x0132b4e3
                                                                                                                                                                                                                                0x0132b4e9
                                                                                                                                                                                                                                0x0132b4f0
                                                                                                                                                                                                                                0x0132b4f2
                                                                                                                                                                                                                                0x0132b4fe
                                                                                                                                                                                                                                0x0132b4ff
                                                                                                                                                                                                                                0x0132b50e
                                                                                                                                                                                                                                0x0132b515
                                                                                                                                                                                                                                0x0132b51a
                                                                                                                                                                                                                                0x0132b51b
                                                                                                                                                                                                                                0x0132b51e
                                                                                                                                                                                                                                0x0132b52b
                                                                                                                                                                                                                                0x0132b52f
                                                                                                                                                                                                                                0x0132b534
                                                                                                                                                                                                                                0x0132b539
                                                                                                                                                                                                                                0x0132b545
                                                                                                                                                                                                                                0x0132b54a
                                                                                                                                                                                                                                0x0132b54a
                                                                                                                                                                                                                                0x0132b54a
                                                                                                                                                                                                                                0x0132b558
                                                                                                                                                                                                                                0x0132b558
                                                                                                                                                                                                                                0x0132b4f0
                                                                                                                                                                                                                                0x0132b56f
                                                                                                                                                                                                                                0x0132b58b
                                                                                                                                                                                                                                0x0132b59f
                                                                                                                                                                                                                                0x0132b5b3
                                                                                                                                                                                                                                0x0132b5c6
                                                                                                                                                                                                                                0x0132b5d2
                                                                                                                                                                                                                                0x0132b5e1
                                                                                                                                                                                                                                0x0132b5e9
                                                                                                                                                                                                                                0x0132b5f8
                                                                                                                                                                                                                                0x0132b5fe
                                                                                                                                                                                                                                0x0132b60a
                                                                                                                                                                                                                                0x0132b60f
                                                                                                                                                                                                                                0x0132b618
                                                                                                                                                                                                                                0x0132b625
                                                                                                                                                                                                                                0x0132b62c
                                                                                                                                                                                                                                0x0132b631
                                                                                                                                                                                                                                0x0132b638
                                                                                                                                                                                                                                0x0132b63b
                                                                                                                                                                                                                                0x0132b642
                                                                                                                                                                                                                                0x0132b647
                                                                                                                                                                                                                                0x0132b64c
                                                                                                                                                                                                                                0x0132b653
                                                                                                                                                                                                                                0x0132b65b
                                                                                                                                                                                                                                0x0132b660
                                                                                                                                                                                                                                0x0132b667
                                                                                                                                                                                                                                0x0132b675
                                                                                                                                                                                                                                0x0132b681
                                                                                                                                                                                                                                0x0132b688
                                                                                                                                                                                                                                0x0132b68d
                                                                                                                                                                                                                                0x0132b691
                                                                                                                                                                                                                                0x0132b695
                                                                                                                                                                                                                                0x0132b697
                                                                                                                                                                                                                                0x0132b697
                                                                                                                                                                                                                                0x0132b69d
                                                                                                                                                                                                                                0x0132b6a2
                                                                                                                                                                                                                                0x0132b6aa
                                                                                                                                                                                                                                0x0132b6b5
                                                                                                                                                                                                                                0x0132b6b9
                                                                                                                                                                                                                                0x0132b6c3
                                                                                                                                                                                                                                0x0132b6c6
                                                                                                                                                                                                                                0x0132b6cb
                                                                                                                                                                                                                                0x0132b6cd
                                                                                                                                                                                                                                0x0132b6d2
                                                                                                                                                                                                                                0x0132b6d9
                                                                                                                                                                                                                                0x0132b6df
                                                                                                                                                                                                                                0x0132b6e6
                                                                                                                                                                                                                                0x0132b6ed
                                                                                                                                                                                                                                0x0132b6f8
                                                                                                                                                                                                                                0x0132b702
                                                                                                                                                                                                                                0x0132b702
                                                                                                                                                                                                                                0x0132b6e6
                                                                                                                                                                                                                                0x0132b70d
                                                                                                                                                                                                                                0x0132b70d
                                                                                                                                                                                                                                0x0132b712
                                                                                                                                                                                                                                0x0132b719
                                                                                                                                                                                                                                0x0132b724
                                                                                                                                                                                                                                0x0132b732
                                                                                                                                                                                                                                0x0132b71b
                                                                                                                                                                                                                                0x0132b71b
                                                                                                                                                                                                                                0x0132b722
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b722
                                                                                                                                                                                                                                0x0132b73a
                                                                                                                                                                                                                                0x0132b740
                                                                                                                                                                                                                                0x0132b231
                                                                                                                                                                                                                                0x0132b231
                                                                                                                                                                                                                                0x0132b237
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b23d
                                                                                                                                                                                                                                0x0132b24b
                                                                                                                                                                                                                                0x0132b24c
                                                                                                                                                                                                                                0x0132b251
                                                                                                                                                                                                                                0x0132b256
                                                                                                                                                                                                                                0x0132b261
                                                                                                                                                                                                                                0x0132b268
                                                                                                                                                                                                                                0x0132b26d
                                                                                                                                                                                                                                0x0132b275
                                                                                                                                                                                                                                0x0132b27a
                                                                                                                                                                                                                                0x0132b282
                                                                                                                                                                                                                                0x0132b286
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b286
                                                                                                                                                                                                                                0x0132b237
                                                                                                                                                                                                                                0x0132b22b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b308
                                                                                                                                                                                                                                0x0132b308
                                                                                                                                                                                                                                0x0132b30d
                                                                                                                                                                                                                                0x0132b30e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b221
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,B4B6CC09), ref: 0132B2B2
                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 0132B2DB
                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 0132B302
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0132B33D
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0132B355
                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?,apn_pip_local\,013A11F0), ref: 0132B375
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,B4B6CC09), ref: 0132B3B9
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0132B3CA
                                                                                                                                                                                                                                • SetTimer.USER32 ref: 0132B4E3
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0132B567
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0132B579
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0132B597
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0132B5AB
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0132B5BF
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0132B5CE
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0132B5DA
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0132B5E9
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0132B5FE
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000,013A39E8,00000001,00000000,00000001,00000000,00000000,HideEula,00000001,?,00000000,?,HideEula), ref: 0132B6D9
                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,000000D2,00000000), ref: 0132B732
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                  • Part of subcall function 0131D888: _strlen.LIBCMT ref: 0131D894
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 01311524: _memmove.LIBCMT ref: 01311544
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Item$H_prolog3__setlocale_wcslen$DirectoryFileMessageRemove_memset$AttributesCurrentDeleteExceptionLocalPostProcessRaiseSendShowTimeTimerWindow__cftoe_memmove_strlenswprintf
                                                                                                                                                                                                                                • String ID: Setting timer for: $Timeout value: $Cancel$Deleting file $HideEula$Hiding eula disclosure based on setting$OnInitDialog......0$Reboot command: $apn_pip_local\
                                                                                                                                                                                                                                • API String ID: 1504972802-815155889
                                                                                                                                                                                                                                • Opcode ID: 1c14440cbecd6f753f8e41eb216a2b63e0dee83f56608e5830b1481fa650bb59
                                                                                                                                                                                                                                • Instruction ID: 3e75837807885b170ae2f768ecd15deab68003c586b62236c0484eeadc98e8fe
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c14440cbecd6f753f8e41eb216a2b63e0dee83f56608e5830b1481fa650bb59
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5DE1F471A00315AFDB25FB6CCC85BEEBBA8FF11708F044158E559672D8CBB06948CB92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01353AD8, Relevance: 45.6, APIs: 18, Strings: 8, Instructions: 145networkCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                C-Code - Quality: 30%
                                                                                                                                                                                                                                			E01353AD8(void* __ecx, void* __edx) {
				signed int _v8;
				char _v412;
				intOrPtr _v416;
				char _v420;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t23;
				char* _t25;
				char* _t26;
				char* _t27;
				char* _t29;
				char* _t31;
				char* _t34;
				signed int _t40;
				char* _t49;
				char* _t52;
				char* _t55;
				void* _t65;
				intOrPtr* _t66;
				char** _t67;
				void* _t69;
				signed int _t70;
				void* _t71;

				_t65 = __edx;
				_t23 =  *0x13bce20; // 0xb4b6cc09
				_v8 = _t23 ^ _t70;
				_t25 =  &_v412;
				_t69 = __ecx;
				_v420 = 0x3e8;
				_v416 = 1;
				__imp__#115(0x1010, _t25); // executed
				_t74 = _t25;
				if(_t25 == 0) {
					__imp__#53("icmp"); // executed
					__eflags = _t25;
					if(_t25 != 0) {
						_t26 = _t25[8];
						__imp__#23(2, 3, _t26); // executed
						 *(__ecx + 0x2020) = _t26;
						__eflags = _t26;
						if(_t26 >= 0) {
							_t66 = __imp__#21;
							_t58 =  &_v420;
							_t27 =  *_t66(_t26, 0xffff, 0x1006,  &_v420, 4); // executed
							__eflags = _t27;
							if(_t27 < 0) {
								__imp__#111();
								_push(_t27);
								_push("failed to set recv timeout: %d\n");
								_t52 = E01377737() + 0x40;
								__eflags = _t52;
								_push(_t52);
								E01379EBB(0xffff, _t66, __ecx, _t52);
								_t71 = _t71 + 0xc;
							}
							_t29 =  *_t66( *((intOrPtr*)(_t69 + 0x2020)), 0xffff, 0x1005,  &_v420, 4); // executed
							__eflags = _t29;
							if(_t29 < 0) {
								__imp__#111();
								_push(_t29);
								_push("failed to set send timeout: %d\n");
								_t49 = E01377737() + 0x40;
								__eflags = _t49;
								_push(_t49);
								E01379EBB(0xffff, _t66, _t69, _t49);
								_t71 = _t71 + 0xc;
							}
							_t67 = _t69 + 0x2000;
							E01376F40(_t67, 0, 0x10);
							_t31 = 2;
							_t55 = "pipoffers.apnpartners.com";
							 *_t67 = _t31; // executed
							__imp__#52(_t55); // executed
							_t68 = _t31;
							__eflags = _t68;
							if(_t68 == 0) {
								__imp__#11(_t55);
								asm("sbb eax, eax");
								_t34 =  ~( &(_t31[1])) + 1;
								__eflags = _t34;
								 *(_t69 + 0x2004) = _t34;
								if(_t34 == 0) {
									 *((intOrPtr*)(_t69 + 0x2024)) = GetCurrentProcessId();
									do {
										_v416 = _v416 + 1;
										E01353D2C(_t69);
										E01353D9C(_t58, _t69);
										__eflags = _v416 - 1 - _v416;
									} while (_v416 - 1 < _v416);
									goto L17;
								} else {
									_t68 = L"Unknown host";
									_t40 = E0131B7E3(_t69 + 0x2028, __eflags, L"Unknown host", E01376D83(L"Unknown host")) | 0xffffffff;
								}
							} else {
								E013748D0(_t69,  *(_t68[0xc]), _t68[0xa]);
								__imp__#51( *(_t68[0xc]), 4, 2); // executed
								L17:
								_t40 = 0;
								__eflags = 0;
							}
						} else {
							_t68 = L"Socket failed";
							goto L2;
						}
					} else {
						_t68 = L"Cannot get icmp protocol";
						goto L2;
					}
				} else {
					_t68 = L"WSA Startup error";
					L2:
					_t40 = E0131B7E3(_t69 + 0x2028, _t74, _t68, E01376D83(_t68));
					__imp__#111();
				}
				return E013748C1(_t40, _t55, _v8 ^ _t70, _t65, _t68, _t69);
			}




























                                                                                                                                                                                                                                0x01353ad8
                                                                                                                                                                                                                                0x01353ae1
                                                                                                                                                                                                                                0x01353ae8
                                                                                                                                                                                                                                0x01353aee
                                                                                                                                                                                                                                0x01353afa
                                                                                                                                                                                                                                0x01353afc
                                                                                                                                                                                                                                0x01353b06
                                                                                                                                                                                                                                0x01353b10
                                                                                                                                                                                                                                0x01353b16
                                                                                                                                                                                                                                0x01353b18
                                                                                                                                                                                                                                0x01353b43
                                                                                                                                                                                                                                0x01353b49
                                                                                                                                                                                                                                0x01353b4b
                                                                                                                                                                                                                                0x01353b54
                                                                                                                                                                                                                                0x01353b5d
                                                                                                                                                                                                                                0x01353b63
                                                                                                                                                                                                                                0x01353b69
                                                                                                                                                                                                                                0x01353b6b
                                                                                                                                                                                                                                0x01353b74
                                                                                                                                                                                                                                0x01353b7c
                                                                                                                                                                                                                                0x01353b8f
                                                                                                                                                                                                                                0x01353b91
                                                                                                                                                                                                                                0x01353b93
                                                                                                                                                                                                                                0x01353b95
                                                                                                                                                                                                                                0x01353b9b
                                                                                                                                                                                                                                0x01353b9c
                                                                                                                                                                                                                                0x01353ba6
                                                                                                                                                                                                                                0x01353ba6
                                                                                                                                                                                                                                0x01353ba9
                                                                                                                                                                                                                                0x01353baa
                                                                                                                                                                                                                                0x01353baf
                                                                                                                                                                                                                                0x01353baf
                                                                                                                                                                                                                                0x01353bc7
                                                                                                                                                                                                                                0x01353bc9
                                                                                                                                                                                                                                0x01353bcb
                                                                                                                                                                                                                                0x01353bcd
                                                                                                                                                                                                                                0x01353bd3
                                                                                                                                                                                                                                0x01353bd4
                                                                                                                                                                                                                                0x01353bde
                                                                                                                                                                                                                                0x01353bde
                                                                                                                                                                                                                                0x01353be1
                                                                                                                                                                                                                                0x01353be2
                                                                                                                                                                                                                                0x01353be7
                                                                                                                                                                                                                                0x01353be7
                                                                                                                                                                                                                                0x01353bec
                                                                                                                                                                                                                                0x01353bf5
                                                                                                                                                                                                                                0x01353bff
                                                                                                                                                                                                                                0x01353c00
                                                                                                                                                                                                                                0x01353c06
                                                                                                                                                                                                                                0x01353c09
                                                                                                                                                                                                                                0x01353c0f
                                                                                                                                                                                                                                0x01353c11
                                                                                                                                                                                                                                0x01353c13
                                                                                                                                                                                                                                0x01353c40
                                                                                                                                                                                                                                0x01353c49
                                                                                                                                                                                                                                0x01353c4b
                                                                                                                                                                                                                                0x01353c4b
                                                                                                                                                                                                                                0x01353c4c
                                                                                                                                                                                                                                0x01353c52
                                                                                                                                                                                                                                0x01353c77
                                                                                                                                                                                                                                0x01353c7d
                                                                                                                                                                                                                                0x01353c7d
                                                                                                                                                                                                                                0x01353c83
                                                                                                                                                                                                                                0x01353c88
                                                                                                                                                                                                                                0x01353c94
                                                                                                                                                                                                                                0x01353c94
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01353c54
                                                                                                                                                                                                                                0x01353c54
                                                                                                                                                                                                                                0x01353c6d
                                                                                                                                                                                                                                0x01353c6d
                                                                                                                                                                                                                                0x01353c15
                                                                                                                                                                                                                                0x01353c26
                                                                                                                                                                                                                                0x01353c37
                                                                                                                                                                                                                                0x01353c9c
                                                                                                                                                                                                                                0x01353c9c
                                                                                                                                                                                                                                0x01353c9c
                                                                                                                                                                                                                                0x01353c9c
                                                                                                                                                                                                                                0x01353b6d
                                                                                                                                                                                                                                0x01353b6d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01353b6d
                                                                                                                                                                                                                                0x01353b4d
                                                                                                                                                                                                                                0x01353b4d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01353b4d
                                                                                                                                                                                                                                0x01353b1a
                                                                                                                                                                                                                                0x01353b1a
                                                                                                                                                                                                                                0x01353b1f
                                                                                                                                                                                                                                0x01353b2e
                                                                                                                                                                                                                                0x01353b33
                                                                                                                                                                                                                                0x01353b33
                                                                                                                                                                                                                                0x01353cac

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WSAStartup.WS2_32(00001010,?), ref: 01353B10
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01353B20
                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(Socket failed,00000000,?,?,00000000), ref: 01353B33
                                                                                                                                                                                                                                • getprotobyname.WS2_32(icmp), ref: 01353B43
                                                                                                                                                                                                                                • socket.WS2_32(00000002,00000003,?), ref: 01353B5D
                                                                                                                                                                                                                                • setsockopt.WS2_32(00000000,0000FFFF,00001006,000003E8,00000004), ref: 01353B8F
                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(?,?,00000000), ref: 01353B95
                                                                                                                                                                                                                                • _fprintf.LIBCMT ref: 01353BAA
                                                                                                                                                                                                                                • setsockopt.WS2_32(?,0000FFFF,00001005,000003E8,00000004), ref: 01353BC7
                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(?,?,00000000), ref: 01353BCD
                                                                                                                                                                                                                                • _fprintf.LIBCMT ref: 01353BE2
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 01353BF5
                                                                                                                                                                                                                                • gethostbyname.WS2_32(pipoffers.apnpartners.com), ref: 01353C09
                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 01353C26
                                                                                                                                                                                                                                • gethostbyaddr.WS2_32(?,00000004,00000002), ref: 01353C37
                                                                                                                                                                                                                                • inet_addr.WS2_32(pipoffers.apnpartners.com), ref: 01353C40
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01353C5A
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,00000000), ref: 01353C72
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$_fprintf_wcslensetsockopt$CurrentProcessStartup_memmove_memsetgethostbyaddrgethostbynamegetprotobynameinet_addrsocket
                                                                                                                                                                                                                                • String ID: Cannot get icmp protocol$Socket failed$Unknown host$WSA Startup error$failed to set recv timeout: %d$failed to set send timeout: %d$icmp$pipoffers.apnpartners.com
                                                                                                                                                                                                                                • API String ID: 3142960008-4006271222
                                                                                                                                                                                                                                • Opcode ID: e2013071ca3db94fd7cf9819c5b115fe500d05323b526b4bb093098d16398514
                                                                                                                                                                                                                                • Instruction ID: af7fd0d6fd4319f4f0053b04f1798483fc5065fc310bc5e7dcc5255c3d1038a0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2013071ca3db94fd7cf9819c5b115fe500d05323b526b4bb093098d16398514
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C41E6B2A00206AFE7316B69DC89FBA77BCFF15B48F000119EA09D7181EA719904CB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134651A, Relevance: 38.8, APIs: 17, Strings: 5, Instructions: 261windowregistrystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1203 134651a-1346550 call 137c242 GetClassNameW 1206 1346552-1346563 lstrcmpiW 1203->1206 1207 13465cc-13465e1 LoadCursorW 1203->1207 1206->1207 1210 1346565-134657c GetWindowLongW 1206->1210 1208 13465e7-1346600 GetParent SendMessageW 1207->1208 1209 1346678-134669a call 1320dec 1207->1209 1214 1346602-134660a GetStockObject 1208->1214 1215 134660d-1346612 1208->1215 1222 13466a0-13466ab GetWindowTextLengthW 1209->1222 1223 134673a-1346744 call 1346030 1209->1223 1211 134657e-1346584 SetWindowLongW 1210->1211 1212 134658a-1346599 GetWindowLongW 1210->1212 1211->1212 1217 13465c8 1212->1217 1218 134659b-134659e 1212->1218 1214->1215 1215->1209 1216 1346614-1346617 1215->1216 1216->1209 1220 1346619-1346649 call 1376f40 GetObjectW 1216->1220 1217->1207 1218->1217 1221 13465a0-13465a3 1218->1221 1232 1346657-134665b 1220->1232 1233 134664b-1346655 1220->1233 1221->1217 1225 13465a5-13465a8 1221->1225 1222->1223 1227 13466b1-13466d0 call 131d99e 1222->1227 1235 1346746-134674e 1223->1235 1236 1346760-1346788 SendMessageW call 1345ced 1223->1236 1225->1217 1229 13465aa-13465ad 1225->1229 1243 13466e1-13466e7 1227->1243 1244 13466d2-13466df call 131b5c9 1227->1244 1229->1217 1234 13465af-13465b2 1229->1234 1239 1346664-1346675 CreateFontIndirectW 1232->1239 1240 134665d 1232->1240 1233->1239 1234->1217 1241 13465b4-13465b7 1234->1241 1235->1236 1242 1346750-1346755 1235->1242 1247 134678d-1346791 1236->1247 1239->1209 1240->1239 1241->1217 1248 13465b9-13465bc 1241->1248 1242->1247 1249 1346757-134675e call 1344a79 1242->1249 1246 13466ed-13466fb 1243->1246 1244->1246 1252 134671d-134672d 1246->1252 1253 13466fd-134670f GetWindowTextW 1246->1253 1254 1346864-1346869 call 137c2c5 1247->1254 1255 1346797-13467c5 call 1312452 1247->1255 1248->1217 1256 13465be-13465c1 1248->1256 1249->1247 1252->1223 1260 134672f-1346735 call 131a795 1252->1260 1253->1252 1258 1346711-1346718 call 13475b9 1253->1258 1267 1346850-1346856 1255->1267 1268 13467cb-13467fe call 13291b1 1255->1268 1256->1217 1262 13465c3-13465c6 1256->1262 1258->1252 1260->1223 1262->1207 1262->1217 1267->1254 1269 1346858-134685e RegCloseKey 1267->1269 1272 1346815-1346830 call 13291b1 1268->1272 1273 1346800-134680a call 1347654 1268->1273 1269->1254 1276 1346835-1346837 1272->1276 1273->1272 1280 134680c-1346812 1273->1280 1278 134684e 1276->1278 1279 1346839-1346843 call 1347654 1276->1279 1278->1267 1279->1278 1283 1346845-134684b 1279->1283 1280->1272 1283->1278
                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                			E0134651A(void* __ebx, long __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HWND__ _t101;
				void* _t104;
				void* _t106;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr _t111;
				int _t113;
				void* _t115;
				WCHAR* _t117;
				int _t121;
				long _t126;
				struct HFONT__* _t134;
				signed int _t138;
				signed int _t140;
				void* _t144;
				long _t145;
				void* _t155;
				long _t158;
				struct HWND__* _t160;
				void* _t166;
				long* _t167;

				_t155 = __edx;
				_t145 = __ecx;
				_push(0x2ac);
				E0137C242(0x139205e, __ebx, __edi, __esi);
				 *(_t166 - 0x20) = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t164 = __ecx;
				 *(_t166 - 0x2a8) = __ecx;
				if(GetClassNameW( *(__ecx + 4), _t166 - 0x20, 8) != 0 && lstrcmpiW(_t166 - 0x20, L"static") == 0) {
					_t138 = GetWindowLongW( *(_t164 + 4), 0xfffffff0);
					_t145 = _t138 | 0x00000100;
					if(_t138 != _t145) {
						SetWindowLongW( *(_t164 + 4), 0xfffffff0, _t145);
					}
					_t140 = GetWindowLongW( *(_t164 + 4), 0xfffffff0) & 0x000000ff;
					if(_t140 == 3 || _t140 == 4 || _t140 == 5 || _t140 == 6 || _t140 == 7 || _t140 == 8 || _t140 == 9 || _t140 == 0xd || _t140 == 0xe || _t140 == 0xf) {
						 *(_t164 + 0x58) =  *(_t164 + 0x58) & 0x000000fe;
					}
				}
				_t158 = 0;
				 *((intOrPtr*)(_t164 + 0x2c)) = LoadCursorW(0, 0x7f89);
				if(( *(_t164 + 0x58) & 0x00000001) != 0) {
					_t126 = SendMessageW(GetParent( *(_t164 + 4)), 0x31, 0, 0);
					 *(_t164 + 0x34) = _t126;
					if(_t126 == 0) {
						 *(_t164 + 0x34) = GetStockObject(0xd);
					}
					_t144 =  *(_t164 + 0x34);
					if(_t144 != _t158 &&  *(_t164 + 0x30) == _t158) {
						 *(_t166 - 0x98) = _t158;
						E01376F40(_t166 - 0x94, _t158, 0x58);
						_t167 =  &(_t167[3]);
						GetObjectW(_t144, 0x5c, _t166 - 0x98);
						if(( *(_t164 + 0x54) & 0x00000030) != 0x30) {
							__eflags =  *(_t164 + 0x54) & 0x00000001;
							if(( *(_t164 + 0x54) & 0x00000001) == 0) {
								 *((char*)(_t166 - 0x83)) = 1;
							}
						} else {
							 *((intOrPtr*)(_t166 - 0x88)) = 0x2bc;
						}
						_t134 = CreateFontIndirectW(_t166 - 0x98);
						 *(_t164 + 0x58) =  *(_t164 + 0x58) | 0x00000008;
						 *(_t164 + 0x30) = _t134;
					}
				}
				 *_t167 = _t158;
				_t147 = _t167;
				_t143 = _t164 + 0x48;
				 *_t167 = _t158; // executed
				E01320DEC(_t143, L"tooltips_class32",  *(_t164 + 4), _t167, _t158, _t158, _t158, _t145); // executed
				if( *((intOrPtr*)(_t164 + 0x24)) == _t158) {
					_t113 = GetWindowTextLengthW( *(_t164 + 4));
					_t190 = _t113 - _t158;
					if(_t113 > _t158) {
						 *(_t166 - 0x2a0) = _t158;
						 *(_t166 - 4) = _t158;
						 *(_t166 - 0x2a4) = _t113 + 1;
						_t115 = E0131D99E(_t147, _t190, _t113 + 1, 2);
						_t191 = _t115 - 0x200;
						if(_t115 <= 0x200) {
							 *(_t166 - 0x2a0) = _t166 - 0x29c;
						} else {
							E0131B5C9(_t158, _t164, _t191, _t166 - 0x2a0, _t115);
						}
						_t117 =  *(_t166 - 0x2a0);
						 *(_t166 - 0x2ac) = _t117;
						if(_t117 != _t158) {
							_t121 = GetWindowTextW( *(_t164 + 4), _t117,  *(_t166 - 0x2a4));
							_t193 = _t121;
							if(_t121 > 0) {
								_push( *(_t166 - 0x2ac));
								_push(_t164); // executed
								E013475B9(_t143, _t158, _t164, _t193); // executed
							}
						}
						 *(_t166 - 4) =  *(_t166 - 4) | 0xffffffff;
						if( *(_t166 - 0x2a0) != _t166 - 0x29c) {
							E0131A795(_t166 - 0x2a0);
						}
					}
				}
				_t148 = _t164;
				E01346030(_t164, _t155);
				if( *(_t164 + 0x28) != _t158 || ( *(_t164 + 0x54) >> 0x00000002 & 0x00000001) != 0) {
					SendMessageW( *_t143, 0x401, 1, _t158);
					 *(_t166 - 0x2ac) = _t167;
					 *_t167 =  *(_t164 + 0x28);
					_t148 =  *(_t164 + 4);
					E01345CED(_t143,  *(_t164 + 4), _t143,  *(_t164 + 4), _t164 + 0x38, 1);
				} else {
					_t111 =  *((intOrPtr*)(_t164 + 0x24));
					_t197 = _t111 - _t158;
					if(_t111 != _t158) {
						_push(_t111);
						_push(_t164);
						E01344A79(_t143, _t158, _t164, _t197);
					}
				}
				if(( *(_t164 + 0x58) & 0x00000001) != 0) {
					_t143 = _t166 - 0x2b8;
					 *(_t166 - 0x2b8) = _t158;
					 *(_t166 - 0x2b4) = _t158;
					 *(_t166 - 0x2b0) = _t158;
					_t101 = E01312452(0x2001f, _t166 - 0x2b8, _t148, 0x80000001, L"Software\\Microsoft\\Internet Explorer\\Settings");
					if(_t101 == 0) {
						 *(_t166 - 0x38) = _t101;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_t143 = 0xc;
						asm("stosw");
						_t160 = _t166 - 0x38;
						 *(_t166 - 0x2a4) = _t143;
						_t104 = E013291B1(_t148, _t160, _t166 - 0x2a4, _t166 - 0x2b8, L"Anchor Color"); // executed
						if(_t104 == 0) {
							_t148 = _t160;
							_t108 = E01347654(_t160, _t155);
							if(_t108 != 0xffffffff) {
								_t148 =  *(_t166 - 0x2a8);
								 *((intOrPtr*)( *(_t166 - 0x2a8) + 0x4c)) = _t108;
							}
						}
						_t164 = _t166 - 0x2a4;
						_t161 = _t166 - 0x38;
						 *(_t166 - 0x2a4) = _t143;
						_t106 = E013291B1(_t148, _t166 - 0x38, _t166 - 0x2a4, _t166 - 0x2b8, L"Anchor Color Visited"); // executed
						if(_t106 == 0) {
							_t107 = E01347654(_t161, _t155);
							if(_t107 != 0xffffffff) {
								 *((intOrPtr*)( *(_t166 - 0x2a8) + 0x50)) = _t107;
							}
						}
						_t158 = 0;
					}
					if( *(_t166 - 0x2b8) != _t158) {
						RegCloseKey( *(_t166 - 0x2b8));
					}
				}
				return E0137C2C5(_t143, _t158, _t164);
			}
























                                                                                                                                                                                                                                0x0134651a
                                                                                                                                                                                                                                0x0134651a
                                                                                                                                                                                                                                0x0134651a
                                                                                                                                                                                                                                0x01346524
                                                                                                                                                                                                                                0x0134652b
                                                                                                                                                                                                                                0x01346532
                                                                                                                                                                                                                                0x01346533
                                                                                                                                                                                                                                0x01346534
                                                                                                                                                                                                                                0x01346535
                                                                                                                                                                                                                                0x0134653c
                                                                                                                                                                                                                                0x01346542
                                                                                                                                                                                                                                0x01346550
                                                                                                                                                                                                                                0x01346570
                                                                                                                                                                                                                                0x01346574
                                                                                                                                                                                                                                0x0134657c
                                                                                                                                                                                                                                0x01346584
                                                                                                                                                                                                                                0x01346584
                                                                                                                                                                                                                                0x01346591
                                                                                                                                                                                                                                0x01346599
                                                                                                                                                                                                                                0x013465c8
                                                                                                                                                                                                                                0x013465c8
                                                                                                                                                                                                                                0x01346599
                                                                                                                                                                                                                                0x013465d1
                                                                                                                                                                                                                                0x013465de
                                                                                                                                                                                                                                0x013465e1
                                                                                                                                                                                                                                0x013465f5
                                                                                                                                                                                                                                0x013465fb
                                                                                                                                                                                                                                0x01346600
                                                                                                                                                                                                                                0x0134660a
                                                                                                                                                                                                                                0x0134660a
                                                                                                                                                                                                                                0x0134660d
                                                                                                                                                                                                                                0x01346612
                                                                                                                                                                                                                                0x01346623
                                                                                                                                                                                                                                0x01346629
                                                                                                                                                                                                                                0x0134662e
                                                                                                                                                                                                                                0x0134663b
                                                                                                                                                                                                                                0x01346649
                                                                                                                                                                                                                                0x01346657
                                                                                                                                                                                                                                0x0134665b
                                                                                                                                                                                                                                0x0134665d
                                                                                                                                                                                                                                0x0134665d
                                                                                                                                                                                                                                0x0134664b
                                                                                                                                                                                                                                0x0134664b
                                                                                                                                                                                                                                0x0134664b
                                                                                                                                                                                                                                0x0134666b
                                                                                                                                                                                                                                0x01346671
                                                                                                                                                                                                                                0x01346675
                                                                                                                                                                                                                                0x01346675
                                                                                                                                                                                                                                0x01346612
                                                                                                                                                                                                                                0x01346682
                                                                                                                                                                                                                                0x01346684
                                                                                                                                                                                                                                0x0134668c
                                                                                                                                                                                                                                0x01346690
                                                                                                                                                                                                                                0x01346692
                                                                                                                                                                                                                                0x0134669a
                                                                                                                                                                                                                                0x013466a3
                                                                                                                                                                                                                                0x013466a9
                                                                                                                                                                                                                                0x013466ab
                                                                                                                                                                                                                                0x013466b1
                                                                                                                                                                                                                                0x013466ba
                                                                                                                                                                                                                                0x013466be
                                                                                                                                                                                                                                0x013466c4
                                                                                                                                                                                                                                0x013466cb
                                                                                                                                                                                                                                0x013466d0
                                                                                                                                                                                                                                0x013466e7
                                                                                                                                                                                                                                0x013466d2
                                                                                                                                                                                                                                0x013466da
                                                                                                                                                                                                                                0x013466da
                                                                                                                                                                                                                                0x013466ed
                                                                                                                                                                                                                                0x013466f3
                                                                                                                                                                                                                                0x013466fb
                                                                                                                                                                                                                                0x01346707
                                                                                                                                                                                                                                0x0134670d
                                                                                                                                                                                                                                0x0134670f
                                                                                                                                                                                                                                0x01346711
                                                                                                                                                                                                                                0x01346717
                                                                                                                                                                                                                                0x01346718
                                                                                                                                                                                                                                0x01346718
                                                                                                                                                                                                                                0x0134670f
                                                                                                                                                                                                                                0x0134671d
                                                                                                                                                                                                                                0x0134672d
                                                                                                                                                                                                                                0x01346735
                                                                                                                                                                                                                                0x01346735
                                                                                                                                                                                                                                0x0134672d
                                                                                                                                                                                                                                0x013466ab
                                                                                                                                                                                                                                0x0134673a
                                                                                                                                                                                                                                0x0134673c
                                                                                                                                                                                                                                0x01346744
                                                                                                                                                                                                                                0x0134676a
                                                                                                                                                                                                                                0x0134677c
                                                                                                                                                                                                                                0x01346782
                                                                                                                                                                                                                                0x01346784
                                                                                                                                                                                                                                0x01346788
                                                                                                                                                                                                                                0x01346750
                                                                                                                                                                                                                                0x01346750
                                                                                                                                                                                                                                0x01346753
                                                                                                                                                                                                                                0x01346755
                                                                                                                                                                                                                                0x01346757
                                                                                                                                                                                                                                0x01346758
                                                                                                                                                                                                                                0x01346759
                                                                                                                                                                                                                                0x01346759
                                                                                                                                                                                                                                0x01346755
                                                                                                                                                                                                                                0x01346791
                                                                                                                                                                                                                                0x013467a6
                                                                                                                                                                                                                                0x013467ac
                                                                                                                                                                                                                                0x013467b2
                                                                                                                                                                                                                                0x013467b8
                                                                                                                                                                                                                                0x013467be
                                                                                                                                                                                                                                0x013467c5
                                                                                                                                                                                                                                0x013467cb
                                                                                                                                                                                                                                0x013467d2
                                                                                                                                                                                                                                0x013467d3
                                                                                                                                                                                                                                0x013467d4
                                                                                                                                                                                                                                0x013467d5
                                                                                                                                                                                                                                0x013467d6
                                                                                                                                                                                                                                0x013467d9
                                                                                                                                                                                                                                0x013467da
                                                                                                                                                                                                                                0x013467ee
                                                                                                                                                                                                                                0x013467f1
                                                                                                                                                                                                                                0x013467f7
                                                                                                                                                                                                                                0x013467fe
                                                                                                                                                                                                                                0x01346800
                                                                                                                                                                                                                                0x01346802
                                                                                                                                                                                                                                0x0134680a
                                                                                                                                                                                                                                0x0134680c
                                                                                                                                                                                                                                0x01346812
                                                                                                                                                                                                                                0x01346812
                                                                                                                                                                                                                                0x0134680a
                                                                                                                                                                                                                                0x01346821
                                                                                                                                                                                                                                0x01346827
                                                                                                                                                                                                                                0x0134682a
                                                                                                                                                                                                                                0x01346830
                                                                                                                                                                                                                                0x01346837
                                                                                                                                                                                                                                0x0134683b
                                                                                                                                                                                                                                0x01346843
                                                                                                                                                                                                                                0x0134684b
                                                                                                                                                                                                                                0x0134684b
                                                                                                                                                                                                                                0x01346843
                                                                                                                                                                                                                                0x0134684e
                                                                                                                                                                                                                                0x0134684e
                                                                                                                                                                                                                                0x01346856
                                                                                                                                                                                                                                0x0134685e
                                                                                                                                                                                                                                0x0134685e
                                                                                                                                                                                                                                0x01346856
                                                                                                                                                                                                                                0x01346869

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01346524
                                                                                                                                                                                                                                • GetClassNameW.USER32 ref: 01346548
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,static), ref: 0134655B
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 01346570
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 01346584
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 0134658F
                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 013465D4
                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 013465EA
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 013465F5
                                                                                                                                                                                                                                • GetStockObject.GDI32(0000000D), ref: 01346604
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 01346629
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 0134663B
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 0134666B
                                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(?), ref: 013466A3
                                                                                                                                                                                                                                • GetWindowTextW.USER32 ref: 01346707
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000001,00000000), ref: 0134676A
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,80000001,Software\Microsoft\Internet Explorer\Settings,?,?,?,00000001), ref: 0134685E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Long$MessageObjectSendText$ClassCloseCreateCursorFontH_prolog3_IndirectLengthLoadNameParentStock_memsetlstrcmpi
                                                                                                                                                                                                                                • String ID: Anchor Color$Anchor Color Visited$Software\Microsoft\Internet Explorer\Settings$static$tooltips_class32
                                                                                                                                                                                                                                • API String ID: 2164845695-2451883503
                                                                                                                                                                                                                                • Opcode ID: 0edac44ce48c7f74bc8d0331dcc8dd260ad170e36d132b1a59105b14d43daffa
                                                                                                                                                                                                                                • Instruction ID: 15d5085cade7d1bb088ba7336253dfc82e7ca7285fcc9517d215d75f900a7817
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0edac44ce48c7f74bc8d0331dcc8dd260ad170e36d132b1a59105b14d43daffa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0AA1D7B05007159FDB31DF28CC8AAAEBBF9EF46718F500699E145E2190DB75B984CF11
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01315F0F, Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 332stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1284 1315f0f-1315f55 1285 1315f61-1315f84 call 131582f 1284->1285 1286 1315f57-1315f5c 1284->1286 1292 1315fa1-1315faa IsWindow 1285->1292 1293 1315f86-1315f88 1285->1293 1287 1316272-1316283 call 13748c1 1286->1287 1295 1315fb0-1315fb3 1292->1295 1296 131626e 1292->1296 1293->1292 1294 1315f8a-1315f9c RedrawWindow call 1317945 1293->1294 1294->1292 1298 1315fd1-1315fd8 1295->1298 1299 1315fb5-1315fcb call 131d19c 1295->1299 1296->1287 1301 1315fda-1315ff3 GetParent GetClassNameW 1298->1301 1302 131601e-131603f call 1314f85 1298->1302 1299->1298 1304 1316010 1301->1304 1305 1315ff5-131600a lstrcmpW 1301->1305 1310 1316041-131604a call 1317558 1302->1310 1311 1316053-1316069 1302->1311 1308 1316012-1316018 GetSysColor 1304->1308 1305->1304 1307 131600c-131600e 1305->1307 1307->1308 1308->1302 1315 131604f 1310->1315 1313 131623a-1316248 call 131582f 1311->1313 1314 131606f-1316077 1311->1314 1313->1296 1324 131624a-131625c RedrawWindow 1313->1324 1317 1316079-131607d 1314->1317 1318 131608d-1316092 1314->1318 1315->1311 1317->1318 1320 131607f-1316088 call 1313bb9 1317->1320 1321 1316098-131609a 1318->1321 1322 131622f-1316233 1318->1322 1320->1318 1321->1322 1326 13160a0-13160b2 GetWindowLongW 1321->1326 1322->1313 1323 1316235-1316238 1322->1323 1323->1296 1323->1313 1324->1296 1327 131625e-1316263 1324->1327 1328 13160b4-13160bd 1326->1328 1329 13160bf-13160e3 GetWindowLongW SetWindowLongW SetWindowPos 1326->1329 1327->1296 1330 1316265-1316269 call 1317945 1327->1330 1331 13160e9-13160f1 1328->1331 1329->1331 1330->1296 1333 13160f3-13160f5 1331->1333 1334 13160f9-1316103 1331->1334 1333->1334 1335 1316105-1316108 1334->1335 1336 131610e-1316115 1334->1336 1335->1336 1337 1316290-13162a9 1335->1337 1338 1316120-1316127 1336->1338 1339 1316117-131611a 1336->1339 1345 1316223-1316225 1337->1345 1346 13162af-13162e4 VariantInit call 1311c2a 1337->1346 1340 1316132-1316139 1338->1340 1341 1316129-131612c 1338->1341 1339->1337 1339->1338 1343 1316144-131614b 1340->1343 1344 131613b-131613e 1340->1344 1341->1337 1341->1340 1347 1316156-131615d 1343->1347 1348 131614d-1316150 1343->1348 1344->1337 1344->1343 1352 1316227-1316229 1345->1352 1353 131622d 1345->1353 1364 13162eb-1316303 VariantClear * 2 1346->1364 1350 1316168-131616d 1347->1350 1351 131615f-1316162 1347->1351 1348->1337 1348->1347 1350->1337 1355 1316173-131618d lstrlenW GlobalAlloc 1350->1355 1351->1337 1351->1350 1352->1353 1353->1322 1356 1316193-13161cf GlobalLock call 1311b94 GlobalUnlock CreateStreamOnHGlobal 1355->1356 1357 1316286-131628e 1355->1357 1362 1316211-1316217 1356->1362 1363 13161d1-13161ef 1356->1363 1358 131621f 1357->1358 1358->1345 1362->1358 1366 1316219-131621b 1362->1366 1368 13161f1-13161ff 1363->1368 1369 1316203-1316209 1363->1369 1364->1345 1365 1316309-131630f 1364->1365 1365->1345 1366->1358 1368->1369 1369->1362 1371 131620b-131620d 1369->1371 1371->1362
                                                                                                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                                                                                                			E01315F0F(signed int* __edx, intOrPtr _a4, void* _a8, struct HWND__* _a12, intOrPtr _a16, signed int* _a20, void* _a24, void* _a28, signed int _a32) {
				signed int _v8;
				short _v28;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				void* _v60;
				void* _v64;
				signed int _v68;
				char _v69;
				char _v72;
				signed int _v76;
				char _v77;
				void* _v80;
				signed int _v84;
				void* _v88;
				intOrPtr _v92;
				void* _v96;
				void* _v100;
				intOrPtr* _v104;
				intOrPtr _v108;
				intOrPtr* _v112;
				void* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t112;
				signed int* _t116;
				struct HWND__* _t118;
				void* _t119;
				signed int _t120;
				void* _t122;
				signed int _t128;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				signed int _t136;
				signed int _t137;
				signed int _t138;
				intOrPtr* _t145;
				intOrPtr* _t147;
				void* _t153;
				int _t155;
				void* _t156;
				void* _t160;
				void* _t161;
				intOrPtr* _t163;
				void* _t164;
				void* _t165;
				intOrPtr* _t167;
				intOrPtr _t172;
				signed int _t177;
				signed int _t180;
				struct HWND__* _t188;
				void* _t189;
				intOrPtr* _t190;
				intOrPtr _t191;
				struct HWND__* _t192;
				char* _t212;
				intOrPtr _t214;
				void* _t215;
				void** _t217;
				char _t220;
				void* _t221;
				RECT* _t223;
				struct HWND__* _t225;
				WCHAR* _t226;
				char* _t227;
				intOrPtr* _t228;
				signed int _t230;
				signed int _t232;

				_t211 = __edx;
				_t232 = (_t230 & 0xfffffff8) - 0x54;
				_t112 =  *0x13bce20; // 0xb4b6cc09
				_v8 = _t112 ^ _t232;
				_t188 = _a12;
				_v60 = _a8;
				_v52 = _a16;
				_t116 = _a20;
				_t214 = _a4;
				_v64 = _a28;
				_v48 = _t214;
				_v68 = _t116;
				_v84 = _a32;
				if(_t116 != 0) {
					 *_t116 =  *_t116 & 0x00000000;
					_t220 = _t214 - 0x24;
					_v76 = 1;
					_v77 = 0;
					_v56 = _t220;
					E0131582F(_t188, _t220, _t214, _t220, __eflags);
					_t118 =  *(_t214 - 0x20);
					__eflags = _t118;
					if(_t118 != 0) {
						__eflags = _t118 - _t188;
						if(_t118 != _t188) {
							RedrawWindow(_t118, 0, 0, 0x507);
							E01317945(_t220);
						}
					}
					_t119 = IsWindow(_t188);
					__eflags = _t119;
					if(_t119 == 0) {
						L58:
						_t120 = _v76;
						goto L59;
					} else {
						__eflags =  *(_t214 - 0x20) - _t188;
						if(__eflags != 0) {
							_t180 = E0131D19C(_t188, _t220, __eflags);
							_v77 = 1;
							_t23 = _t220 + 0xc8;
							 *_t23 =  *(_t220 + 0xc8) ^ (_t180 << 0x00000004 ^  *(_t220 + 0xc8)) & 0x00000010;
							__eflags =  *_t23;
						}
						__eflags =  *(_t214 + 0xa8);
						if(__eflags != 0) {
							L14:
							_push(_v84);
							_t190 = _v68;
							_v69 = 0;
							_t122 = E01314F85(_t190, _v60,  &_v69, _t220, __eflags); // executed
							_v76 = _t122;
							__eflags = _t122;
							if(__eflags >= 0) {
								_push(_v52);
								_push(0);
								_push( *_t190);
								_push(_t220); // executed
								_t172 = E01317558(_t190,  &_v69, _t220, __eflags); // executed
								_v92 = _t172;
							}
							_t191 = _v48;
							_t200 = _t191 + 0x5c;
							_t217 = _t191 + 0x5c;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t223 = 0;
							__eflags = _v76;
							if(__eflags < 0) {
								L54:
								E0131582F(_t191, _v56, _t217, _t223, __eflags);
								_t192 =  *(_t191 - 0x20);
								__eflags = _t192 - _t223;
								if(_t192 != _t223) {
									RedrawWindow(_t192, _t223, _t223, 0x507);
									__eflags = _v76 - _t223;
									if(_v76 < _t223) {
										__eflags = _v77;
										if(_v77 != 0) {
											E01317945(_v56);
										}
									}
								}
								goto L58;
							} else {
								_t217 = _v68;
								_t127 =  *_t217;
								__eflags =  *_t217;
								if( *_t217 != 0) {
									__eflags = _v64;
									if(_v64 != 0) {
										_t211 = _t191 + 0x70;
										E01313BB9(_t127, _t200, _v64, _t200, _t191 + 0x70);
									}
								}
								__eflags = _v69;
								if(_v69 == 0) {
									L52:
									__eflags = _v76 - _t223;
									if(__eflags < 0) {
										goto L54;
									}
									__eflags =  *((intOrPtr*)(_t191 + 0x3c)) - _t223;
									if(__eflags != 0) {
										goto L58;
									}
									goto L54;
								} else {
									__eflags =  *_t217 - _t223;
									if( *_t217 == _t223) {
										goto L52;
									}
									_t128 = GetWindowLongW( *(_t191 - 0x20), 0xfffffff0);
									__eflags = _t128 & 0x00300000;
									if((_t128 & 0x00300000) != 0) {
										SetWindowLongW( *(_t191 - 0x20), 0xfffffff0, GetWindowLongW( *(_t191 - 0x20), 0xfffffff0) & 0xffcfffff);
										_t225 = 0;
										__eflags = 0;
										SetWindowPos( *(_t191 - 0x20), 0, 0, 0, 0, 0, 0x37);
									} else {
										 *(_t191 + 0xbc) =  *(_t191 + 0xbc) | 0x00000008;
										_t225 = 0;
									}
									_t217 =  *_t217;
									_v84 = _t217;
									__eflags = _t217 - _t225;
									if(_t217 != _t225) {
										 *((intOrPtr*)( *_t217 + 4))(_t217);
									}
									_t226 = _v60;
									_t133 =  *_t226 & 0x0000ffff;
									__eflags = _t133 - 0x4d;
									if(_t133 == 0x4d) {
										L29:
										_t134 = _t226[1] & 0x0000ffff;
										__eflags = _t134 - 0x53;
										if(_t134 == 0x53) {
											L31:
											_t135 = _t226[2] & 0x0000ffff;
											__eflags = _t135 - 0x48;
											if(_t135 == 0x48) {
												L33:
												_t136 = _t226[3] & 0x0000ffff;
												__eflags = _t136 - 0x54;
												if(_t136 == 0x54) {
													L35:
													_t137 = _t226[4] & 0x0000ffff;
													__eflags = _t137 - 0x4d;
													if(_t137 == 0x4d) {
														L37:
														_t138 = _t226[5] & 0x0000ffff;
														__eflags = _t138 - 0x4c;
														if(_t138 == 0x4c) {
															L39:
															__eflags = _t226[6] - 0x3a;
															if(_t226[6] != 0x3a) {
																goto L61;
															}
															_t155 = lstrlenW(_t226);
															_t65 = _t155 - 0xe; // -14
															_t218 = _t155 + _t65;
															_t156 = GlobalAlloc(0x42, _t155 + _t65);
															_v60 = _t156;
															__eflags = _t156;
															if(_t156 == 0) {
																_v76 = 0x8007000e;
															} else {
																_v68 = _v68 & 0x00000000;
																E01311B94(GlobalLock(_t156), _t218,  &(_t226[7]), _t218);
																_t232 = _t232 + 0x10;
																GlobalUnlock(_v60);
																_t160 =  &_v68;
																__imp__CreateStreamOnHGlobal(_v60, 1, _t160);
																_v88 = _t160;
																__eflags = _t160;
																if(_t160 >= 0) {
																	_t163 = _v96;
																	_v76 = _v76 & 0x00000000;
																	_t211 =  &_v76;
																	_t164 =  *((intOrPtr*)( *_t163))(_t163, 0x13a18b4,  &_v76);
																	_v100 = _t164;
																	__eflags = _t164;
																	if(_t164 >= 0) {
																		_t167 = _v88;
																		_v108 =  *((intOrPtr*)( *_t167 + 0x14))(_t167, _v92);
																	}
																	_t165 = _v88;
																	__eflags = _t165;
																	if(_t165 != 0) {
																		 *((intOrPtr*)( *_t165 + 8))(_t165);
																	}
																}
																_t161 = _v80;
																__eflags = _t161;
																if(_t161 != 0) {
																	 *((intOrPtr*)( *_t161 + 8))(_t161);
																}
															}
															_t217 = _v84;
															goto L49;
														}
														__eflags = _t138 - 0x6c;
														if(_t138 != 0x6c) {
															goto L61;
														}
														goto L39;
													}
													__eflags = _t137 - 0x6d;
													if(_t137 != 0x6d) {
														goto L61;
													}
													goto L37;
												}
												__eflags = _t136 - 0x74;
												if(_t136 != 0x74) {
													goto L61;
												}
												goto L35;
											}
											__eflags = _t135 - 0x68;
											if(_t135 != 0x68) {
												goto L61;
											}
											goto L33;
										}
										__eflags = _t134 - 0x73;
										if(_t134 != 0x73) {
											goto L61;
										}
										goto L31;
									} else {
										__eflags = _t133 - 0x6d;
										if(_t133 != 0x6d) {
											L61:
											_v84 = _v84 & 0x00000000;
											 *( *_t217)(_t217, 0x13a1924,  &_v84);
											__eflags = _v96;
											if(_v96 != 0) {
												__imp__#8( &_v56);
												_t227 =  &_v44;
												E01311C2A(_t227, _t226);
												_t145 = _v104;
												 *((intOrPtr*)( *_t145 + 0xa4))(_t145, 0xffffffff);
												_t147 = _v112;
												_t212 =  &_v72;
												_t211 = _t227;
												 *((intOrPtr*)( *_t147 + 0xd0))(_t147, _t227, _t212, _t212, _t212, _t212);
												_t228 = __imp__#9;
												 *_t228(_t227);
												 *_t228( &_v100);
												_t153 = _v144;
												__eflags = _t153;
												if(_t153 != 0) {
													 *((intOrPtr*)( *_t153 + 8))(_t153);
												}
											}
											L49:
											__eflags = _t217;
											if(_t217 != 0) {
												 *((intOrPtr*)( *_t217 + 8))(_t217);
											}
											_t223 = 0;
											__eflags = 0;
											goto L52;
										}
										goto L29;
									}
								}
							}
						}
						__eflags = GetClassNameW(GetParent( *(_t214 - 0x20)),  &_v28, 8);
						if(__eflags == 0) {
							L12:
							_push(5);
							L13:
							 *(_t214 + 0xa8) = GetSysColor();
							goto L14;
						}
						_t177 = lstrcmpW( &_v28, L"#32770");
						asm("sbb eax, eax");
						__eflags =  ~_t177 + 1;
						if(__eflags == 0) {
							goto L12;
						} else {
							_push(0xf);
							goto L13;
						}
					}
				} else {
					_t120 = 0x80004003;
					L59:
					_pop(_t215);
					_pop(_t221);
					_pop(_t189);
					return E013748C1(_t120, _t189, _v8 ^ _t232, _t211, _t215, _t221);
				}
			}











































































                                                                                                                                                                                                                                0x01315f0f
                                                                                                                                                                                                                                0x01315f15
                                                                                                                                                                                                                                0x01315f18
                                                                                                                                                                                                                                0x01315f1f
                                                                                                                                                                                                                                0x01315f2a
                                                                                                                                                                                                                                0x01315f2d
                                                                                                                                                                                                                                0x01315f35
                                                                                                                                                                                                                                0x01315f39
                                                                                                                                                                                                                                0x01315f3d
                                                                                                                                                                                                                                0x01315f40
                                                                                                                                                                                                                                0x01315f47
                                                                                                                                                                                                                                0x01315f4b
                                                                                                                                                                                                                                0x01315f4f
                                                                                                                                                                                                                                0x01315f55
                                                                                                                                                                                                                                0x01315f61
                                                                                                                                                                                                                                0x01315f64
                                                                                                                                                                                                                                0x01315f69
                                                                                                                                                                                                                                0x01315f71
                                                                                                                                                                                                                                0x01315f76
                                                                                                                                                                                                                                0x01315f7a
                                                                                                                                                                                                                                0x01315f7f
                                                                                                                                                                                                                                0x01315f82
                                                                                                                                                                                                                                0x01315f84
                                                                                                                                                                                                                                0x01315f86
                                                                                                                                                                                                                                0x01315f88
                                                                                                                                                                                                                                0x01315f94
                                                                                                                                                                                                                                0x01315f9c
                                                                                                                                                                                                                                0x01315f9c
                                                                                                                                                                                                                                0x01315f88
                                                                                                                                                                                                                                0x01315fa2
                                                                                                                                                                                                                                0x01315fa8
                                                                                                                                                                                                                                0x01315faa
                                                                                                                                                                                                                                0x0131626e
                                                                                                                                                                                                                                0x0131626e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01315fb0
                                                                                                                                                                                                                                0x01315fb0
                                                                                                                                                                                                                                0x01315fb3
                                                                                                                                                                                                                                0x01315fb5
                                                                                                                                                                                                                                0x01315fc3
                                                                                                                                                                                                                                0x01315fcb
                                                                                                                                                                                                                                0x01315fcb
                                                                                                                                                                                                                                0x01315fcb
                                                                                                                                                                                                                                0x01315fcb
                                                                                                                                                                                                                                0x01315fd1
                                                                                                                                                                                                                                0x01315fd8
                                                                                                                                                                                                                                0x0131601e
                                                                                                                                                                                                                                0x0131601e
                                                                                                                                                                                                                                0x01316022
                                                                                                                                                                                                                                0x0131602e
                                                                                                                                                                                                                                0x01316033
                                                                                                                                                                                                                                0x01316039
                                                                                                                                                                                                                                0x0131603d
                                                                                                                                                                                                                                0x0131603f
                                                                                                                                                                                                                                0x01316041
                                                                                                                                                                                                                                0x01316045
                                                                                                                                                                                                                                0x01316047
                                                                                                                                                                                                                                0x01316049
                                                                                                                                                                                                                                0x0131604a
                                                                                                                                                                                                                                0x0131604f
                                                                                                                                                                                                                                0x0131604f
                                                                                                                                                                                                                                0x01316053
                                                                                                                                                                                                                                0x0131605a
                                                                                                                                                                                                                                0x0131605d
                                                                                                                                                                                                                                0x0131605f
                                                                                                                                                                                                                                0x01316060
                                                                                                                                                                                                                                0x01316061
                                                                                                                                                                                                                                0x01316062
                                                                                                                                                                                                                                0x01316063
                                                                                                                                                                                                                                0x01316065
                                                                                                                                                                                                                                0x01316069
                                                                                                                                                                                                                                0x0131623a
                                                                                                                                                                                                                                0x0131623e
                                                                                                                                                                                                                                0x01316243
                                                                                                                                                                                                                                0x01316246
                                                                                                                                                                                                                                0x01316248
                                                                                                                                                                                                                                0x01316252
                                                                                                                                                                                                                                0x01316258
                                                                                                                                                                                                                                0x0131625c
                                                                                                                                                                                                                                0x0131625e
                                                                                                                                                                                                                                0x01316263
                                                                                                                                                                                                                                0x01316269
                                                                                                                                                                                                                                0x01316269
                                                                                                                                                                                                                                0x01316263
                                                                                                                                                                                                                                0x0131625c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131606f
                                                                                                                                                                                                                                0x0131606f
                                                                                                                                                                                                                                0x01316073
                                                                                                                                                                                                                                0x01316075
                                                                                                                                                                                                                                0x01316077
                                                                                                                                                                                                                                0x01316079
                                                                                                                                                                                                                                0x0131607d
                                                                                                                                                                                                                                0x0131607f
                                                                                                                                                                                                                                0x01316088
                                                                                                                                                                                                                                0x01316088
                                                                                                                                                                                                                                0x0131607d
                                                                                                                                                                                                                                0x0131608d
                                                                                                                                                                                                                                0x01316092
                                                                                                                                                                                                                                0x0131622f
                                                                                                                                                                                                                                0x0131622f
                                                                                                                                                                                                                                0x01316233
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01316235
                                                                                                                                                                                                                                0x01316238
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01316098
                                                                                                                                                                                                                                0x01316098
                                                                                                                                                                                                                                0x0131609a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013160ab
                                                                                                                                                                                                                                0x013160ad
                                                                                                                                                                                                                                0x013160b2
                                                                                                                                                                                                                                0x013160d1
                                                                                                                                                                                                                                0x013160d9
                                                                                                                                                                                                                                0x013160d9
                                                                                                                                                                                                                                0x013160e3
                                                                                                                                                                                                                                0x013160b4
                                                                                                                                                                                                                                0x013160b4
                                                                                                                                                                                                                                0x013160bb
                                                                                                                                                                                                                                0x013160bb
                                                                                                                                                                                                                                0x013160e9
                                                                                                                                                                                                                                0x013160eb
                                                                                                                                                                                                                                0x013160ef
                                                                                                                                                                                                                                0x013160f1
                                                                                                                                                                                                                                0x013160f6
                                                                                                                                                                                                                                0x013160f6
                                                                                                                                                                                                                                0x013160f9
                                                                                                                                                                                                                                0x013160fd
                                                                                                                                                                                                                                0x01316100
                                                                                                                                                                                                                                0x01316103
                                                                                                                                                                                                                                0x0131610e
                                                                                                                                                                                                                                0x0131610e
                                                                                                                                                                                                                                0x01316112
                                                                                                                                                                                                                                0x01316115
                                                                                                                                                                                                                                0x01316120
                                                                                                                                                                                                                                0x01316120
                                                                                                                                                                                                                                0x01316124
                                                                                                                                                                                                                                0x01316127
                                                                                                                                                                                                                                0x01316132
                                                                                                                                                                                                                                0x01316132
                                                                                                                                                                                                                                0x01316136
                                                                                                                                                                                                                                0x01316139
                                                                                                                                                                                                                                0x01316144
                                                                                                                                                                                                                                0x01316144
                                                                                                                                                                                                                                0x01316148
                                                                                                                                                                                                                                0x0131614b
                                                                                                                                                                                                                                0x01316156
                                                                                                                                                                                                                                0x01316156
                                                                                                                                                                                                                                0x0131615a
                                                                                                                                                                                                                                0x0131615d
                                                                                                                                                                                                                                0x01316168
                                                                                                                                                                                                                                0x01316168
                                                                                                                                                                                                                                0x0131616d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01316174
                                                                                                                                                                                                                                0x0131617a
                                                                                                                                                                                                                                0x0131617a
                                                                                                                                                                                                                                0x01316181
                                                                                                                                                                                                                                0x01316187
                                                                                                                                                                                                                                0x0131618b
                                                                                                                                                                                                                                0x0131618d
                                                                                                                                                                                                                                0x01316286
                                                                                                                                                                                                                                0x01316193
                                                                                                                                                                                                                                0x01316193
                                                                                                                                                                                                                                0x013161a6
                                                                                                                                                                                                                                0x013161ab
                                                                                                                                                                                                                                0x013161b2
                                                                                                                                                                                                                                0x013161b8
                                                                                                                                                                                                                                0x013161c3
                                                                                                                                                                                                                                0x013161c9
                                                                                                                                                                                                                                0x013161cd
                                                                                                                                                                                                                                0x013161cf
                                                                                                                                                                                                                                0x013161d1
                                                                                                                                                                                                                                0x013161d7
                                                                                                                                                                                                                                0x013161dc
                                                                                                                                                                                                                                0x013161e7
                                                                                                                                                                                                                                0x013161e9
                                                                                                                                                                                                                                0x013161ed
                                                                                                                                                                                                                                0x013161ef
                                                                                                                                                                                                                                0x013161f1
                                                                                                                                                                                                                                0x013161ff
                                                                                                                                                                                                                                0x013161ff
                                                                                                                                                                                                                                0x01316203
                                                                                                                                                                                                                                0x01316207
                                                                                                                                                                                                                                0x01316209
                                                                                                                                                                                                                                0x0131620e
                                                                                                                                                                                                                                0x0131620e
                                                                                                                                                                                                                                0x01316209
                                                                                                                                                                                                                                0x01316211
                                                                                                                                                                                                                                0x01316215
                                                                                                                                                                                                                                0x01316217
                                                                                                                                                                                                                                0x0131621c
                                                                                                                                                                                                                                0x0131621c
                                                                                                                                                                                                                                0x01316217
                                                                                                                                                                                                                                0x0131621f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131621f
                                                                                                                                                                                                                                0x0131615f
                                                                                                                                                                                                                                0x01316162
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01316162
                                                                                                                                                                                                                                0x0131614d
                                                                                                                                                                                                                                0x01316150
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01316150
                                                                                                                                                                                                                                0x0131613b
                                                                                                                                                                                                                                0x0131613e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131613e
                                                                                                                                                                                                                                0x01316129
                                                                                                                                                                                                                                0x0131612c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131612c
                                                                                                                                                                                                                                0x01316117
                                                                                                                                                                                                                                0x0131611a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01316105
                                                                                                                                                                                                                                0x01316105
                                                                                                                                                                                                                                0x01316108
                                                                                                                                                                                                                                0x01316290
                                                                                                                                                                                                                                0x01316292
                                                                                                                                                                                                                                0x013162a2
                                                                                                                                                                                                                                0x013162a4
                                                                                                                                                                                                                                0x013162a9
                                                                                                                                                                                                                                0x013162b4
                                                                                                                                                                                                                                0x013162bb
                                                                                                                                                                                                                                0x013162bf
                                                                                                                                                                                                                                0x013162c4
                                                                                                                                                                                                                                0x013162cd
                                                                                                                                                                                                                                0x013162d3
                                                                                                                                                                                                                                0x013162d9
                                                                                                                                                                                                                                0x013162e1
                                                                                                                                                                                                                                0x013162e5
                                                                                                                                                                                                                                0x013162ed
                                                                                                                                                                                                                                0x013162f4
                                                                                                                                                                                                                                0x013162fb
                                                                                                                                                                                                                                0x013162fd
                                                                                                                                                                                                                                0x01316301
                                                                                                                                                                                                                                0x01316303
                                                                                                                                                                                                                                0x0131630c
                                                                                                                                                                                                                                0x0131630c
                                                                                                                                                                                                                                0x01316303
                                                                                                                                                                                                                                0x01316223
                                                                                                                                                                                                                                0x01316223
                                                                                                                                                                                                                                0x01316225
                                                                                                                                                                                                                                0x0131622a
                                                                                                                                                                                                                                0x0131622a
                                                                                                                                                                                                                                0x0131622d
                                                                                                                                                                                                                                0x0131622d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131622d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01316108
                                                                                                                                                                                                                                0x01316103
                                                                                                                                                                                                                                0x01316092
                                                                                                                                                                                                                                0x01316069
                                                                                                                                                                                                                                0x01315ff1
                                                                                                                                                                                                                                0x01315ff3
                                                                                                                                                                                                                                0x01316010
                                                                                                                                                                                                                                0x01316010
                                                                                                                                                                                                                                0x01316012
                                                                                                                                                                                                                                0x01316018
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01316018
                                                                                                                                                                                                                                0x01315fff
                                                                                                                                                                                                                                0x01316007
                                                                                                                                                                                                                                0x01316009
                                                                                                                                                                                                                                0x0131600a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131600c
                                                                                                                                                                                                                                0x0131600c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131600c
                                                                                                                                                                                                                                0x0131600a
                                                                                                                                                                                                                                0x01315f57
                                                                                                                                                                                                                                0x01315f57
                                                                                                                                                                                                                                0x01316272
                                                                                                                                                                                                                                0x01316276
                                                                                                                                                                                                                                0x01316277
                                                                                                                                                                                                                                0x01316278
                                                                                                                                                                                                                                0x01316283
                                                                                                                                                                                                                                0x01316283

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000507), ref: 01315F94
                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 01315FA2
                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 01315FDD
                                                                                                                                                                                                                                • GetClassNameW.USER32 ref: 01315FEB
                                                                                                                                                                                                                                • lstrcmpW.KERNEL32(?,#32770), ref: 01315FFF
                                                                                                                                                                                                                                • GetSysColor.USER32(00000005), ref: 01316012
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 013160AB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$ClassColorLongNameParentRedrawlstrcmp
                                                                                                                                                                                                                                • String ID: #32770
                                                                                                                                                                                                                                • API String ID: 3221527119-463685578
                                                                                                                                                                                                                                • Opcode ID: 0ac69dd806e7c3917143d9e200116252d8b4878b06c3480335da64221c965683
                                                                                                                                                                                                                                • Instruction ID: 359dad3cf13c4883f5abc374bcd4f3f07b1ac13f6b6de4ab75608eca4a03df15
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ac69dd806e7c3917143d9e200116252d8b4878b06c3480335da64221c965683
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCC1AEB16083119FDB15CFA8C889A6EBBE8FF89708F10091DF98597254C774E945CBA2
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01329C46, Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 274windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1650 1329c46-1329c72 GdipGetImagePixelFormat 1651 1329c77-1329c9d 1650->1651 1652 1329c74 1650->1652 1653 1329cb5-1329cbb 1651->1653 1654 1329c9f-1329caf 1651->1654 1652->1651 1655 1329cd7-1329cf0 GdipGetImageHeight 1653->1655 1656 1329cbd-1329ccd 1653->1656 1654->1653 1657 1329cf2 1655->1657 1658 1329cf5-1329d14 GdipGetImageWidth 1655->1658 1656->1655 1657->1658 1659 1329d16 1658->1659 1660 1329d19-1329d33 call 1329892 1658->1660 1659->1660 1663 1329d35-1329d3a 1660->1663 1664 1329d3f-1329d51 1660->1664 1665 132a046-132a05a call 13748c1 1663->1665 1666 1329d57-1329d6f GdipGetImagePaletteSize 1664->1666 1667 1329eb5-1329ec1 1664->1667 1669 1329d71 1666->1669 1670 1329d74-1329d80 1666->1670 1671 1329ec7-1329f06 GdipBitmapLockBits 1667->1671 1672 1329fc4-132a01c GdipCreateBitmapFromScan0 GdipGetImageGraphicsContext GdipDrawImageI GdipDeleteGraphics GdipDisposeImage 1667->1672 1669->1670 1674 1329d82-1329d8b call 1329121 1670->1674 1675 1329d98-1329da4 call 13444f0 1670->1675 1677 1329f08-1329f0b 1671->1677 1678 1329f0d 1671->1678 1676 132a022-132a029 1672->1676 1674->1675 1692 1329d8d-1329d96 call 138a730 1674->1692 1689 1329da6-1329da8 1675->1689 1681 132a044 1676->1681 1682 132a02b-132a042 call 1375111 1676->1682 1683 1329f0f-1329f11 1677->1683 1678->1683 1681->1665 1682->1681 1687 1329f13-1329f19 1683->1687 1688 1329f3d-1329f6d 1683->1688 1694 1329dcb-1329dd0 1687->1694 1695 1329f1f-1329f36 call 1375111 1687->1695 1690 1329fab-1329fbd GdipBitmapUnlockBits 1688->1690 1691 1329f6f-1329fa9 call 1311b94 1688->1691 1697 1329dd5-1329de7 GdipGetImagePalette 1689->1697 1698 1329daa-1329db0 1689->1698 1690->1676 1700 1329fbf-1329fc2 1690->1700 1691->1690 1692->1689 1694->1665 1708 1329f38 1695->1708 1705 1329de9 1697->1705 1706 1329dec-1329df1 1697->1706 1698->1694 1703 1329db2-1329dc9 call 1375111 1698->1703 1700->1676 1703->1694 1705->1706 1710 1329df3-1329df8 1706->1710 1711 1329dfa-1329e01 1706->1711 1708->1694 1710->1711 1713 1329e25-1329e2e 1710->1713 1711->1663 1714 1329e07-1329e1e call 1375111 1711->1714 1715 1329e30-1329e33 1713->1715 1716 1329e86-1329eb3 call 1329a7b SetDIBColorTable call 132a05b 1713->1716 1721 1329e20 1714->1721 1718 1329e39-1329e84 1715->1718 1716->1667 1718->1716 1718->1718 1721->1663
                                                                                                                                                                                                                                C-Code - Quality: 33%
                                                                                                                                                                                                                                			E01329C46(signed int __ecx, intOrPtr __edx) {
				signed int _v8;
				struct tagRGBQUAD _v1036;
				unsigned int* _v1040;
				signed int _v1044;
				signed int _v1048;
				unsigned int _v1052;
				signed int _v1056;
				signed int _v1060;
				unsigned int _v1064;
				signed int _v1068;
				unsigned int _v1072;
				unsigned int _v1076;
				signed int _v1084;
				intOrPtr _v1092;
				char _v1100;
				void* _v1116;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t139;
				signed int* _t141;
				unsigned int _t142;
				unsigned int _t143;
				unsigned int _t145;
				void* _t147;
				unsigned int _t154;
				unsigned int _t157;
				unsigned int _t164;
				unsigned int _t165;
				unsigned int _t166;
				signed int _t176;
				signed int _t185;
				signed int _t187;
				unsigned int _t194;
				signed int _t203;
				unsigned int _t204;
				signed int _t208;
				signed int _t211;
				unsigned int _t212;

				_t139 =  *0x13bce20; // 0xb4b6cc09
				_v8 = _t139 ^ _t211;
				_t141 =  &_v1060;
				_t202 = __edx;
				_t3 = _t202 + 4; // 0x132975c
				_t185 = __ecx;
				__imp__GdipGetImagePixelFormat( *_t3, _t141);
				if(_t141 != 0) {
					 *((intOrPtr*)(__edx + 8)) = _t141;
				}
				_t187 = _v1060;
				_v1048 = _v1048 & 0x00000000;
				_t198 = 0x20;
				_v1056 = _t198;
				_v1052 = 0x22009;
				if((_t187 & 0x00020000) != 0) {
					_v1056 = _t187 >> 0x00000008 & 0x000000ff;
					_v1052 = _t187;
				}
				if((_t187 & 0x00040000) != 0) {
					_v1056 = _t198;
					_v1048 = 1;
					_v1052 = 0x26200a;
				}
				_v1044 = _v1044 & 0x00000000;
				_t142 =  &_v1044;
				_t22 = _t202 + 4; // 0x132975c
				__imp__GdipGetImageHeight( *_t22, _t142);
				if(_t142 != 0) {
					 *(_t202 + 8) = _t142;
				}
				_t203 = _v1044;
				_v1040 = _v1040 & 0x00000000;
				_t143 =  &_v1040;
				_t28 = _t202 + 4; // 0x132975c
				__imp__GdipGetImageWidth( *_t28, _t143);
				_t219 = _t143;
				if(_t143 != 0) {
					 *(_t202 + 8) = _t143;
				}
				if(E01329892(_t185, _t198, _t219, _v1040, _t203, _v1056, _v1048) != 0) {
					_t204 = 0;
					__eflags = _v1060 & 0x00010000;
					_v1040 = 0;
					if((_v1060 & 0x00010000) == 0) {
						L34:
						_t145 = _v1052;
						__eflags = _t145 - _v1060;
						if(_t145 != _v1060) {
							_v1052 = _t204;
							__imp__GdipCreateBitmapFromScan0( *(_t185 + 0xc),  *(_t185 + 0x10),  *((intOrPtr*)(_t185 + 0x14)), _t145,  *((intOrPtr*)(_t185 + 8)),  &_v1052);
							_t204 = _v1052;
							_t129 =  &_v1044;
							 *_t129 = _v1044 & 0x00000000;
							__eflags =  *_t129;
							__imp__GdipGetImageGraphicsContext(_t204,  &_v1044);
							_t132 = _t202 + 4; // 0x132975c
							_t202 =  *_t132;
							_t185 = _v1044;
							__imp__GdipDrawImageI(_t185,  *_t132, 0, 0);
							__imp__GdipDeleteGraphics(_t185);
							__imp__GdipDisposeImage(_t204);
							L47:
							__eflags = _v1040;
							if(_v1040 == 0) {
								L49:
								_t147 = 0;
								__eflags = 0;
								goto L50;
							} else {
								goto L48;
							}
							do {
								L48:
								_t204 =  *_v1040;
								_v1040 = _t204;
								E01375111(_v1040);
								__eflags = _t204;
							} while (_t204 != 0);
							goto L49;
						}
						_v1068 =  *(_t185 + 0xc);
						_v1064 =  *(_t185 + 0x10);
						_t154 =  &_v1076;
						_t91 = _t202 + 4; // 0x132975c
						_v1076 = _t204;
						_v1072 = _t204;
						__imp__GdipBitmapLockBits( *_t91, _t154, 1, _v1060,  &_v1100);
						__eflags = _t154 - _t204;
						if(_t154 == _t204) {
							_t154 = 0;
							__eflags = 0;
						} else {
							 *(_t202 + 8) = _t154;
						}
						__eflags = _t154 - _t204;
						if(_t154 == _t204) {
							_v1056 = _v1056 & 0x00000000;
							_v1052 =  *((intOrPtr*)(_t185 + 8));
							_t204 =  *(_t185 + 0xc) * _v1056 + 7 >> 3;
							__eflags =  *(_t185 + 0x10);
							_v1044 = _v1084;
							if( *(_t185 + 0x10) <= 0) {
								L44:
								_t157 =  &_v1100;
								_t120 = _t202 + 4; // 0x132975c
								__imp__GdipBitmapUnlockBits( *_t120, _t157);
								__eflags = _t157;
								if(_t157 != 0) {
									 *(_t202 + 8) = _t157;
								}
								goto L47;
							} else {
								goto L43;
							}
							do {
								L43:
								E01311B94(_v1052, _t204, _v1044, _t204);
								_v1052 = _v1052 +  *((intOrPtr*)(_t185 + 0x14));
								_v1044 = _v1044 + _v1092;
								_t212 = _t212 + 0x10;
								_v1056 = _v1056 + 1;
								__eflags = _v1056 -  *(_t185 + 0x10);
							} while (_v1056 <  *(_t185 + 0x10));
							goto L44;
						} else {
							__eflags = _v1040 - _t204;
							if(_v1040 == _t204) {
								L22:
								_t147 = 0x8007000e;
								goto L50;
							} else {
								goto L40;
							}
							do {
								L40:
								_t204 =  *_v1040;
								_v1040 = _t204;
								E01375111(_v1040);
								__eflags = _t204;
							} while (_t204 != 0);
							goto L22;
						}
					}
					_t164 =  &_v1048;
					_t38 = _t202 + 4; // 0x132975c
					_v1048 = 0;
					__imp__GdipGetImagePaletteSize( *_t38, _t164); // executed
					__eflags = _t164;
					if(_t164 != 0) {
						 *(_t202 + 8) = _t164;
					}
					_t208 = _v1048;
					__eflags = _t208 - 0x400;
					if(__eflags > 0) {
						L18:
						_t165 = E013444F0(_t198, _t202,  &_v1040, __eflags, _t208);
						_t204 = _t165;
						goto L19;
					} else {
						_push(_t208);
						__eflags = E01329121(_t185, _t198, _t202, _t208, __eflags);
						if(__eflags == 0) {
							goto L18;
						}
						_t165 = E0138A730(_t208);
						_t204 = _t212;
						L19:
						__eflags = _t204;
						if(_t204 != 0) {
							_t47 = _t202 + 4; // 0x132975c
							__imp__GdipGetImagePalette( *_t47, _t204, _v1048);
							__eflags = _t165;
							if(_t165 != 0) {
								 *(_t202 + 8) = _t165;
							}
							_t166 =  *(_t204 + 4);
							__eflags = _t166;
							if(_t166 == 0) {
								L27:
								__eflags = _v1040;
								if(_v1040 == 0) {
									goto L11;
								} else {
									goto L28;
								}
								do {
									L28:
									_t204 =  *_v1040;
									_v1040 = _t204;
									E01375111(_v1040);
									__eflags = _t204;
								} while (_t204 != 0);
								goto L11;
							} else {
								__eflags = _t166 - 0x100;
								if(_t166 <= 0x100) {
									_v1048 = _v1048 & 0x00000000;
									__eflags = _t166;
									if(_t166 == 0) {
										L33:
										_v1044 =  *(_t204 + 4);
										E01329A7B(_t185);
										SetDIBColorTable( *(_t185 + 0x28), 0, _v1044,  &_v1036);
										E0132A05B(_t185);
										_t204 = 0;
										__eflags = 0;
										goto L34;
									}
									_t55 = _t204 + 8; // 0x8
									_v1044 = _t55;
									do {
										_t194 =  *_v1044;
										_t176 = _v1048;
										_v1044 = _v1044 + 4;
										 *((char*)(_t211 + _t176 * 4 - 0x406)) = _t194 >> 0x10;
										_t198 = _t194 >> 8;
										_v1048 = _v1048 + 1;
										 *((char*)(_t211 + _t176 * 4 - 0x407)) = _t194 >> 8;
										 *(_t211 + _t176 * 4 - 0x408) = _t194;
										 *((char*)(_t211 + _t176 * 4 - 0x405)) = 0;
										__eflags = _v1048 -  *(_t204 + 4);
									} while (_v1048 <  *(_t204 + 4));
									goto L33;
								}
								goto L27;
							}
						}
						__eflags = _v1040 - _t204;
						if(_v1040 == _t204) {
							goto L22;
						} else {
							goto L21;
						}
						do {
							L21:
							_t204 =  *_v1040;
							_v1040 = _t204;
							E01375111(_v1040);
							__eflags = _t204;
						} while (_t204 != 0);
						goto L22;
					}
				} else {
					L11:
					_t147 = 0x80004005;
					L50:
					return E013748C1(_t147, _t185, _v8 ^ _t211, _t198, _t202, _t204);
				}
			}











































                                                                                                                                                                                                                                0x01329c4f
                                                                                                                                                                                                                                0x01329c56
                                                                                                                                                                                                                                0x01329c5c
                                                                                                                                                                                                                                0x01329c62
                                                                                                                                                                                                                                0x01329c65
                                                                                                                                                                                                                                0x01329c68
                                                                                                                                                                                                                                0x01329c6a
                                                                                                                                                                                                                                0x01329c72
                                                                                                                                                                                                                                0x01329c74
                                                                                                                                                                                                                                0x01329c74
                                                                                                                                                                                                                                0x01329c77
                                                                                                                                                                                                                                0x01329c7d
                                                                                                                                                                                                                                0x01329c86
                                                                                                                                                                                                                                0x01329c87
                                                                                                                                                                                                                                0x01329c8d
                                                                                                                                                                                                                                0x01329c9d
                                                                                                                                                                                                                                0x01329ca9
                                                                                                                                                                                                                                0x01329caf
                                                                                                                                                                                                                                0x01329caf
                                                                                                                                                                                                                                0x01329cbb
                                                                                                                                                                                                                                0x01329cbd
                                                                                                                                                                                                                                0x01329cc3
                                                                                                                                                                                                                                0x01329ccd
                                                                                                                                                                                                                                0x01329ccd
                                                                                                                                                                                                                                0x01329cd7
                                                                                                                                                                                                                                0x01329cde
                                                                                                                                                                                                                                0x01329ce5
                                                                                                                                                                                                                                0x01329ce8
                                                                                                                                                                                                                                0x01329cf0
                                                                                                                                                                                                                                0x01329cf2
                                                                                                                                                                                                                                0x01329cf2
                                                                                                                                                                                                                                0x01329cf5
                                                                                                                                                                                                                                0x01329cfb
                                                                                                                                                                                                                                0x01329d02
                                                                                                                                                                                                                                0x01329d09
                                                                                                                                                                                                                                0x01329d0c
                                                                                                                                                                                                                                0x01329d12
                                                                                                                                                                                                                                0x01329d14
                                                                                                                                                                                                                                0x01329d16
                                                                                                                                                                                                                                0x01329d16
                                                                                                                                                                                                                                0x01329d33
                                                                                                                                                                                                                                0x01329d3f
                                                                                                                                                                                                                                0x01329d41
                                                                                                                                                                                                                                0x01329d4b
                                                                                                                                                                                                                                0x01329d51
                                                                                                                                                                                                                                0x01329eb5
                                                                                                                                                                                                                                0x01329eb5
                                                                                                                                                                                                                                0x01329ebb
                                                                                                                                                                                                                                0x01329ec1
                                                                                                                                                                                                                                0x01329fce
                                                                                                                                                                                                                                0x01329fde
                                                                                                                                                                                                                                0x01329fe4
                                                                                                                                                                                                                                0x01329fea
                                                                                                                                                                                                                                0x01329fea
                                                                                                                                                                                                                                0x01329fea
                                                                                                                                                                                                                                0x01329ff9
                                                                                                                                                                                                                                0x01329fff
                                                                                                                                                                                                                                0x01329fff
                                                                                                                                                                                                                                0x0132a002
                                                                                                                                                                                                                                0x0132a00e
                                                                                                                                                                                                                                0x0132a015
                                                                                                                                                                                                                                0x0132a01c
                                                                                                                                                                                                                                0x0132a022
                                                                                                                                                                                                                                0x0132a022
                                                                                                                                                                                                                                0x0132a029
                                                                                                                                                                                                                                0x0132a044
                                                                                                                                                                                                                                0x0132a044
                                                                                                                                                                                                                                0x0132a044
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132a02b
                                                                                                                                                                                                                                0x0132a02b
                                                                                                                                                                                                                                0x0132a031
                                                                                                                                                                                                                                0x0132a034
                                                                                                                                                                                                                                0x0132a03a
                                                                                                                                                                                                                                0x0132a040
                                                                                                                                                                                                                                0x0132a040
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132a02b
                                                                                                                                                                                                                                0x01329eca
                                                                                                                                                                                                                                0x01329ed3
                                                                                                                                                                                                                                0x01329ee6
                                                                                                                                                                                                                                0x01329eef
                                                                                                                                                                                                                                0x01329ef2
                                                                                                                                                                                                                                0x01329ef8
                                                                                                                                                                                                                                0x01329efe
                                                                                                                                                                                                                                0x01329f04
                                                                                                                                                                                                                                0x01329f06
                                                                                                                                                                                                                                0x01329f0d
                                                                                                                                                                                                                                0x01329f0d
                                                                                                                                                                                                                                0x01329f08
                                                                                                                                                                                                                                0x01329f08
                                                                                                                                                                                                                                0x01329f08
                                                                                                                                                                                                                                0x01329f0f
                                                                                                                                                                                                                                0x01329f11
                                                                                                                                                                                                                                0x01329f4a
                                                                                                                                                                                                                                0x01329f54
                                                                                                                                                                                                                                0x01329f60
                                                                                                                                                                                                                                0x01329f63
                                                                                                                                                                                                                                0x01329f67
                                                                                                                                                                                                                                0x01329f6d
                                                                                                                                                                                                                                0x01329fab
                                                                                                                                                                                                                                0x01329fab
                                                                                                                                                                                                                                0x01329fb2
                                                                                                                                                                                                                                0x01329fb5
                                                                                                                                                                                                                                0x01329fbb
                                                                                                                                                                                                                                0x01329fbd
                                                                                                                                                                                                                                0x01329fbf
                                                                                                                                                                                                                                0x01329fbf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329f6f
                                                                                                                                                                                                                                0x01329f6f
                                                                                                                                                                                                                                0x01329f7d
                                                                                                                                                                                                                                0x01329f85
                                                                                                                                                                                                                                0x01329f91
                                                                                                                                                                                                                                0x01329f97
                                                                                                                                                                                                                                0x01329f9a
                                                                                                                                                                                                                                0x01329fa6
                                                                                                                                                                                                                                0x01329fa6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329f13
                                                                                                                                                                                                                                0x01329f13
                                                                                                                                                                                                                                0x01329f19
                                                                                                                                                                                                                                0x01329dcb
                                                                                                                                                                                                                                0x01329dcb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329f1f
                                                                                                                                                                                                                                0x01329f1f
                                                                                                                                                                                                                                0x01329f25
                                                                                                                                                                                                                                0x01329f28
                                                                                                                                                                                                                                0x01329f2e
                                                                                                                                                                                                                                0x01329f34
                                                                                                                                                                                                                                0x01329f34
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329f38
                                                                                                                                                                                                                                0x01329f11
                                                                                                                                                                                                                                0x01329d57
                                                                                                                                                                                                                                0x01329d5e
                                                                                                                                                                                                                                0x01329d61
                                                                                                                                                                                                                                0x01329d67
                                                                                                                                                                                                                                0x01329d6d
                                                                                                                                                                                                                                0x01329d6f
                                                                                                                                                                                                                                0x01329d71
                                                                                                                                                                                                                                0x01329d71
                                                                                                                                                                                                                                0x01329d74
                                                                                                                                                                                                                                0x01329d7a
                                                                                                                                                                                                                                0x01329d80
                                                                                                                                                                                                                                0x01329d98
                                                                                                                                                                                                                                0x01329d9f
                                                                                                                                                                                                                                0x01329da4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329d82
                                                                                                                                                                                                                                0x01329d82
                                                                                                                                                                                                                                0x01329d89
                                                                                                                                                                                                                                0x01329d8b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329d8f
                                                                                                                                                                                                                                0x01329d94
                                                                                                                                                                                                                                0x01329da6
                                                                                                                                                                                                                                0x01329da6
                                                                                                                                                                                                                                0x01329da8
                                                                                                                                                                                                                                0x01329ddc
                                                                                                                                                                                                                                0x01329ddf
                                                                                                                                                                                                                                0x01329de5
                                                                                                                                                                                                                                0x01329de7
                                                                                                                                                                                                                                0x01329de9
                                                                                                                                                                                                                                0x01329de9
                                                                                                                                                                                                                                0x01329dec
                                                                                                                                                                                                                                0x01329def
                                                                                                                                                                                                                                0x01329df1
                                                                                                                                                                                                                                0x01329dfa
                                                                                                                                                                                                                                0x01329dfa
                                                                                                                                                                                                                                0x01329e01
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329e07
                                                                                                                                                                                                                                0x01329e07
                                                                                                                                                                                                                                0x01329e0d
                                                                                                                                                                                                                                0x01329e10
                                                                                                                                                                                                                                0x01329e16
                                                                                                                                                                                                                                0x01329e1c
                                                                                                                                                                                                                                0x01329e1c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329df3
                                                                                                                                                                                                                                0x01329df3
                                                                                                                                                                                                                                0x01329df8
                                                                                                                                                                                                                                0x01329e25
                                                                                                                                                                                                                                0x01329e2c
                                                                                                                                                                                                                                0x01329e2e
                                                                                                                                                                                                                                0x01329e86
                                                                                                                                                                                                                                0x01329e8b
                                                                                                                                                                                                                                0x01329e91
                                                                                                                                                                                                                                0x01329ea8
                                                                                                                                                                                                                                0x01329eae
                                                                                                                                                                                                                                0x01329eb3
                                                                                                                                                                                                                                0x01329eb3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329eb3
                                                                                                                                                                                                                                0x01329e30
                                                                                                                                                                                                                                0x01329e33
                                                                                                                                                                                                                                0x01329e39
                                                                                                                                                                                                                                0x01329e3f
                                                                                                                                                                                                                                0x01329e41
                                                                                                                                                                                                                                0x01329e47
                                                                                                                                                                                                                                0x01329e53
                                                                                                                                                                                                                                0x01329e5c
                                                                                                                                                                                                                                0x01329e5f
                                                                                                                                                                                                                                0x01329e65
                                                                                                                                                                                                                                0x01329e6c
                                                                                                                                                                                                                                0x01329e73
                                                                                                                                                                                                                                0x01329e81
                                                                                                                                                                                                                                0x01329e81
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329e39
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329df8
                                                                                                                                                                                                                                0x01329df1
                                                                                                                                                                                                                                0x01329daa
                                                                                                                                                                                                                                0x01329db0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329db2
                                                                                                                                                                                                                                0x01329db2
                                                                                                                                                                                                                                0x01329db8
                                                                                                                                                                                                                                0x01329dbb
                                                                                                                                                                                                                                0x01329dc1
                                                                                                                                                                                                                                0x01329dc7
                                                                                                                                                                                                                                0x01329dc7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329db2
                                                                                                                                                                                                                                0x01329d35
                                                                                                                                                                                                                                0x01329d35
                                                                                                                                                                                                                                0x01329d35
                                                                                                                                                                                                                                0x0132a046
                                                                                                                                                                                                                                0x0132a05a
                                                                                                                                                                                                                                0x0132a05a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GdipGetImagePixelFormat.GDIPLUS(0132975C,?,00000000,?,00000000), ref: 01329C6A
                                                                                                                                                                                                                                • GdipGetImageHeight.GDIPLUS(0132975C,00000000), ref: 01329CE8
                                                                                                                                                                                                                                • GdipGetImageWidth.GDIPLUS(0132975C,00000000), ref: 01329D0C
                                                                                                                                                                                                                                • GdipGetImagePaletteSize.GDIPLUS(0132975C,00000000,00000000,00000000,?,00000000), ref: 01329D67
                                                                                                                                                                                                                                • _free.LIBCMT ref: 01329DC1
                                                                                                                                                                                                                                • GdipGetImagePalette.GDIPLUS(0132975C,00000000,00000000,00000000), ref: 01329DDF
                                                                                                                                                                                                                                • _free.LIBCMT ref: 01329E16
                                                                                                                                                                                                                                • SetDIBColorTable.GDI32(?,00000000,00000000,?), ref: 01329EA8
                                                                                                                                                                                                                                  • Part of subcall function 01311B94: _memcpy_s.LIBCMT ref: 01311BA3
                                                                                                                                                                                                                                • GdipBitmapLockBits.GDIPLUS(0132975C,?,00000001,00010000,?,00000000,00000000,?,00000000), ref: 01329EFE
                                                                                                                                                                                                                                • _free.LIBCMT ref: 01329F2E
                                                                                                                                                                                                                                • GdipBitmapUnlockBits.GDIPLUS(0132975C,?), ref: 01329FB5
                                                                                                                                                                                                                                • GdipCreateBitmapFromScan0.GDIPLUS(00000110,?,00000008,00010000,?,00022009,00000000,00000000,?,00000000), ref: 01329FDE
                                                                                                                                                                                                                                • GdipGetImageGraphicsContext.GDIPLUS(00022009,00000000), ref: 01329FF9
                                                                                                                                                                                                                                • GdipDrawImageI.GDIPLUS(00000000,0132975C,00000000,00000000), ref: 0132A00E
                                                                                                                                                                                                                                • GdipDeleteGraphics.GDIPLUS(00000000), ref: 0132A015
                                                                                                                                                                                                                                • GdipDisposeImage.GDIPLUS(00022009), ref: 0132A01C
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0132A03A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Gdip$Image$_free$Bitmap$BitsGraphicsPalette$ColorContextCreateDeleteDisposeDrawFormatFromHeightLockPixelScan0SizeTableUnlockWidth_memcpy_s
                                                                                                                                                                                                                                • String ID: &
                                                                                                                                                                                                                                • API String ID: 3799214886-3042966939
                                                                                                                                                                                                                                • Opcode ID: 3641f822f09a96393543428d8ed11c795f368e1c97db24455aeb9b6e330cddb0
                                                                                                                                                                                                                                • Instruction ID: 299406b8aa3e879a3d9113a7661229d95ef9ecb6eaf00b75ea14ea7241b8acca
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3641f822f09a96393543428d8ed11c795f368e1c97db24455aeb9b6e330cddb0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3AC108B1900239DBDB21DF19CC84BD9BBB8BB04319F0085E9EA09A7245D7359ED5CF98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01346030, Relevance: 21.2, APIs: 14, Instructions: 188COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1807 1346030-1346050 IsWindow 1808 1346052-1346054 1807->1808 1809 1346059-134605e 1807->1809 1810 1346215-1346223 call 13748c1 1808->1810 1811 1346065-134609e GetDC GetClientRect 1809->1811 1812 1346060-1346063 1809->1812 1814 13460a4-13460ac 1811->1814 1815 1346207-1346213 ReleaseDC 1811->1815 1812->1808 1812->1811 1817 13460b2-1346102 call 134686a SelectObject 1814->1817 1818 134616f-134617e 1814->1818 1815->1810 1827 1346104-1346116 DrawTextW 1817->1827 1828 134611c-1346138 SelectObject 1817->1828 1819 1346180-1346186 SelectObject 1818->1819 1820 1346189-134618e 1818->1820 1819->1820 1822 1346190 1820->1822 1823 1346193-13461ab GetWindowLongW 1820->1823 1822->1823 1825 13461b0-13461b4 1823->1825 1826 13461ad-13461ae 1823->1826 1829 13461b9-13461d4 DrawTextW 1825->1829 1830 13461b6-13461b8 1825->1830 1826->1829 1827->1828 1831 1346140-134616a DrawTextW SelectObject 1828->1831 1832 134613a-134613d 1828->1832 1833 13461d6-13461dc SelectObject 1829->1833 1834 13461de-13461e0 1829->1834 1830->1829 1831->1815 1832->1831 1833->1834 1835 13461e2-13461ed 1834->1835 1836 13461ef-13461f3 1834->1836 1837 13461fb-1346201 OffsetRect 1835->1837 1836->1815 1838 13461f5-13461f8 1836->1838 1837->1815 1838->1837
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ObjectSelect$DrawText$ClientRectWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3018681926-0
                                                                                                                                                                                                                                • Opcode ID: 0cee84563bda876105f1a74557c0039311ae19d41796aef12d40114e380fc5c6
                                                                                                                                                                                                                                • Instruction ID: 51a41b8e50f5e061cb3a462da6c89d669f3ef3ca22edb0a458eea232ef858a8b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cee84563bda876105f1a74557c0039311ae19d41796aef12d40114e380fc5c6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE61F5B1900108EFDF12CFE8D985AEEBBFAFF09304F144125EA05AA165D772A945CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135713D, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1839 135713d-1357181 1840 1357245-135725b 1839->1840 1841 1357187-13571c1 GetCurrentThreadId call 1327581 1839->1841 1842 135725d-1357262 call 135736c 1840->1842 1843 135726f-135729a CreateEventW 1840->1843 1856 13571d4-1357240 call 1319b30 call 135be26 call 131aa87 call 13116f0 call 134ba76 call 1311524 call 131eaf8 1841->1856 1857 13571c3-13571d0 call 1327454 1841->1857 1848 1357267-1357269 1842->1848 1845 13572a7-13572be CreateEventW 1843->1845 1846 135729c-13572a2 GetLastError 1843->1846 1845->1846 1850 13572c0-13572d7 CreateEventW 1845->1850 1849 135734b-135736b call 13748c1 1846->1849 1848->1843 1848->1849 1850->1846 1852 13572d9-13572f0 CreateEventW 1850->1852 1852->1846 1855 13572f2-1357321 1852->1855 1860 1357323-135732d 1855->1860 1861 135732e-1357347 WaitForMultipleObjects call 1357579 1855->1861 1856->1840 1857->1856 1860->1861 1869 1357349 1861->1869 1869->1849
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 013571A2
                                                                                                                                                                                                                                  • Part of subcall function 01327581: _vwprintf.LIBCMT ref: 0132759F
                                                                                                                                                                                                                                  • Part of subcall function 01327581: _vswprintf_s.LIBCMT ref: 013275C3
                                                                                                                                                                                                                                • CreateEventW.KERNEL32(?,00000001,00000000,Global\PIP_UI_Ready_Local,B4B6CC09), ref: 01357290
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0135729C
                                                                                                                                                                                                                                • CreateEventW.KERNEL32(?,00000001,00000000,Global\PIP_UI_Ready_Remote), ref: 013572B4
                                                                                                                                                                                                                                • CreateEventW.KERNEL32(?,00000001,00000000,Global\PIP_Local_Error), ref: 013572CD
                                                                                                                                                                                                                                • CreateEventW.KERNEL32(?,00000001,00000000,Global\PIP_Remote_Exit), ref: 013572E6
                                                                                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000004,?,00000000,000000FF), ref: 01357337
                                                                                                                                                                                                                                  • Part of subcall function 01327449: _memcpy_s.LIBCMT ref: 01327498
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Global\PIP_UI_Ready_Remote, xrefs: 013572A7
                                                                                                                                                                                                                                • Global\PIP_Local_Error, xrefs: 013572C0
                                                                                                                                                                                                                                • Global\PIP_UI_Ready_Local, xrefs: 01357275
                                                                                                                                                                                                                                • Eventmanager running. ThreadID %d, xrefs: 013571A9
                                                                                                                                                                                                                                • Global\PIP_Remote_Exit, xrefs: 013572D9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateEvent$CurrentErrorLastMultipleObjectsThreadWait_memcpy_s_vswprintf_s_vwprintf
                                                                                                                                                                                                                                • String ID: Eventmanager running. ThreadID %d$Global\PIP_Local_Error$Global\PIP_Remote_Exit$Global\PIP_UI_Ready_Local$Global\PIP_UI_Ready_Remote
                                                                                                                                                                                                                                • API String ID: 4246286612-24945329
                                                                                                                                                                                                                                • Opcode ID: fc9ef5725e27cb4f2a6a4f3f0fc5a46fb28669dd8139f831ef3d07fa584bcb90
                                                                                                                                                                                                                                • Instruction ID: 29ab9e790e8e92bbd98e843a6428e63273e12a1a61820b1531a255bb8fb41d34
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc9ef5725e27cb4f2a6a4f3f0fc5a46fb28669dd8139f831ef3d07fa584bcb90
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5519371508381AFD364DF68C885FAAFBE8FB48718F440A2EF589D3240DB71A544CB92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134B822, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 83networkCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1879 134b822-134b844 call 137c242 InternetOpenW 1882 134b846-134b84c 1879->1882 1883 134b870-134b873 1879->1883 1884 134b911-134b916 call 137c2c5 1882->1884 1885 134b852-134b86b call 1319638 call 134ba76 1882->1885 1886 134b875-134b89c call 1376d83 call 131b7e3 call 1376d83 call 131b7e3 1883->1886 1887 134b8a1-134b8a5 1883->1887 1885->1884 1886->1887 1889 134b8a7-134b8aa 1887->1889 1890 134b8ac 1887->1890 1895 134b8af-134b8cb InternetConnectW 1889->1895 1890->1895 1895->1884 1898 134b8cd-134b8d3 1895->1898 1898->1884 1901 134b8d5-134b90c GetLastError call 135bfb1 call 131d888 call 134ba76 call 1311524 1898->1901 1901->1884
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0134B829
                                                                                                                                                                                                                                • InternetOpenW.WININET(APNInstaller,00000000,00000000,00000000,00000000), ref: 0134B839
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0134B87B
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0134B891
                                                                                                                                                                                                                                • InternetConnectW.WININET(00CC0004,013C2B68,00000050,013A12A4,013A12A4,00000003,00000000,00000000), ref: 0134B8C0
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0134B8D5
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_Internet_wcslen$ConnectCurrentErrorLastLocalOpenProcessTime_memset_strlenswprintf
                                                                                                                                                                                                                                • String ID: /PIP2.5/OfferAccept.jhtml$APNInstaller$InternetOpen Failed$Logger::Initialize()... InternetConnect() failed. Error code:$pipoffers.apnpartners.com
                                                                                                                                                                                                                                • API String ID: 2976682571-1714214441
                                                                                                                                                                                                                                • Opcode ID: 9eebc5cf53d9e9dd4b94e721548dcc24ca1eb429e297d9de9eaf458110c0bbac
                                                                                                                                                                                                                                • Instruction ID: f740bfd4dee67a6afb98c1ddf480f6210aaa77cf9a9460afca8fed6411db1f37
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9eebc5cf53d9e9dd4b94e721548dcc24ca1eb429e297d9de9eaf458110c0bbac
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B21C1F1900605AFFB24BBB8DCC6D7FBAACEB5460CF44051DE54282249DA60ED048B61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01321318, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 189windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1931 1321318-132134f SendMessageW call 132061f 1934 1321351-1321362 1931->1934 1935 1321364-1321367 1931->1935 1934->1935 1936 132136d-1321375 1934->1936 1937 1321487-1321489 1936->1937 1938 132137b-1321381 1936->1938 1940 132148b-13214a5 RaiseException 1937->1940 1938->1937 1939 1321387-13213a6 1938->1939 1943 13213c6-13213cf 1939->1943 1944 13213a8-13213b5 call 1320930 1939->1944 1941 1321575 1940->1941 1942 13214ab-13214af 1940->1942 1945 1321577-1321579 1941->1945 1942->1941 1946 13214b5-13214b9 1942->1946 1947 13213d1-13213dd 1943->1947 1948 1321446-1321456 1943->1948 1957 13213c3 1944->1957 1958 13213b7-13213c1 1944->1958 1946->1941 1950 13214bf-13214fc call 1314b1d 1946->1950 1947->1937 1951 13213e3-132140c call 13116f0 call 134032a 1947->1951 1948->1940 1952 1321458-1321464 InvalidateRect 1948->1952 1966 13214fe-1321507 1950->1966 1967 132156f-1321573 1950->1967 1956 132146a-132147c 1951->1956 1968 132140e-132141d 1951->1968 1952->1956 1961 1321482 1956->1961 1962 132136a 1956->1962 1957->1943 1958->1944 1958->1957 1961->1935 1962->1936 1969 1321522-1321550 GetWindowLongW CallWindowProcW 1966->1969 1970 1321509-1321520 CallWindowProcW 1966->1970 1967->1945 1968->1937 1971 132141f-1321440 EnableWindow 1968->1971 1973 1321552-132155c GetWindowLongW 1969->1973 1974 132156b 1969->1974 1972 132156e 1970->1972 1971->1948 1972->1967 1973->1974 1975 132155e-1321565 SetWindowLongW 1973->1975 1974->1972 1975->1974
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,?,00000000), ref: 01321337
                                                                                                                                                                                                                                  • Part of subcall function 0132061F: _strlen.LIBCMT ref: 01320626
                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 01321434
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000000,control), ref: 01321464
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,control), ref: 01321492
                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 01321517
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 0132152D
                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 0132153E
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 01321557
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 01321565
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Long$CallProc$EnableExceptionInvalidateMessageRaiseRectSend_strlen
                                                                                                                                                                                                                                • String ID: control
                                                                                                                                                                                                                                • API String ID: 2634654950-3990563915
                                                                                                                                                                                                                                • Opcode ID: c1cdd248dc4ac0e2a9fc4cfebbe90c32b365c8c0ca5b258f539b730adc21a3c5
                                                                                                                                                                                                                                • Instruction ID: 73952afdc97aedba36176765e3f49e7d2f202b628bbade7695f19154b1ce75c3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1cdd248dc4ac0e2a9fc4cfebbe90c32b365c8c0ca5b258f539b730adc21a3c5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25817131A00659EFDF25DF68C980EA9BBF6FF08304F148599F959A7251C731A950CF90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132157C, Relevance: 16.7, APIs: 11, Instructions: 194COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1976 132157c-13215a3 call 137c242 SetWindowPos 1979 13215b2-13215e4 CreateSolidBrush GetClientRect FillRect SetBkColor 1976->1979 1980 13215a5-13215b0 SetBkMode 1976->1980 1981 13215ea-13215ed 1979->1981 1980->1981 1982 13215f8-1321649 call 13116f0 call 135bed6 1981->1982 1983 13215ef-13215f5 1981->1983 1988 132164b 1982->1988 1989 132164d-1321697 call 13206d4 call 131aa87 GetObjectW * 2 1982->1989 1983->1982 1988->1989 1994 1321699-132169c 1989->1994 1995 132169e-13216a0 1989->1995 1996 13216a2-13216ab 1994->1996 1995->1996 1997 1321719-132171c 1996->1997 1998 13216ad-13216e2 call 1320689 1996->1998 2000 1321722-132177d call 1320689 1997->2000 2001 13217a6-13217e0 GetWindowRect 1997->2001 2004 13216e7-1321717 1998->2004 2007 1321780-13217a3 call 1320689 2000->2007 2002 13217e2-13217e8 DeleteObject 2001->2002 2003 13217ee-13217f3 call 137c2c5 2001->2003 2002->2003 2004->2007 2007->2001
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01321586
                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000003,00000108,01345EE7), ref: 0132159A
                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 013215AA
                                                                                                                                                                                                                                  • Part of subcall function 01320689: CreateFontW.GDI32(?,00000000,?,?,?,00000000,?,?,?,?,?,?,?,01320189,?,01320189), ref: 013206C5
                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 013215B5
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 013215C7
                                                                                                                                                                                                                                • FillRect.USER32 ref: 013215D8
                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 013215E4
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?,00000001,00000000,?,?), ref: 0132167E
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 0132168F
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 013217B0
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 013217E8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ObjectRect$CreateWindow$BrushClientColorDeleteFillFontH_prolog3_ModeSolid
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1729208488-0
                                                                                                                                                                                                                                • Opcode ID: ecbf583a164c869420f396e2502bcbb241e77f8277f95b34ecf4b481227ac359
                                                                                                                                                                                                                                • Instruction ID: 5f81ffc2407917c38aa4dad2c8a35578fabac3a280b6a5e22db429ba52623518
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ecbf583a164c869420f396e2502bcbb241e77f8277f95b34ecf4b481227ac359
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65811772900129AFDF229FE8CD44AEDBBB9FF09314F004195F648A6554C7729AA4DF90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135DC37, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 148processCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen$CreateH_prolog3_Process_memmove_memset
                                                                                                                                                                                                                                • String ID: D
                                                                                                                                                                                                                                • API String ID: 280335408-2746444292
                                                                                                                                                                                                                                • Opcode ID: c4a45f97fd030ce30e956fdb7ad41ea6d601a12027612ced835001a18db2ac3c
                                                                                                                                                                                                                                • Instruction ID: a906010d107bdb630cf5aab1f74951bb4f57caf5db63351b0186059c9de2080b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4a45f97fd030ce30e956fdb7ad41ea6d601a12027612ced835001a18db2ac3c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15519DB1910159BEEF15DFA8CC80EEEBBB8EF15758F000219F915A7194DB709E44CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013567DC, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 99registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 013567E3
                                                                                                                                                                                                                                  • Part of subcall function 0131A995: std::_Xinvalid_argument.LIBCPMT ref: 0131A9AF
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0135680F
                                                                                                                                                                                                                                  • Part of subcall function 0135C1E5: __EH_prolog3.LIBCMT ref: 0135C1EC
                                                                                                                                                                                                                                  • Part of subcall function 0131A941: _memmove.LIBCMT ref: 0131A968
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0135689E
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: std::_Xinvalid_argument.LIBCPMT ref: 0131B6BF
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: std::_Xinvalid_argument.LIBCPMT ref: 0131B6E1
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: _memmove.LIBCMT ref: 0131B725
                                                                                                                                                                                                                                  • Part of subcall function 013123E4: RegCloseKey.ADVAPI32(?,01312490,?,?,013137C7,00000002,00000000), ref: 013123ED
                                                                                                                                                                                                                                • RegDeleteValueW.KERNEL32(013A0458,80000001,013185A7,Software\APN PIP\ipc,00000000,Software\APN PIP\ipc,MP3R7,00000000,000000FF,00000048,013185A7,00000001,00000000,00000000), ref: 013568F4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Xinvalid_argument_memmove_wcslenstd::_$CloseDeleteH_prolog3H_prolog3_Value
                                                                                                                                                                                                                                • String ID: MP3R7$MP3R7$Software\APN PIP\ipc$Software\APN PIP\{partnerid}${partnerid}
                                                                                                                                                                                                                                • API String ID: 802844828-2831291640
                                                                                                                                                                                                                                • Opcode ID: 30ce3a5383bd9d17d3c5de2d5367fc9eb8d5be338be47389bd5d27b53ed57861
                                                                                                                                                                                                                                • Instruction ID: c56eb913599097548c1c6f675b8004df86ede7a5697022006857ce1db2edaf71
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30ce3a5383bd9d17d3c5de2d5367fc9eb8d5be338be47389bd5d27b53ed57861
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7431F7B1D00156ABDB18FBFC8C91EEEBA78EF2571CF94402CE51167289DE645E088762
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01346467, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 0134648C
                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 0134649B
                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 013464A2
                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 013464BB
                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 013464C6
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000111,?,?), ref: 013464D9
                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 013464F1
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0134650D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Ctrl$Parent$ExecuteInvalidateMessageRectSendShell
                                                                                                                                                                                                                                • String ID: open
                                                                                                                                                                                                                                • API String ID: 1200564152-2758837156
                                                                                                                                                                                                                                • Opcode ID: 5a82495f8041366dcaad6d3870eb9454b345cd06c3031e0619ef1667a9c9c219
                                                                                                                                                                                                                                • Instruction ID: 19da271c8b70728fca36fee3ef8b230c0ed1cd72e672097e835d40733a1938bd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a82495f8041366dcaad6d3870eb9454b345cd06c3031e0619ef1667a9c9c219
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E211AF71904348AFEF215BA5CC4AEABBFF9EB48708F044448E196A2255C7B6A940CB10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131CFC4, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0131CFCB
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0131CFD5
                                                                                                                                                                                                                                • int.LIBCPMT ref: 0131CFEC
                                                                                                                                                                                                                                  • Part of subcall function 01314493: std::_Lockit::_Lockit.LIBCPMT ref: 013144A4
                                                                                                                                                                                                                                • ctype.LIBCPMT ref: 0131D00F
                                                                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 0131D023
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 0131D031
                                                                                                                                                                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 0131D041
                                                                                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0131D047
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowctypestd::bad_exception::bad_exception
                                                                                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                                                                                • API String ID: 3349589501-3145022300
                                                                                                                                                                                                                                • Opcode ID: af38b8dc86ec64ffbface6ebcf07d3ffa828ca588e45131857512443634a4b12
                                                                                                                                                                                                                                • Instruction ID: f913f21ed0e3f956b27da48f3092aaf8875a7cebffdb6338fe948e8fb05aec0c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af38b8dc86ec64ffbface6ebcf07d3ffa828ca588e45131857512443634a4b12
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F001843194021BDBCF19EBA8D8509EE7739BF65768F140518D110771D8DF389906DB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135BE26, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                • _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                • _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __getptd.LIBCMT ref: 0137BA37
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __calloc_crt.LIBCMT ref: 0137BA57
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __lock.LIBCMT ref: 0137BA6D
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __copytlocinfo_nolock.LIBCMT ref: 0137BA7B
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __setlocale_nolock.LIBCMT ref: 0137BA91
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __lock.LIBCMT ref: 0137BAC3
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __updatetlocinfoEx_nolock.LIBCMT ref: 0137BAD5
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: ___removelocaleref.LIBCMT ref: 0137BADB
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __updatetlocinfoEx_nolock.LIBCMT ref: 0137BAF9
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                • __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                • _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _setlocale$Ex_nolock__lock__updatetlocinfo$H_prolog3____removelocaleref__calloc_crt__cftoe__copytlocinfo_nolock__getptd__setlocale_nolock_memset_strlen
                                                                                                                                                                                                                                • String ID: chs
                                                                                                                                                                                                                                • API String ID: 622581282-3522719042
                                                                                                                                                                                                                                • Opcode ID: 6014ef5cf2bc04649455fcb224e70403eb798412893d8a287f4b130ef08df52e
                                                                                                                                                                                                                                • Instruction ID: b118e5bb2c998afc1fb4d4520c6609fb50207475df173f9236055ced4ec6190d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6014ef5cf2bc04649455fcb224e70403eb798412893d8a287f4b130ef08df52e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A114F7180120AEFDB24EBA9EC80CEEFBBDEF58629F10041AF505A7144DA74A944CB65
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01314F85, Relevance: 12.1, APIs: 8, Instructions: 131comCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01314F8C
                                                                                                                                                                                                                                • CoCreateInstance.OLE32(013A18F4,00000000,00000001,013A1894,?,00000020,01316038,?), ref: 0131502E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateH_prolog3_Instance
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3671951861-0
                                                                                                                                                                                                                                • Opcode ID: b4d8effc165879b4cd6eb0d9b7a8adae741af314fbfa16a96d2ab67afca0ffaa
                                                                                                                                                                                                                                • Instruction ID: 92f61d2dff21605334603b0b81d7c39e35330337642efbcf89b992f197f506ba
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4d8effc165879b4cd6eb0d9b7a8adae741af314fbfa16a96d2ab67afca0ffaa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7241A171940215DBDF398BD9C848BFE7AB8FF4AB58F64441AF501E6248D36AC980C7A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01329ABE, Relevance: 12.1, APIs: 8, Instructions: 98filestringwindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(013C17C0,00000000,?,00000000), ref: 01329AF5
                                                                                                                                                                                                                                • GdiplusStartup.GDIPLUS(013C17BC,?,?), ref: 01329B39
                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(013C17C0), ref: 01329B4B
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 01329B7D
                                                                                                                                                                                                                                • GdipCreateBitmapFromFile.GDIPLUS(?,?), ref: 01329BD0
                                                                                                                                                                                                                                • _free.LIBCMT ref: 01329BF8
                                                                                                                                                                                                                                • GdipDisposeImage.GDIPLUS(?), ref: 01329C09
                                                                                                                                                                                                                                • GdipDisposeImage.GDIPLUS(?), ref: 01329C2D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Gdip$CriticalDisposeImageSection$BitmapCreateEnterFileFromGdiplusLeaveStartup_freelstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 166940661-0
                                                                                                                                                                                                                                • Opcode ID: 50de9562834d8f62e3199856e92efb7b892e5e939128d8a7c49c72ede235c0f2
                                                                                                                                                                                                                                • Instruction ID: a25be07b15028777590f9889432fa4560d338e5c1dda7de7a069eba9b6762645
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50de9562834d8f62e3199856e92efb7b892e5e939128d8a7c49c72ede235c0f2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9741287590023CDFDF25AF24DC85BDDBBB9EB49319F0040EAE609A2200D7715E858FA5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01345D86, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 01345D94
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 01345DA8
                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 01345DD0
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000001,00000000), ref: 01345DEB
                                                                                                                                                                                                                                • ImageList_GetIconSize.COMCTL32(?,00000000,00000000), ref: 01345E23
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Long$IconImageList_MessageSendSize
                                                                                                                                                                                                                                • String ID: tooltips_class32
                                                                                                                                                                                                                                • API String ID: 1981972318-1918224756
                                                                                                                                                                                                                                • Opcode ID: 3bc579bc5c952096300d9dea906d673ffdd570f310089379b0e092973ba69ce2
                                                                                                                                                                                                                                • Instruction ID: 6215346ce5e6689301d0578166215cd54f60497b0114f53faa0421dc8a113128
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3bc579bc5c952096300d9dea906d673ffdd570f310089379b0e092973ba69ce2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15216FB1610200BFEB299F58CC89FAA7BFDEF49714F10425CFA05A6294DB71AD45CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013283BA, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memorystringwindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00001300,00000000,013ABDC4,00000400,013A3768,00000000,00000000,76D26490,00000000,00000000,013288B1,?,76D26490), ref: 013283DD
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00000000,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 013283EA
                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000000,00000040,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 0132841C
                                                                                                                                                                                                                                • swprintf.LIBCMT ref: 0132845F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocFormatLocalMessagelstrlenswprintf
                                                                                                                                                                                                                                • String ID: IDispatch error #%d$Unknown error 0x%0lX
                                                                                                                                                                                                                                • API String ID: 2315917530-2934499512
                                                                                                                                                                                                                                • Opcode ID: b597808a3a792856b89d83741ab098990dab7b66ebab7708132c04b36005c028
                                                                                                                                                                                                                                • Instruction ID: 3004d16e09f14c18bd03c2bac73e19aa098075daa8467ebada5e7dfea667fd8c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b597808a3a792856b89d83741ab098990dab7b66ebab7708132c04b36005c028
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2113170200231AFE724AFA8C894D76B3E9FF4071CF5048ADE286E3181E770A845C760
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01362D08, Relevance: 10.6, APIs: 7, Instructions: 58memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,0000000D,?,?,01314F4B), ref: 01362C8C
                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,01314F4B), ref: 01362C93
                                                                                                                                                                                                                                  • Part of subcall function 01362BEA: IsProcessorFeaturePresent.KERNEL32(0000000C,01362C7A,?,?,01314F4B), ref: 01362BEC
                                                                                                                                                                                                                                • InterlockedPopEntrySList.KERNEL32(00C17D58,?,?,01314F4B), ref: 01362CA6
                                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,?,01314F4B), ref: 01362CB7
                                                                                                                                                                                                                                • InterlockedPopEntrySList.KERNEL32(?,?,01314F4B), ref: 01362CCF
                                                                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,01314F4B), ref: 01362CDF
                                                                                                                                                                                                                                • InterlockedPushEntrySList.KERNEL32(00000000,?,?,01314F4B), ref: 01362CF6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EntryInterlockedList$AllocHeapVirtual$FeatureFreePresentProcessProcessorPush
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2304957937-0
                                                                                                                                                                                                                                • Opcode ID: fc5b7fb51e9ca9b5ab1cea45a9e5b4643c066f1ea80f2788e62d26035a517602
                                                                                                                                                                                                                                • Instruction ID: b549d32f9f08a69e6526c61e5de6529494d3d501845f24f1cfcdb961a249b170
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc5b7fb51e9ca9b5ab1cea45a9e5b4643c066f1ea80f2788e62d26035a517602
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9511D632200611EBDF311AFCAC08B67766CFB48785F138420FA85D729CDB62E8018BB4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131409A, Relevance: 9.2, APIs: 6, Instructions: 203COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 013140A4
                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(013C2EF8,00000230,01313DDF,?), ref: 013140CE
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00000104), ref: 0131412B
                                                                                                                                                                                                                                • LoadTypeLib.OLEAUT32(?,?), ref: 0131414F
                                                                                                                                                                                                                                • LoadRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 0131416C
                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0131432B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalLoadSectionType$EnterFileH_prolog3_LeaveModuleName
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 500997196-0
                                                                                                                                                                                                                                • Opcode ID: 644407d0471c17b155469139d5de61174ece225d0bd5ef633005e85c7e1de361
                                                                                                                                                                                                                                • Instruction ID: 93fdff0a18bcdf5837726cd45fa5a3d83e2f850e55570ad6c07c38eaf2212917
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 644407d0471c17b155469139d5de61174ece225d0bd5ef633005e85c7e1de361
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC813E74A00218EFDB25DBA8DC88AA9BBF9FF48308F2445D9E549D7219D7359E81CF10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135736C, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 155COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01357376
                                                                                                                                                                                                                                  • Part of subcall function 0135DAE1: _memset.LIBCMT ref: 0135DB3F
                                                                                                                                                                                                                                  • Part of subcall function 0135DAE1: GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0135DB54
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 013573FC
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01357416
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen$FileH_prolog3_ModuleName_memmove_memset
                                                                                                                                                                                                                                • String ID: -se$Remote process started. Handle %d
                                                                                                                                                                                                                                • API String ID: 1459579566-1328473449
                                                                                                                                                                                                                                • Opcode ID: 66f962ca6bce21ca5f7e8b8d23fec5797108e258e147c4f4789a66c70c8afb15
                                                                                                                                                                                                                                • Instruction ID: 0dea9d4ee1dd2ac0dc653d928dca2a5a2d754701af9946ab27fae3047328b84d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66f962ca6bce21ca5f7e8b8d23fec5797108e258e147c4f4789a66c70c8afb15
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B518171D002599FEF14EBACC891FEEBBB8EF25308F444099E549A7284DA705E44CB92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135C7D4, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 126registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135C7DE
                                                                                                                                                                                                                                • RegCloseKey.KERNEL32(?,00000000,?,00000000,?,0000009C,0135C5A3,00000000,00000001,00000001,00000000,00000000,?,00000001,013A11F0,?), ref: 0135C972
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,?,00000000,?,0000009C,0135C5A3,00000000,00000001,00000001,00000000,00000000,?,00000001,013A11F0,?), ref: 0135C982
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                  • Part of subcall function 0131D888: _strlen.LIBCMT ref: 0131D894
                                                                                                                                                                                                                                  • Part of subcall function 01347F01: _strlen.LIBCMT ref: 01347F0C
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 01311524: _memmove.LIBCMT ref: 01311544
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3__setlocale$Close_memset_strlen$CurrentLocalProcessTime__cftoe_memmoveswprintf
                                                                                                                                                                                                                                • String ID: value:$WriteRegister()... name:
                                                                                                                                                                                                                                • API String ID: 2329745090-2921753706
                                                                                                                                                                                                                                • Opcode ID: 9b9fe7ec1f89f6f8872578ace20b451f6a777dad1683a10f3b004b2dbf73d8db
                                                                                                                                                                                                                                • Instruction ID: 42ba993cc2da06952ee29ef520630276b2af8f56188c5d48f02c2cadb14690c9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b9fe7ec1f89f6f8872578ace20b451f6a777dad1683a10f3b004b2dbf73d8db
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE413A71D0021ADFDF649F68C880BDABBB9BF4561CF1450A9D549A7200DA709E84CF61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131D0A8, Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 0131D109
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 0131D120
                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 0131D132
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 0131D14C
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 0131D15B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Long$CallProc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 513923721-0
                                                                                                                                                                                                                                • Opcode ID: d962c07b1f24300b9bbd1b3fed4f09a31cedd6d566b1717d4c3ad14842aecb68
                                                                                                                                                                                                                                • Instruction ID: f81f6fecd69717716eba10db8313f272dead8678d5c64e8df5b3f1404f1ab931
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d962c07b1f24300b9bbd1b3fed4f09a31cedd6d566b1717d4c3ad14842aecb68
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41313831500608AFCB25CF69C8849AABBF9FF49714B108929F9A697660D731E950DF90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013475B9, Relevance: 7.5, APIs: 5, Instructions: 49stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 013475C0
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,0000000C,0134671D,?,?), ref: 013475D8
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?), ref: 0134761E
                                                                                                                                                                                                                                • lstrcpyW.KERNEL32 ref: 0134762C
                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 01347644
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$H_prolog3_catchTextWindowlstrcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2247066379-0
                                                                                                                                                                                                                                • Opcode ID: 9c297a825fbabf32e5e2d49b322b8e0f1274ea45ba5b17155d035eb3b1f64031
                                                                                                                                                                                                                                • Instruction ID: 05dd8f991df6a576c71e487a5bc9c2243317c5bda03fa96d137603c3d0819fdf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c297a825fbabf32e5e2d49b322b8e0f1274ea45ba5b17155d035eb3b1f64031
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A012872201201AFDF216F68D909A6E7BEAFF18725F009509E40A5F251CB79A904CBA4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01317558, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 369COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3
                                                                                                                                                                                                                                • String ID: AXWIN
                                                                                                                                                                                                                                • API String ID: 431132790-1948516679
                                                                                                                                                                                                                                • Opcode ID: b22602fa71bc42f132684069ed1e5c4f56e9e1ebfc83d0992a91749aba98c8ec
                                                                                                                                                                                                                                • Instruction ID: 99a88e3d623199af6bd934b90ad1a4be11669ba698ca465598ec847cb6dda6aa
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b22602fa71bc42f132684069ed1e5c4f56e9e1ebfc83d0992a91749aba98c8ec
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9E12A70A00216DFDB14CFA8C888BAEBBB9FF49718F184598F915DB295C775D901CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01313EE1, Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 01313EE8
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 01313FF4
                                                                                                                                                                                                                                • SysStringLen.OLEAUT32(?), ref: 01313FFE
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 01314022
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$Free$H_prolog3_catch
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1415682657-0
                                                                                                                                                                                                                                • Opcode ID: 62276cb96f871b52a7c0c267bb6e70d0cbcad345a0dd523977c0e46e95b2d576
                                                                                                                                                                                                                                • Instruction ID: babea471ee5e9c6e0f3c86c7d1824f6a2eb10e025882c68240d9276d6ba53f86
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62276cb96f871b52a7c0c267bb6e70d0cbcad345a0dd523977c0e46e95b2d576
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1411C75A0020AEFDF14DFA8C885AAEBBB8FF08314F104569E946EB254D734DA40CF61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135BED6, Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135BEDD
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(0135D1A8,00000000,?,00000000,00000000,00000000,00000028,0135D1A8,?), ref: 0135BF0C
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0135BF50
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,00000000,00000000,?), ref: 0135BF70
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$H_prolog3__memset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2885787191-0
                                                                                                                                                                                                                                • Opcode ID: 9935dae94fa32c51b024a550c597b880f76624f84dc0e90716729827975b9e6c
                                                                                                                                                                                                                                • Instruction ID: e7693460992e4017e22b46cba510cac8e6421a1ceeda683c6e6410e965c34132
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9935dae94fa32c51b024a550c597b880f76624f84dc0e90716729827975b9e6c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8217A71911118BFDF14EFA8DC84DEEBBB9FF08368F508119F809AA194C7719904CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013753A6, Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 013753C0
                                                                                                                                                                                                                                  • Part of subcall function 01376C17: __FF_MSGBANNER.LIBCMT ref: 01376C30
                                                                                                                                                                                                                                  • Part of subcall function 01376C17: __NMSG_WRITE.LIBCMT ref: 01376C37
                                                                                                                                                                                                                                  • Part of subcall function 01376C17: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,0137C61D,?,00000001,?,?,013822FD,00000018,013B0180,0000000C,0138238D), ref: 01376C5C
                                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 013753F5
                                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 0137540F
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 01375420
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 615853336-0
                                                                                                                                                                                                                                • Opcode ID: d64f1fb3dfa1ad91ccf8afcbdfb2d2e6433fa771023b891a343b0a25e55c4f2d
                                                                                                                                                                                                                                • Instruction ID: bf3cca81eddc65f278c847df53abfb6fe1d5b78a5f90508acda7ec8c34515783
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d64f1fb3dfa1ad91ccf8afcbdfb2d2e6433fa771023b891a343b0a25e55c4f2d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61F02D7550010EABEF38EB5DD841E9D7FBC6B5031CF100019E414A60D1EBB9AA44DF91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01311716, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 01311730
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 01363236
                                                                                                                                                                                                                                  • Part of subcall function 01363221: __CxxThrowException@8.LIBCMT ref: 0136324B
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 0136325C
                                                                                                                                                                                                                                  • Part of subcall function 013117AF: std::_Xinvalid_argument.LIBCPMT ref: 013117C0
                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0131178B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • invalid string position, xrefs: 0131172B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                                                                                                                                                                • String ID: invalid string position
                                                                                                                                                                                                                                • API String ID: 3404309857-1799206989
                                                                                                                                                                                                                                • Opcode ID: cc030acaa9d41128eab7e861ecfe5b7477dae311a655a659f60cdfb6c00ba85a
                                                                                                                                                                                                                                • Instruction ID: 0b837bfc6b542d191fcd30ba3f31ef67680be1a4e8e4eb5ef793f0e4aaff0d26
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc030acaa9d41128eab7e861ecfe5b7477dae311a655a659f60cdfb6c00ba85a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47113D313042149BCB2C9E2CDC40E9AB7A9EB81628F14052DFB128B389DB71E800C795
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135CB2A, Relevance: 4.6, APIs: 3, Instructions: 93registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135CB34
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0135CC26
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,?,013A0D00), ref: 0135CC68
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseH_prolog3__wcslen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2351855038-0
                                                                                                                                                                                                                                • Opcode ID: 7277e43ffc3c0d17fa02853853040f5702e7249a216123b5dcd58e11d803210b
                                                                                                                                                                                                                                • Instruction ID: aff973f51f1a26d51162f6e76ea7fbce130452583ccfeff648f3ddf6e8419a30
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7277e43ffc3c0d17fa02853853040f5702e7249a216123b5dcd58e11d803210b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0541F6B19006298BCF64DB28CD84B89B7B8AF4470DF4010E9DA0DA7241DB70AE85CF99
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135CC9D, Relevance: 4.6, APIs: 3, Instructions: 63COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • UuidCreate.RPCRT4(?), ref: 0135CCB8
                                                                                                                                                                                                                                • UuidToStringW.RPCRT4(?,?), ref: 0135CCCA
                                                                                                                                                                                                                                  • Part of subcall function 01319B90: _wcslen.LIBCMT ref: 01319B96
                                                                                                                                                                                                                                • RpcStringFreeW.RPCRT4(?), ref: 0135CCE1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: StringUuid$CreateFree_wcslen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3476631635-0
                                                                                                                                                                                                                                • Opcode ID: 7bbb8aea692734e40ee87d7de4a2a0b796a97c4701672d5f665f493e88d2ef37
                                                                                                                                                                                                                                • Instruction ID: f1de13917fbd09442ed2ebdbeab89f0befce81b6046416cc63ea145c644193ac
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7bbb8aea692734e40ee87d7de4a2a0b796a97c4701672d5f665f493e88d2ef37
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF1154716002099BCB24DFADD8C4DAFB7FDFF44609750146AEA42E3104D624E90687A0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01345E8E, Relevance: 4.5, APIs: 3, Instructions: 46COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01345E95
                                                                                                                                                                                                                                • BeginPaint.USER32(?,?,00000054,01344C41), ref: 01345ECD
                                                                                                                                                                                                                                • EndPaint.USER32(00000001,?), ref: 01345F00
                                                                                                                                                                                                                                  • Part of subcall function 0132157C: __EH_prolog3_GS.LIBCMT ref: 01321586
                                                                                                                                                                                                                                  • Part of subcall function 0132157C: SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000003,00000108,01345EE7), ref: 0132159A
                                                                                                                                                                                                                                  • Part of subcall function 0132157C: SetBkMode.GDI32(?,00000001), ref: 013215AA
                                                                                                                                                                                                                                  • Part of subcall function 0132157C: GetObjectW.GDI32(?,0000005C,?,00000001,00000000,?,?), ref: 0132167E
                                                                                                                                                                                                                                  • Part of subcall function 0132157C: GetObjectW.GDI32(?,0000005C,?), ref: 0132168F
                                                                                                                                                                                                                                  • Part of subcall function 0134695A: GetClientRect.USER32 ref: 013469E6
                                                                                                                                                                                                                                  • Part of subcall function 0134695A: SetBkMode.GDI32(?,00000001), ref: 013469F1
                                                                                                                                                                                                                                  • Part of subcall function 0134695A: SelectObject.GDI32(?,?), ref: 01346A03
                                                                                                                                                                                                                                  • Part of subcall function 0134695A: DrawTextW.USER32 ref: 01346A28
                                                                                                                                                                                                                                  • Part of subcall function 0134695A: IsWindowEnabled.USER32(00000000), ref: 01346A31
                                                                                                                                                                                                                                  • Part of subcall function 0134695A: SetTextColor.GDI32(?,00000000), ref: 01346A52
                                                                                                                                                                                                                                  • Part of subcall function 0134695A: SelectObject.GDI32(?,?), ref: 01346A7A
                                                                                                                                                                                                                                  • Part of subcall function 0134695A: DrawTextW.USER32 ref: 01346A97
                                                                                                                                                                                                                                  • Part of subcall function 0134695A: SetTextColor.GDI32(?,?), ref: 01346AA6
                                                                                                                                                                                                                                  • Part of subcall function 0134695A: SelectObject.GDI32(?,?), ref: 01346AAE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Object$Text$Select$ColorDrawH_prolog3_ModePaintWindow$BeginClientEnabledRect
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1913263643-0
                                                                                                                                                                                                                                • Opcode ID: de6e38e1e73eb3aeef69a4cbe600f1caf857c515f1b0335c7b39dfef40958abb
                                                                                                                                                                                                                                • Instruction ID: ae75566f5c409130f6b762bb5ca934e72d63c3f8119fec7a9836f652d7be984c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de6e38e1e73eb3aeef69a4cbe600f1caf857c515f1b0335c7b39dfef40958abb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 110125B1E2031A9FCB15AFECC8066ADBBF9BF18709F004109E109EB204C778A905CB95
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01321082, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01320DEC: CreateWindowExW.USER32 ref: 01320E2C
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: GetCurrentProcess.KERNEL32(00000000,0000000D), ref: 01314F70
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: FlushInstructionCache.KERNEL32(00000000), ref: 01314F77
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 013210FA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$CacheCreateCurrentFlushInstructionLongProcess
                                                                                                                                                                                                                                • String ID: BUTTON
                                                                                                                                                                                                                                • API String ID: 3833653893-3405671355
                                                                                                                                                                                                                                • Opcode ID: 3f7aecd601b6a8e036c25ce539a6ca301ec7c6068f2010b17f537c3a2a72a4d1
                                                                                                                                                                                                                                • Instruction ID: c5721ac7fc95c0e0a56daf0d2a02ff2e1d563f2835b7196a3e233499d3641577
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f7aecd601b6a8e036c25ce539a6ca301ec7c6068f2010b17f537c3a2a72a4d1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B114271A00315AFD724EF6ADD5096ABBFCFF58304B20452DE559E7240E770A904CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131B8E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0131B8F4
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: std::exception::exception.LIBCMT ref: 013631E9
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: __CxxThrowException@8.LIBCMT ref: 013631FE
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: std::exception::exception.LIBCMT ref: 0136320F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                                                                • API String ID: 1823113695-2556327735
                                                                                                                                                                                                                                • Opcode ID: 12326881a675bb71b3478145d2d3c40be69785fb2842acc513eadacb09fdbee8
                                                                                                                                                                                                                                • Instruction ID: 219f11d1e8f8ca558a2dbbe140a204471d29357e547694665efa6ded68e1b5fb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12326881a675bb71b3478145d2d3c40be69785fb2842acc513eadacb09fdbee8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BF04C31A143645BCF1EBA7DC840AB9F67AAF0666DB200959E891CF09EC721CC4383E1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013117AF, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 013117C0
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: std::exception::exception.LIBCMT ref: 013631E9
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: __CxxThrowException@8.LIBCMT ref: 013631FE
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: std::exception::exception.LIBCMT ref: 0136320F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                                                                • API String ID: 1823113695-2556327735
                                                                                                                                                                                                                                • Opcode ID: 70c33f192d3f5f1f815d0df41bebb49cf20335ca194757e27b578a1ebee57f4e
                                                                                                                                                                                                                                • Instruction ID: b2ffefa31d49fe954747c84779a8a36cda09067629318cc640031d06a6f86264
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70c33f192d3f5f1f815d0df41bebb49cf20335ca194757e27b578a1ebee57f4e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9F0F631A042295BDF1DEA7C4C808FA7E99AB0261C7348965EFB1DF2CAD622C8418391
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013570B1, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0131A995: std::_Xinvalid_argument.LIBCPMT ref: 0131A9AF
                                                                                                                                                                                                                                • CreateThread.KERNEL32 ref: 013570E7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateThreadXinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: Monitor started
                                                                                                                                                                                                                                • API String ID: 1709647009-441388819
                                                                                                                                                                                                                                • Opcode ID: dc75c024fc95f1bf0ad0e43374e2560cf89b7483678f86c7268f0204f75d4b3f
                                                                                                                                                                                                                                • Instruction ID: 102946b0867219d7a4425c21c0e54d19c506605fa54d0fd9e88fe231f48588f5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc75c024fc95f1bf0ad0e43374e2560cf89b7483678f86c7268f0204f75d4b3f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ADF02BB460020C7FE710AFBECCC6CAB3B9DD615A9CB40052DF90247344E9716E044771
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01317F48, Relevance: 3.1, APIs: 2, Instructions: 83memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: EnterCriticalSection.KERNEL32(013C1788,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 0131801F
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: RegisterWindowMessageW.USER32(WM_ATLGETHOST,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 01318030
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: RegisterWindowMessageW.USER32(WM_ATLGETCONTROL,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 0131803C
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: GetClassInfoExW.USER32 ref: 0131805B
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: LoadCursorW.USER32 ref: 01318096
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: RegisterClassExW.USER32 ref: 013180B9
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: _memset.LIBCMT ref: 013180E7
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: GetClassInfoExW.USER32 ref: 01318104
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: LoadCursorW.USER32 ref: 01318145
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: RegisterClassExW.USER32 ref: 01318168
                                                                                                                                                                                                                                  • Part of subcall function 01319F09: __EH_prolog3_catch.LIBCMT ref: 01319F10
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 01317FA8
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 01317FD4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ClassRegister$CursorInfoLoadMessageStringWindow$AllocCriticalEnterFreeH_prolog3_catchSection_memset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2519691004-0
                                                                                                                                                                                                                                • Opcode ID: a53c75a076adddc6e32aacb706d2816c2cd732abbdf944ad6e3c8056ad58bb5e
                                                                                                                                                                                                                                • Instruction ID: cb0732869bf75ad607a336dcda3b114ab96c738d8385ebbbce116a4b21593541
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a53c75a076adddc6e32aacb706d2816c2cd732abbdf944ad6e3c8056ad58bb5e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E218171A00208FFCB15DFA9C888C9EBBBAEF88319B244499F505DB214D7729E41CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01313DFA, Relevance: 3.1, APIs: 2, Instructions: 66stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memcmplstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 107979428-0
                                                                                                                                                                                                                                • Opcode ID: 7e513aaf64e576f98e437acba75618fe7b2574885cc9fc2ea60c3473298a6993
                                                                                                                                                                                                                                • Instruction ID: 4f0dbdb745e5ec9e0270f43a780c32ad5bba274c473bd7ad74d9c3b750c91b48
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e513aaf64e576f98e437acba75618fe7b2574885cc9fc2ea60c3473298a6993
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9216072600705DFCB25CF19D980C56BBE5FF84624B058529E94A8B225D731E854CFB1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131C601, Relevance: 3.1, APIs: 2, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_catch_memmove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3914490576-0
                                                                                                                                                                                                                                • Opcode ID: 8e83f9ea131e83c7ec2a409a838836aa7f897c40a3cb8f9bd18e81757b1a6924
                                                                                                                                                                                                                                • Instruction ID: 878682a73a08ab01c9ce9b716c3e285deab7e838a8e0bd7249807dade729145f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e83f9ea131e83c7ec2a409a838836aa7f897c40a3cb8f9bd18e81757b1a6924
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B21A571B442059BDB28CF58C88076DB7B5BF94728F24691DE4069B694CB70BA40CB95
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013118C6, Relevance: 3.1, APIs: 2, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_catch_memmove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3914490576-0
                                                                                                                                                                                                                                • Opcode ID: 8b5c450006f4c16d70e7e154aa149e727abf0ece9daf7669ea1d04d54f5e602b
                                                                                                                                                                                                                                • Instruction ID: 1000bb0704fe37aee9381e745b625591791d035cca7f5c84451f01b0fa2d0cad
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b5c450006f4c16d70e7e154aa149e727abf0ece9daf7669ea1d04d54f5e602b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6211DA31B0020A9BEB28DF6CC84079DBBB7AB94714F104119E665AF2C4C771AE40C7D5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01347E09, Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: GetCurrentProcess.KERNEL32(00000000,0000000D), ref: 01314F70
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: FlushInstructionCache.KERNEL32(00000000), ref: 01314F77
                                                                                                                                                                                                                                • SetLastError.KERNEL32(0000000E,00000000,?,?,01315163,00000000,00000000,AXWIN Frame Window,00CF0000,00000000,00000000,?), ref: 01347E22
                                                                                                                                                                                                                                • CreateWindowExW.USER32 ref: 01347E89
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CacheCreateCurrentErrorFlushInstructionLastProcessWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 852167079-0
                                                                                                                                                                                                                                • Opcode ID: b08663610b2a3aee25890751e8c1935e5f7ceb1f6df4cbc2467a27301ff0d610
                                                                                                                                                                                                                                • Instruction ID: f9d1a0489f641e3774ca73af006bf04777885ee4d88844f9032fb81a7962c2dc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b08663610b2a3aee25890751e8c1935e5f7ceb1f6df4cbc2467a27301ff0d610
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0611A136100109EFDB218F6ADD44EEB3BE9EB88354F058219FE099B121D735ED91DBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01316E8F, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Release
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1375353473-0
                                                                                                                                                                                                                                • Opcode ID: 8131454fa62b6d06d2c7fe206f76df0c4699bc6c32b278fbfaf5e91ad2a2ea50
                                                                                                                                                                                                                                • Instruction ID: b477bfa06fc835e7c212e58532ef6fb5506495230fc0ecfe0def0745a3ac7247
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8131454fa62b6d06d2c7fe206f76df0c4699bc6c32b278fbfaf5e91ad2a2ea50
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FCF0BEB2200114BFEB258BAACC49D77BBBEEBC8B24B048129F209D7154D6726C008730
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131DA60, Relevance: 3.0, APIs: 2, Instructions: 27COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 0131DA90
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 0131DAA5
                                                                                                                                                                                                                                  • Part of subcall function 013753A6: _malloc.LIBCMT ref: 013753C0
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4063778783-0
                                                                                                                                                                                                                                • Opcode ID: eb9d74f1e3bf39ca52c942a18bb4b4e817f2c93e1b50694a2c16424923dacdf2
                                                                                                                                                                                                                                • Instruction ID: 814f0e050e714cb5e953a47145f0f1aeb1c5c423acf1a6c5e9796a1c0a912522
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb9d74f1e3bf39ca52c942a18bb4b4e817f2c93e1b50694a2c16424923dacdf2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7DE0653590020EABEF28EBA9D454ADE77EC5F1525CF10426DE911D5048EB74E2048A91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01311A3F, Relevance: 3.0, APIs: 2, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 01311A6A
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 01311A7F
                                                                                                                                                                                                                                  • Part of subcall function 013753A6: _malloc.LIBCMT ref: 013753C0
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4063778783-0
                                                                                                                                                                                                                                • Opcode ID: 8ae283abbe226050098a98f31daeadaecc09fba04c65da4da17588c71baa8540
                                                                                                                                                                                                                                • Instruction ID: 761aa03b2d155a8a885d1cd3412b4eecc82756e5ae8a68317e1c7bb0110d0bcd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ae283abbe226050098a98f31daeadaecc09fba04c65da4da17588c71baa8540
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ABE0123590020EBBDF28EF79D845ACD7FFC9B102ADF10C169EA1495194EB74D644CB92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013124A4, Relevance: 3.0, APIs: 2, Instructions: 20registrystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00000000,?,01313034,?,?,?,B4B6CC09,00000000,?,00000000,?,?,01391934,000000FF,?,01313776), ref: 013124B5
                                                                                                                                                                                                                                • RegSetValueExW.KERNEL32(?,?,00000000,00000001,00000000,?,?,01313034,?,?,?,B4B6CC09,00000000,?,00000000,?), ref: 013124CF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Valuelstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 799288031-0
                                                                                                                                                                                                                                • Opcode ID: 9aab595353b3c88ea7e4985d164fd3a10c5264bb41fc01e322513493d2467768
                                                                                                                                                                                                                                • Instruction ID: 945d45fd6af626a40576a8759a8fd1d5838e490420a110cd1aadf8a3b8abc1c4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9aab595353b3c88ea7e4985d164fd3a10c5264bb41fc01e322513493d2467768
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91E0EC3514024EFFDF218F80DC49FAA3BB9FB18714F108415FA15995A5DBB2D5A0DBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013153AE, Relevance: 1.8, APIs: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2492992576-0
                                                                                                                                                                                                                                • Opcode ID: a16295c7c2cd09db338e21e6d4b87a0a8bf2bf4f984454ae12290e68e9f176f5
                                                                                                                                                                                                                                • Instruction ID: 6b423c6faaafa6ffc7fdbc5c36df863f5c121f43e8fd7e42e9292f3457dd9458
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a16295c7c2cd09db338e21e6d4b87a0a8bf2bf4f984454ae12290e68e9f176f5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72C17A716043069FDF29CF28C880A7E7BE5FBCA319F04482EF55296649EB74D854CB92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135C990, Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135C99A
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3__wcslen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3251556500-0
                                                                                                                                                                                                                                • Opcode ID: 6e27f5a8251867b01ea78af7ce3a604051277cbdbfed6afa5cc2042b2d9c714d
                                                                                                                                                                                                                                • Instruction ID: 41cfcb47f86cee9334a2cff86cb7d158f8bf9d469247215f6a655225b1f72847
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e27f5a8251867b01ea78af7ce3a604051277cbdbfed6afa5cc2042b2d9c714d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD419071D012A9EAEB14EBACCD50FEEBBBCEF65708F104159E44AB3144CA701E05CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131B7E3, Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                                                                                                                • Opcode ID: a493a30885aa9ce50c94cd03fc4ba167aceb9aaf1d6c804567aa4ff067cea410
                                                                                                                                                                                                                                • Instruction ID: e13d848a58fa7c7ceba68217deaf72a48b79e1ac35273c692322ef78b518b8cd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a493a30885aa9ce50c94cd03fc4ba167aceb9aaf1d6c804567aa4ff067cea410
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9001C432600248EFCB289E5D9C44956FFB9EF45E69704081EFD4587208D731E915CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01315AC2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0131821D: GetDC.USER32 ref: 0131823A
                                                                                                                                                                                                                                  • Part of subcall function 0131821D: GetDeviceCaps.GDI32(00000000,00000058), ref: 0131824B
                                                                                                                                                                                                                                  • Part of subcall function 0131821D: GetDeviceCaps.GDI32(00000000,0000005A), ref: 01318253
                                                                                                                                                                                                                                  • Part of subcall function 0131821D: ReleaseDC.USER32 ref: 0131825B
                                                                                                                                                                                                                                  • Part of subcall function 0131821D: MulDiv.KERNEL32(000009EC,00000000,?), ref: 01318275
                                                                                                                                                                                                                                  • Part of subcall function 0131821D: MulDiv.KERNEL32(000009EC,?,00000000), ref: 01318283
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,01315520,?), ref: 01315B2E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CapsDevice$CallbackDispatcherReleaseUser
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1584001007-0
                                                                                                                                                                                                                                • Opcode ID: 372c1af70556e44938e9cea8d81625201f8463615703ed5e23b4cc1a2a0e675d
                                                                                                                                                                                                                                • Instruction ID: 218dc15bab0f5f422c5899c8e1ee62b07e51c891c59f0978839104d5684779a6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 372c1af70556e44938e9cea8d81625201f8463615703ed5e23b4cc1a2a0e675d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10110671200B059FE728DF78C889BA6BBE9EF85601F04892DA59AC7241D774F405CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01311568, Relevance: 1.6, APIs: 1, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                                                                                                                • Opcode ID: 3fdedaf0dac4e545440bc1d5c9bd689772853212ea34b0509687cd70ae73ff09
                                                                                                                                                                                                                                • Instruction ID: 836792e94cf183eb77ce4dd8128a1bb3ee95f5095b911380cc34124aab8e7151
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3fdedaf0dac4e545440bc1d5c9bd689772853212ea34b0509687cd70ae73ff09
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC01B131300218EBDB389E6E98409EBBFADDB51668B080519F74787644DBA2D90087E5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135C50C, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135C513
                                                                                                                                                                                                                                  • Part of subcall function 0135C6CB: __EH_prolog3_GS.LIBCMT ref: 0135C6D2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2427045233-0
                                                                                                                                                                                                                                • Opcode ID: 7ffc6f2891558f766b1d38a035fb0e5957ba3378a16b2928e759de22958c7aa6
                                                                                                                                                                                                                                • Instruction ID: 5c90abda81cb2e1f47c62147f5a7a2e9c5cd126e75c5049207ff84fa8ae8862c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ffc6f2891558f766b1d38a035fb0e5957ba3378a16b2928e759de22958c7aa6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19117071E44249EEDF04EBECC841BEDB7B4AF1470DF109015D815BB184CAB56A08CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0137EE5A, Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0137C667,01381389,?,00000000,00000000,00000000,?,01381389,00000001,00000214,?,01357857), ref: 0137EE9D
                                                                                                                                                                                                                                  • Part of subcall function 0137BDAC: __getptd_noexit.LIBCMT ref: 0137BDAC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeap__getptd_noexit
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 328603210-0
                                                                                                                                                                                                                                • Opcode ID: f4fc35e5616123835d2d9ebed05d835146d03542f8107e9667fef10a6348afd4
                                                                                                                                                                                                                                • Instruction ID: 08fe7def3198a2414f4ed079b09e7923aa84a9583c7509d0d3416feffcf017cb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4fc35e5616123835d2d9ebed05d835146d03542f8107e9667fef10a6348afd4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E01D4312012159BFB399E7DDC44B6B37A9AB81368F044EB9E81EDB990D778D800C780
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013291B1, Relevance: 1.5, APIs: 1, Instructions: 45registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000098,013A11F0,00000000,013A11F0,?,013343F1,?,?,0135CC1D,?,?,?,?,013A0D00), ref: 013291D2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                                                                                • Opcode ID: 47dd440f37e44aab32f0678a8cea97c7f9c1ba02c7a2c95e11f2381ba0dbe1d8
                                                                                                                                                                                                                                • Instruction ID: 358e07c68d8ca45192df5a402e1f0cd352693ec8bc0acb7bdea45d257593c9d1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47dd440f37e44aab32f0678a8cea97c7f9c1ba02c7a2c95e11f2381ba0dbe1d8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1701A231200229EFDB25DF5DC905BAA77F8AF1674CF20806DEA59D6180E730D650CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01319F97, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 01319F9E
                                                                                                                                                                                                                                  • Part of subcall function 0131AAD0: __EH_prolog3.LIBCMT ref: 0131AAD7
                                                                                                                                                                                                                                  • Part of subcall function 0131B65C: __EH_prolog3.LIBCMT ref: 0131B663
                                                                                                                                                                                                                                  • Part of subcall function 0131B65C: std::_Mutex::_Mutex.LIBCPMT ref: 0131B674
                                                                                                                                                                                                                                  • Part of subcall function 0131B65C: std::locale::locale.LIBCPMT ref: 0131B68B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3$MutexMutex::_std::_std::locale::locale
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2655237191-0
                                                                                                                                                                                                                                • Opcode ID: 7c4ea50c5eafe808e58de6a23a56ae1eba9bc849918448c590e793cdc87146d9
                                                                                                                                                                                                                                • Instruction ID: 89176a43a721066c26cff06f2ac541781dae51dd2cf29a8a7b5344bf795c4ead
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c4ea50c5eafe808e58de6a23a56ae1eba9bc849918448c590e793cdc87146d9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09118CB5A10216DBCB18DF59C9447AABBF4FF2436AF400509D5406B205C3B4E619CBD0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013123FB, Relevance: 1.5, APIs: 1, Instructions: 39registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegCreateKeyExW.KERNEL32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,00000000,?,?,?,?,0131386B,?), ref: 01312434
                                                                                                                                                                                                                                  • Part of subcall function 01311CD3: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 01311CE2
                                                                                                                                                                                                                                  • Part of subcall function 01311CD3: GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 01311CF2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressCreateHandleModuleProc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1964897782-0
                                                                                                                                                                                                                                • Opcode ID: e540b4ef697679bd2a1e4f97957f36093f0ba4c083e4d85392ce9cd07ecd0f40
                                                                                                                                                                                                                                • Instruction ID: 84948eda3c61dec62a1b16a8f42cb6a3c6a2036f2620bedfcbf178f78edf2b17
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e540b4ef697679bd2a1e4f97957f36093f0ba4c083e4d85392ce9cd07ecd0f40
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4F030B250011DBFEF159F99DCC0CAFBBBDFB5839CB10842AF606A6114D6719E149BA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131B5EC, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0131B5F3
                                                                                                                                                                                                                                  • Part of subcall function 01314A45: std::locale::locale.LIBCPMT ref: 01314A7F
                                                                                                                                                                                                                                  • Part of subcall function 0131CE84: __EH_prolog3.LIBCMT ref: 0131CE8B
                                                                                                                                                                                                                                  • Part of subcall function 013149B3: __CxxThrowException@8.LIBCMT ref: 013149C4
                                                                                                                                                                                                                                  • Part of subcall function 013149B3: std::exception::exception.LIBCMT ref: 013149EB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3$Exception@8Throwstd::exception::exceptionstd::locale::locale
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4228031093-0
                                                                                                                                                                                                                                • Opcode ID: 05fe5832a1a4d48fb274362c595c6fbd77a873a15848645a6a6fba55e4b898ef
                                                                                                                                                                                                                                • Instruction ID: 2087ac48120c9ec0bb1fe79e0e93d8d0d998db85fe1b6dab77944049a3909ce2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05fe5832a1a4d48fb274362c595c6fbd77a873a15848645a6a6fba55e4b898ef
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED01E8B5A007029FD725DF6DC490919F7F0BF18218785992EE69A9BB45C774E910CF80
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01312452, Relevance: 1.5, APIs: 1, Instructions: 33registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(?,?,00000000,00020006,00000000,00000000,?,?,?,013137C7,00000002,00000000), ref: 0131247F
                                                                                                                                                                                                                                  • Part of subcall function 01311C74: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 01311C83
                                                                                                                                                                                                                                  • Part of subcall function 01311C74: GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 01311C93
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressHandleModuleOpenProc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1337834000-0
                                                                                                                                                                                                                                • Opcode ID: fbb8f663ceb3948bb54d2e69afa71be8122aa0edfbbb24fd307258e5ddcbe2fa
                                                                                                                                                                                                                                • Instruction ID: 3527e454c1706b47b1a785c48c9e8ad72153cc82f260d0992506e08ab1b8c1d4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fbb8f663ceb3948bb54d2e69afa71be8122aa0edfbbb24fd307258e5ddcbe2fa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2F0BE73500108BBCF299F58CC40F9EBBBCEF84754F248166FA05AB108C631DA00DBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131D061, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01311DFC: EnterCriticalSection.KERNEL32(013C1788,00000000,?,?,?,01315163,00000000,00000000,AXWIN Frame Window,00CF0000,00000000,00000000,?), ref: 01311E07
                                                                                                                                                                                                                                  • Part of subcall function 01311DFC: GetCurrentThreadId.KERNEL32 ref: 01311E17
                                                                                                                                                                                                                                  • Part of subcall function 01311DFC: LeaveCriticalSection.KERNEL32(013C1788,?,01315163,00000000,00000000,AXWIN Frame Window,00CF0000,00000000,00000000,?), ref: 01311E43
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: GetCurrentProcess.KERNEL32(00000000,0000000D), ref: 01314F70
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: FlushInstructionCache.KERNEL32(00000000), ref: 01314F77
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 0131D08F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalCurrentSection$CacheEnterFlushInstructionLeaveLongProcessThreadWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3823208529-0
                                                                                                                                                                                                                                • Opcode ID: ee12b2a16b2016558dac36f83acad8cbd5aeba34e1b758fcdddf4823e4de0d3d
                                                                                                                                                                                                                                • Instruction ID: 1ff8106dd71aacddff1a0b8d965722e505c18fc0a8ed87851cb75826641fcd9d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee12b2a16b2016558dac36f83acad8cbd5aeba34e1b758fcdddf4823e4de0d3d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3F0A733501216ABC7216F99DC44C8BBBACEF49754B004415F74557111C771E815CBF0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01320DEC, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 716092398-0
                                                                                                                                                                                                                                • Opcode ID: c931b0b66b9db94b7dca9e0483cd236578e60c3fdda766e428f4048ed21eff72
                                                                                                                                                                                                                                • Instruction ID: 1bb20da9b7b4fcd1d71b11f597cf0078c7afc1b445667f7cce53c5689d7fa983
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c931b0b66b9db94b7dca9e0483cd236578e60c3fdda766e428f4048ed21eff72
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8BF0B736210119AFDF15CFA8DD48EAA7BBAFB48354F058159FD089B225D672EC20DB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01311524, Relevance: 1.5, APIs: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                                                                                                                • Opcode ID: 3dbee66e1c8c72ef360b1b103c02db2f2f54856c72998765ed6a2515847c928e
                                                                                                                                                                                                                                • Instruction ID: fcce647dfd160639be2fc187b9e02fef8af9706513b01395b59daefc57514e67
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dbee66e1c8c72ef360b1b103c02db2f2f54856c72998765ed6a2515847c928e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBE02B76001744BAF334AE1DA840B93FFECEF91628F18051EEA5513606D776B548C6F1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013446CB, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: GetCurrentProcess.KERNEL32(00000000,0000000D), ref: 01314F70
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: FlushInstructionCache.KERNEL32(00000000), ref: 01314F77
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 013446EE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CacheCurrentFlushInstructionLongProcessWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1025874094-0
                                                                                                                                                                                                                                • Opcode ID: 941b98b55beab2d06a81e60426dbd9c402d5aa542d963529571ba5672ea4fb5d
                                                                                                                                                                                                                                • Instruction ID: 11ddc551c1990f7c0946a1e8178390a5f01653696d30975b1894f83a6d8e5c8b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 941b98b55beab2d06a81e60426dbd9c402d5aa542d963529571ba5672ea4fb5d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53E06D72A011319BCB21AF6D9C84A56BADCAF166693114276EC05EB126D7A0D802C7E0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135CD33, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WritePrivateProfileStringA.KERNEL32(034B29C0,?,?,02B07BA8), ref: 0135CD6F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: PrivateProfileStringWrite
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 390214022-0
                                                                                                                                                                                                                                • Opcode ID: 7bcae46c520873795170727e37f30b63de7edf38873bbc67f9a4ecaeaa95247c
                                                                                                                                                                                                                                • Instruction ID: 2eb848a6ab96cb654d4ab8bf4210b16e18e62bc42b6a3aa8d5966cf39adfb800
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7bcae46c520873795170727e37f30b63de7edf38873bbc67f9a4ecaeaa95247c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3E06D72610710EFC7288B14FCC4C623BEDEB8571DB24A46AD6058B129F6709C82CBA4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131CE84, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0131CE8B
                                                                                                                                                                                                                                  • Part of subcall function 01314A2B: std::locale::facet::_Incref.LIBCPMT ref: 01314A39
                                                                                                                                                                                                                                  • Part of subcall function 0131CFC4: __EH_prolog3.LIBCMT ref: 0131CFCB
                                                                                                                                                                                                                                  • Part of subcall function 0131CFC4: std::_Lockit::_Lockit.LIBCPMT ref: 0131CFD5
                                                                                                                                                                                                                                  • Part of subcall function 0131CFC4: int.LIBCPMT ref: 0131CFEC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3$IncrefLockitLockit::_std::_std::locale::facet::_
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 910397830-0
                                                                                                                                                                                                                                • Opcode ID: 7297ab3ff116944d0a10d6ab66d9cff229ab39166b9acb138376d80444c03761
                                                                                                                                                                                                                                • Instruction ID: 418f757028854a8840a91e91e05219872a113082a5f3747ee094d190e69259f2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7297ab3ff116944d0a10d6ab66d9cff229ab39166b9acb138376d80444c03761
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3DE04FB69002169BCF14FBA8C804AAD7674AF28324F104555D561A72E0DB348A08CA54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01319B30, Relevance: 1.5, APIs: 1, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 176396367-0
                                                                                                                                                                                                                                • Opcode ID: 84c46b8d74c086fd8d9b67cdc4147ec9db2c9d4c6faf5eb9d1d5b4027ee30ce4
                                                                                                                                                                                                                                • Instruction ID: bd20373cb85ef6928c7f1f0c8cc135d64b4f3645af3e41cb78f16855730b10ac
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84c46b8d74c086fd8d9b67cdc4147ec9db2c9d4c6faf5eb9d1d5b4027ee30ce4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6DD02B312003146BDB201F54D805B5ABBA8DF00379F00051EE84887200CBB9A950C3D4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131AAD0, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0131AAD7
                                                                                                                                                                                                                                  • Part of subcall function 0131B5EC: __EH_prolog3.LIBCMT ref: 0131B5F3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 431132790-0
                                                                                                                                                                                                                                • Opcode ID: 0a90da06948c3204f35faaaef932e1dd89e4dae8f9b8c0daa351e3e4892b8d8c
                                                                                                                                                                                                                                • Instruction ID: bd46cf359d62b0ce5bf182a77e720a057227d8ec720b62508e7188185e0d7d6f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a90da06948c3204f35faaaef932e1dd89e4dae8f9b8c0daa351e3e4892b8d8c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BEE09279200616DBCB26EF9CC844A99B7F4BF18308F458944E955AB345C774E918CB98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01376E85, Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01378F45: __lock.LIBCMT ref: 01378F47
                                                                                                                                                                                                                                • __onexit_nolock.LIBCMT ref: 01376E9D
                                                                                                                                                                                                                                  • Part of subcall function 01376D9E: RtlDecodePointer.NTDLL(013C1B0C,0139C8AC,00000003,?,?,01376EA2,00000000,013AFBC8,0000000C,01376ECE,00000000,?,0137540A,0139B65C,00000000), ref: 01376DB3
                                                                                                                                                                                                                                  • Part of subcall function 01376D9E: DecodePointer.KERNEL32(?,?,01376EA2,00000000,013AFBC8,0000000C,01376ECE,00000000,?,0137540A,0139B65C,00000000), ref: 01376DC0
                                                                                                                                                                                                                                  • Part of subcall function 01376D9E: __realloc_crt.LIBCMT ref: 01376DFD
                                                                                                                                                                                                                                  • Part of subcall function 01376D9E: __realloc_crt.LIBCMT ref: 01376E13
                                                                                                                                                                                                                                  • Part of subcall function 01376D9E: EncodePointer.KERNEL32(00000000,?,?,01376EA2,00000000,013AFBC8,0000000C,01376ECE,00000000,?,0137540A,0139B65C,00000000), ref: 01376E25
                                                                                                                                                                                                                                  • Part of subcall function 01376D9E: EncodePointer.KERNEL32(00000000,?,?,01376EA2,00000000,013AFBC8,0000000C,01376ECE,00000000,?,0137540A,0139B65C,00000000), ref: 01376E39
                                                                                                                                                                                                                                  • Part of subcall function 01376D9E: EncodePointer.KERNEL32(-00000004,?,?,01376EA2,00000000,013AFBC8,0000000C,01376ECE,00000000,?,0137540A,0139B65C,00000000), ref: 01376E41
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Pointer$Encode$Decode__realloc_crt$__lock__onexit_nolock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3536590627-0
                                                                                                                                                                                                                                • Opcode ID: 476f2e64b5cfa5f801d4fba1d4378950eec8b68264baa7943c2bcd2cb8dfa497
                                                                                                                                                                                                                                • Instruction ID: caba79e8e060489a12c8395006467d4846ccfc393e7c0cae1f0bfcdd59401791
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 476f2e64b5cfa5f801d4fba1d4378950eec8b68264baa7943c2bcd2cb8dfa497
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02D05E7090170AAAEB70BBACD905B5D77B0AF24318F604199D018A61D0CA7C4A469A10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013113E7, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _strlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4218353326-0
                                                                                                                                                                                                                                • Opcode ID: ffb1316936fb99e30bf493f3752e3cfc1f032873ea83e53892189773c1cf078a
                                                                                                                                                                                                                                • Instruction ID: 43172059938d7cad38d7c1f1e6797421fe3db98db439e63a991bce0c0bf4125b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffb1316936fb99e30bf493f3752e3cfc1f032873ea83e53892189773c1cf078a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0AC04C7204420DBBCF09BE59FC00CA97B5DAB64664B50C115F91949160CB329A60D694
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01381227, Relevance: 1.5, APIs: 1, Instructions: 3COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlEncodePointer.NTDLL(00000000,0138AFF0,013C1EB8,00000314,00000000,?,?,?,?,?,01380E43,013C1EB8,Microsoft Visual C++ Runtime Library,00012010), ref: 01381229
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EncodePointer
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2118026453-0
                                                                                                                                                                                                                                • Opcode ID: aecb2d062a1cdbfb8b13a28618f0e8127930df148cb346ba259f9960150e15af
                                                                                                                                                                                                                                • Instruction ID: 5c64ac635765663d069b9333f076f33dccce72fd17d477c8d7fae2305aad211f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aecb2d062a1cdbfb8b13a28618f0e8127930df148cb346ba259f9960150e15af
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 087C0F7F, Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1687386827.00000000087C0000.00000010.00000001.sdmp, Offset: 087C0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_87c0000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction ID: f62be7e349acdd22fe595011340333505ef9e821a8139176cae12830eb64346e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 087C0F6F, Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1687386827.00000000087C0000.00000010.00000001.sdmp, Offset: 087C0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_87c0000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction ID: f62be7e349acdd22fe595011340333505ef9e821a8139176cae12830eb64346e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 087C0F67, Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1687386827.00000000087C0000.00000010.00000001.sdmp, Offset: 087C0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_87c0000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction ID: f62be7e349acdd22fe595011340333505ef9e821a8139176cae12830eb64346e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 087C0FD7, Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1687386827.00000000087C0000.00000010.00000001.sdmp, Offset: 087C0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_87c0000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction ID: f62be7e349acdd22fe595011340333505ef9e821a8139176cae12830eb64346e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 087C0FCF, Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1687386827.00000000087C0000.00000010.00000001.sdmp, Offset: 087C0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_87c0000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction ID: f62be7e349acdd22fe595011340333505ef9e821a8139176cae12830eb64346e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 087C0FC7, Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1687386827.00000000087C0000.00000010.00000001.sdmp, Offset: 087C0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_87c0000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction ID: f62be7e349acdd22fe595011340333505ef9e821a8139176cae12830eb64346e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 087C0FBF, Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1687386827.00000000087C0000.00000010.00000001.sdmp, Offset: 087C0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_87c0000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction ID: f62be7e349acdd22fe595011340333505ef9e821a8139176cae12830eb64346e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 087C0FA7, Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1687386827.00000000087C0000.00000010.00000001.sdmp, Offset: 087C0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_87c0000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction ID: f62be7e349acdd22fe595011340333505ef9e821a8139176cae12830eb64346e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 087C0F9F, Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1687386827.00000000087C0000.00000010.00000001.sdmp, Offset: 087C0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_87c0000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction ID: f62be7e349acdd22fe595011340333505ef9e821a8139176cae12830eb64346e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 087C0F97, Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1687386827.00000000087C0000.00000010.00000001.sdmp, Offset: 087C0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_87c0000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction ID: f62be7e349acdd22fe595011340333505ef9e821a8139176cae12830eb64346e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 087C0F8F, Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1687386827.00000000087C0000.00000010.00000001.sdmp, Offset: 087C0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_87c0000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction ID: f62be7e349acdd22fe595011340333505ef9e821a8139176cae12830eb64346e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 087C0F87, Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1687386827.00000000087C0000.00000010.00000001.sdmp, Offset: 087C0000, based on PE: false
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_87c0000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction ID: f62be7e349acdd22fe595011340333505ef9e821a8139176cae12830eb64346e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 777642308f1571ce6830d4f119a82744f940db1912f22779a70159a9f73d8f76
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 0135C298, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 180fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$Find$_wcslenwsprintf$CloseDeleteDirectoryExistsFirstNextPathRemove_memset
                                                                                                                                                                                                                                • String ID: %s\%s$*.*
                                                                                                                                                                                                                                • API String ID: 1895907785-3420517325
                                                                                                                                                                                                                                • Opcode ID: a4d6db269da7e534299d8f863f322ff677f62395eecf74f3907729c4c5f6efc5
                                                                                                                                                                                                                                • Instruction ID: 126b81d81816e20946a69f6c57fe5a30c7f690319459b53eadc13aa3682bf269
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4d6db269da7e534299d8f863f322ff677f62395eecf74f3907729c4c5f6efc5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E617171900299ABDF21DFA8CD45EEDBBBCEF04709F40409AE909E7140D6B49B94CFA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01323AB5, Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 318COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01323ABF
                                                                                                                                                                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,013A0D00,000003B4,0131F027), ref: 01323B25
                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(Profile0,Path,013A0D00,?,00000104,?), ref: 01323C32
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 01323B2F
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0132761B: _wcslen.LIBCMT ref: 01327627
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                  • Part of subcall function 01327646: __EH_prolog3.LIBCMT ref: 0132764D
                                                                                                                                                                                                                                  • Part of subcall function 01327646: _wcslen.LIBCMT ref: 01327679
                                                                                                                                                                                                                                  • Part of subcall function 01327646: _wcslen.LIBCMT ref: 01327697
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen$H_prolog3_$CurrentErrorFolderH_prolog3LastLocalPathPrivateProcessProfileSpecialStringTime_memmove_memset_strlenswprintf
                                                                                                                                                                                                                                • String ID: GetFFIncumbentHPR in$Path$Profile0$\Mozilla\Firefox$\prefs.js$\profiles.ini$user_pref("browser.startup.homepage", "
                                                                                                                                                                                                                                • API String ID: 2130657467-4150795336
                                                                                                                                                                                                                                • Opcode ID: 31ff9bbcd0201fd96029dc3965867ade1d74b2b544a3da79a297596e801070de
                                                                                                                                                                                                                                • Instruction ID: 14d5629bb4a1652ebe3f7cc68a702c85df5942269a3a66b83a0219be27183f59
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31ff9bbcd0201fd96029dc3965867ade1d74b2b544a3da79a297596e801070de
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BC1717190126AAADB25FB68CD98BEEB7BCAF25308F5041D9E409A3140DB745F84CF61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01323603, Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 318COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0132360D
                                                                                                                                                                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,013A0D00,000003B4,0131EF47), ref: 01323673
                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(Profile0,Path,013A0D00,?,00000104,?), ref: 01323780
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0132367D
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0132761B: _wcslen.LIBCMT ref: 01327627
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                  • Part of subcall function 01327646: __EH_prolog3.LIBCMT ref: 0132764D
                                                                                                                                                                                                                                  • Part of subcall function 01327646: _wcslen.LIBCMT ref: 01327679
                                                                                                                                                                                                                                  • Part of subcall function 01327646: _wcslen.LIBCMT ref: 01327697
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen$H_prolog3_$CurrentErrorFolderH_prolog3LastLocalPathPrivateProcessProfileSpecialStringTime_memmove_memset_strlenswprintf
                                                                                                                                                                                                                                • String ID: GetFFIncumbentDSProvider in$Path$Profile0$\Mozilla\Firefox$\prefs.js$\profiles.ini$user_pref("keyword.URL", "
                                                                                                                                                                                                                                • API String ID: 2130657467-2983098267
                                                                                                                                                                                                                                • Opcode ID: d7e02b45a5edb452ca2847360ef3ae67037e8cc5ee403ff374df69ecfd14baaf
                                                                                                                                                                                                                                • Instruction ID: f18dcd7dd167f88663fff16c0774731051ba7cadc5905d20a6ccbfe9c277cab0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7e02b45a5edb452ca2847360ef3ae67037e8cc5ee403ff374df69ecfd14baaf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ADC1917190126AAADF24FB6CCD98BEEB7BCAF25708F5041D9E409A3140DA745F84CF61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134054E, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 118processCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01340558
                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0134058B
                                                                                                                                                                                                                                • Process32FirstW.KERNEL32 ref: 013405A9
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,00000001,00000000,?), ref: 01340661
                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 0134066E
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01340696
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0134BC6C
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                • Process32NextW.KERNEL32(?,0000022C), ref: 013406E7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Process handle null , xrefs: 0134067F
                                                                                                                                                                                                                                • TerminateSubProcesses()..., xrefs: 01340573
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_Process_setlocale$Process32_memset_wcslen$CreateCurrentFirstIos_base_dtorLocalNextOpenSnapshotTerminateTimeToolhelp32__cftoe_memmove_strlenstd::ios_base::_swprintf
                                                                                                                                                                                                                                • String ID: Process handle null $TerminateSubProcesses()...
                                                                                                                                                                                                                                • API String ID: 2226404482-1150727563
                                                                                                                                                                                                                                • Opcode ID: e140b78697e078d18e86d3a89a08146cc9134bb1a7eab6db5e6c734bc326dae4
                                                                                                                                                                                                                                • Instruction ID: b04ca8cb9782a35d73cf3381524d34eb093e6e8e73e9610cde2f49499e5a1a89
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e140b78697e078d18e86d3a89a08146cc9134bb1a7eab6db5e6c734bc326dae4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA41B271A0421ADBEB28EB68C848BDDBBF8EF54318F544198E21AA7194DB747E44CF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01324760, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 110COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLogicalDriveStringsW.KERNEL32(00000100,?), ref: 013247BA
                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 013247D6
                                                                                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 013247F3
                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 013247FA
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 013247FD
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Drive$Type$CurrentDiskFreeH_prolog3_LocalLogicalProcessSpaceStringsTime_memset_strlen_wcslenswprintf
                                                                                                                                                                                                                                • String ID: %.2f$GetDiskFreePercent in$GetDiskFreePercent out
                                                                                                                                                                                                                                • API String ID: 3079154940-1341649091
                                                                                                                                                                                                                                • Opcode ID: edf473b7837a0c5e3fbe662bdba9c4ae8707a3dbe8695b971bf796130aa818cc
                                                                                                                                                                                                                                • Instruction ID: 45b79140afa9aa0265795b8e78def3b5fe2268410e18c46670b6c9707ad0cc7c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: edf473b7837a0c5e3fbe662bdba9c4ae8707a3dbe8695b971bf796130aa818cc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3413975E0122D9FDB24EF68C899AD9BBB8FB49314F5081D9D54DA3240DB306A848F91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01333F08, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 108COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01333F0F
                                                                                                                                                                                                                                • GetSystemDefaultLCID.KERNEL32(0000004C,01334193,00000001,00000000,00000001,00000000,00000000), ref: 01333F55
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,00000059,00000000,00000000), ref: 01333F7F
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00000059,00000000,?), ref: 01333FB2
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01333FB5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_InfoLocale$CurrentDefaultLocalProcessSystemTime_memset_strlen_wcslenswprintf
                                                                                                                                                                                                                                • String ID: GetLocaleName()...$The locale name is $zht
                                                                                                                                                                                                                                • API String ID: 1216754643-1545171597
                                                                                                                                                                                                                                • Opcode ID: 6f7240e9431d318c9037b6aa27460ae31e5b5c473fa00d490a757d5652ed73ba
                                                                                                                                                                                                                                • Instruction ID: f36e693cb665c80654322db5a0a5031ef8119da9c5e29bcd04b6cc3fac9ffd10
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f7240e9431d318c9037b6aa27460ae31e5b5c473fa00d490a757d5652ed73ba
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3331B671E00149AEEB28EBFCD895EFEBF78EF54308F44802DE105A7188DAB559059B51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01388EBC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,?,?,013894F9,?,0137B2E7,?,000000BC,?,00000001,00000000,00000000), ref: 01388EFB
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,?,?,013894F9,?,0137B2E7,?,000000BC,?,00000001,00000000,00000000), ref: 01388F24
                                                                                                                                                                                                                                • GetACP.KERNEL32(?,?,013894F9,?,0137B2E7,?,000000BC,?,00000001,00000000), ref: 01388F38
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                                                                                • String ID: ACP$OCP
                                                                                                                                                                                                                                • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                • Opcode ID: 17a581933295b170a82023087bfaaf779ed07eac33dc871a59cb82a69d26696b
                                                                                                                                                                                                                                • Instruction ID: a8d6c59661bd212b9af7f86676f2e136a63698ea55983d27f23f1f97c10cdef8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17a581933295b170a82023087bfaaf779ed07eac33dc871a59cb82a69d26696b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47018431644307BAFF32AB69F905F6A7AADAB0076CF5000D8E705F1081EB65DA45C754
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013748C1, Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 0137EC7F
                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0137EC94
                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(0139DD04), ref: 0137EC9F
                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 0137ECBB
                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 0137ECC2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2579439406-0
                                                                                                                                                                                                                                • Opcode ID: ee8231be6f686f6f6703b5e52978ab4cddc6fa6685d920f4852f7f041f3d4175
                                                                                                                                                                                                                                • Instruction ID: 11178db8052ae2c95c776d8e0869c68aee9bb9b671ba4d9e12f77c77124edcbe
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee8231be6f686f6f6703b5e52978ab4cddc6fa6685d920f4852f7f041f3d4175
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1721DFBA810304DFDB30EF68F4846583BACBB08304F10905AF5098739AEBB5A591EF55
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01353D9C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33networkCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • recvfrom.WS2_32(?,?,00001000,00000000,?,00000010), ref: 01353DC9
                                                                                                                                                                                                                                • WSAGetLastError.WS2_32 ref: 01353DDF
                                                                                                                                                                                                                                  • Part of subcall function 01353CAD: GetTickCount.KERNEL32 ref: 01353CD3
                                                                                                                                                                                                                                  • Part of subcall function 01353CAD: inet_ntoa.WS2_32(?), ref: 01353D0B
                                                                                                                                                                                                                                  • Part of subcall function 01353CAD: _wprintf.LIBCMT ref: 01353D17
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • pipoffers.apnpartners.com, xrefs: 01353DA1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CountErrorLastTick_wprintfinet_ntoarecvfrom
                                                                                                                                                                                                                                • String ID: pipoffers.apnpartners.com
                                                                                                                                                                                                                                • API String ID: 2900447996-1053081422
                                                                                                                                                                                                                                • Opcode ID: ac51b76b8700cd36e9271068b76fedff783730cc8a9f6b36c59ab92be243212e
                                                                                                                                                                                                                                • Instruction ID: f07228cd5721defa403b259b5fd2480d5b30c01dee225c39c56e5ccddaa305e1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac51b76b8700cd36e9271068b76fedff783730cc8a9f6b36c59ab92be243212e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52F0FE71500209FEE7219B56CC49FAABEBDFB40BC9F100419E94192150D7B169449A71
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135E083, Relevance: 3.0, APIs: 2, Instructions: 23timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(00000000,?,0134C916,013182B3), ref: 0135E09C
                                                                                                                                                                                                                                • __aulldiv.LIBCMT ref: 0135E0B1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Time$FileSystem__aulldiv
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2838486344-0
                                                                                                                                                                                                                                • Opcode ID: e2621edfb90308701cd72493a0dd314c39b4269a8a53a71cea84d1bd652583ea
                                                                                                                                                                                                                                • Instruction ID: ae9b88b9dd0c1fac58941e2568d325b9b571c1adae251518df8688a399b285d8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2621edfb90308701cd72493a0dd314c39b4269a8a53a71cea84d1bd652583ea
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55E0867A900208BBDB10DBA8CC45BDEF7BDAB84305F100894AA01F7190D670BB488654
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01324A24, Relevance: 40.6, APIs: 6, Strings: 17, Instructions: 367COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                			E01324A24(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t121;
				void* _t122;
				short _t124;
				char _t127;
				void* _t128;
				short _t133;
				short _t136;
				short _t139;
				void* _t146;
				void* _t166;
				void* _t174;
				void* _t183;
				void* _t192;
				void* _t199;
				void* _t200;
				void* _t201;
				char _t217;
				void* _t268;
				void* _t274;
				short _t282;
				void* _t287;
				intOrPtr _t288;
				void* _t289;
				intOrPtr _t293;
				intOrPtr _t295;
				intOrPtr _t297;
				intOrPtr _t300;

				_t280 = __esi;
				_push(0xb8);
				E0137C242(0x139577d, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t287 - 0xc0)) = 0;
				 *((intOrPtr*)(_t287 - 0xbc)) =  *((intOrPtr*)(_t287 + 8));
				_t295 =  *0x13c2a33; // 0x0
				if(_t295 != 0) {
					_t288 = _t288 - 0x1c;
					 *((intOrPtr*)(_t287 - 0xc0)) = _t288;
					E01319638(_t288, "GetDefaultBrowser in");
					E0134BA76(0, 0x13c2b18, _t268, __edi, __esi, _t295);
				}
				_t274 = 0x13a0d00;
				E01319B30(_t287 - 0x2c, 0x13a0d00);
				 *((intOrPtr*)(_t287 - 4)) = 0;
				_t121 = GetVersion();
				_t296 = _t121 - 6;
				if(_t121 < 6) {
					L7:
					_t282 = 1;
					_t299 =  *(_t287 - 0x1c);
					if( *(_t287 - 0x1c) > 0) {
						goto L12;
					} else {
						goto L8;
					}
				} else {
					E01319B30(_t287 - 0xb8, L"Progid");
					 *((char*)(_t287 - 4)) = 1;
					E01319B30(_t287 - 0x9c, L"Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\userchoice");
					 *((char*)(_t287 - 4)) = 2;
					E01319B30(_t287 - 0x48, L"HKEY_CURRENT_USER");
					_push(0);
					_push(_t287 - 0xb8);
					_push(_t287 - 0x64);
					_t271 = _t287 - 0x9c;
					 *((char*)(_t287 - 4)) = 3;
					_t192 = E0135CB2A(0, _t287 - 0x48, _t287 - 0x9c, 0x13a0d00, _t280, _t296);
					_t288 = _t288 + 0xc;
					 *((char*)(_t287 - 4)) = 4;
					E0131A941(_t287 - 0x2c, _t192);
					_t282 = 1;
					E0131AA87(_t287 - 0x64, 1, 0);
					E0131AA87(_t287 - 0x48, 1, 0);
					E0131AA87(_t287 - 0x9c, 1, 0);
					 *((char*)(_t287 - 4)) = 0;
					E0131AA87(_t287 - 0xb8, 1, 0);
					_t297 =  *0x13c2a33; // 0x0
					if(_t297 != 0) {
						_t288 = _t288 - 0x1c;
						 *((intOrPtr*)(_t287 - 0xc0)) = _t288;
						E01319638(_t288, "GetDefaultBrowser vista");
						E0134BA76(0, 0x13c2b18, _t271, 0x13a0d00, 1, _t297);
					}
					_t298 =  *(_t287 - 0x1c);
					if( *(_t287 - 0x1c) <= 0) {
						L8:
						E01319B30(_t287 - 0x48, _t274);
						 *((char*)(_t287 - 4)) = 8;
						E01319B30(_t287 - 0x9c, L"http\\shell\\open\\command\\");
						 *((char*)(_t287 - 4)) = 9;
						E01319B30(_t287 - 0xb8, L"HKEY_CLASSES_ROOT");
						_push(0);
						_push(_t287 - 0x48);
						_push(_t287 - 0x64);
						_t270 = _t287 - 0x9c;
						 *((char*)(_t287 - 4)) = 0xa;
						_t174 = E0135CB2A(0, _t287 - 0xb8, _t287 - 0x9c, _t274, _t282, _t299);
						_t288 = _t288 + 0xc;
						 *((char*)(_t287 - 4)) = 0xb;
						E0131A941(_t287 - 0x2c, _t174);
						E0131AA87(_t287 - 0x64, _t282, 0);
						E0131AA87(_t287 - 0xb8, _t282, 0);
						E0131AA87(_t287 - 0x9c, _t282, 0);
						 *((char*)(_t287 - 4)) = 0;
						E0131AA87(_t287 - 0x48, _t282, 0);
						_t300 =  *0x13c2a33; // 0x0
						if(_t300 != 0) {
							_push(_t287 - 0x64);
							_t183 = E0135BE26(0, _t287 - 0x2c, _t274, _t282, _t300);
							_t293 = _t288 - 0x18;
							 *((char*)(_t287 - 4)) = 0xc;
							 *((intOrPtr*)(_t287 - 0xc0)) = _t293;
							E0131D888(_t293, _t293, "GetDefaultBrowser xp ", _t183);
							_t288 = _t293 + 0xc;
							E0134BA76(0, 0x13c2b18, _t270, _t274, _t282, _t300);
							 *((char*)(_t287 - 4)) = 0;
							E01311524(_t287 - 0x64, _t282, 0);
						}
						_t278 = _t287 - 0x2c;
						if(E01327839(_t270, _t287 - 0x2c, _t300, _t274) != 0) {
							L12:
							_t122 = E01376D83(L"\" ");
							_t214 = _t287 - 0x2c;
							_t124 = E01326DB6(0, _t287 - 0x2c, L"\" ", _t122);
							__eflags = _t124;
							if(_t124 > 0) {
								_t166 = E01319C49(_t214, _t287 - 0x64, _t287 - 0x2c, _t282, _t124 - 1);
								 *((char*)(_t287 - 4)) = 0xd;
								E0131A941(_t287 - 0x2c, _t166);
								 *((char*)(_t287 - 4)) = 0;
								E0131AA87(_t287 - 0x64, 1, 0);
								_t282 = 1;
								__eflags = 1;
							}
							E01324909(_t287 - 0x2c, _t287 - 0x80);
							 *((char*)(_t287 - 4)) = 0xe;
							__eflags =  *((intOrPtr*)(_t287 - 0x18)) - 8;
							_t217 =  *(_t287 - 0x2c);
							_t269 = _t217;
							if( *((intOrPtr*)(_t287 - 0x18)) >= 8) {
								_t127 = _t217;
							} else {
								_t269 = _t287 - 0x2c;
								_t127 = _t287 - 0x2c;
							}
							__eflags =  *((intOrPtr*)(_t287 - 0x18)) - 8;
							_t128 = _t127 +  *(_t287 - 0x1c) * 2;
							if( *((intOrPtr*)(_t287 - 0x18)) < 8) {
								_t217 = _t287 - 0x2c;
							}
							E01327736(_t287 - 0xc0, _t217, _t128, _t269, E0137814A);
							_t289 = _t288 + 0x14;
							_t133 = E01326DB6(0, _t287 - 0x2c, L"iexplore", E01376D83(L"iexplore"));
							__eflags = _t133;
							if(_t133 < 0) {
								_t278 = L"firefox";
								_t136 = E01326DB6(0, _t287 - 0x2c, L"firefox", E01376D83(L"firefox"));
								__eflags = _t136;
								if(_t136 < 0) {
									_t278 = L"chrome";
									_t139 = E01326DB6(0, _t287 - 0x2c, L"chrome", E01376D83(L"chrome"));
									__eflags = _t139;
									if(_t139 < 0) {
										__eflags =  *0x13c2a33; // 0x0
										if(__eflags != 0) {
											_push(_t287 - 0x64);
											_t146 = E0135BE26(0, _t287 - 0x2c, L"chrome", _t282, __eflags);
											 *((char*)(_t287 - 4)) = 0x12;
											 *((intOrPtr*)(_t287 - 0xc0)) = _t289 - 0x18;
											E0131D888(_t289 - 0x18, _t289 - 0x18, "GetDefaultBrowser out ", _t146);
											E0134BA76(0, 0x13c2b18, _t269, L"chrome", _t282, __eflags);
											 *((char*)(_t287 - 4)) = 0xe;
											E01311524(_t287 - 0x64, _t282, 0);
										}
										E01319B30( *((intOrPtr*)(_t287 - 0xbc)), 0x13a0d00);
									} else {
										 *((short*)(_t287 - 0x48)) = 0;
										_t231 = _t287 - 0x48;
										 *((intOrPtr*)(_t287 - 0x34)) = 7;
										 *((intOrPtr*)(_t287 - 0x38)) = 0;
										E0131A995(_t287 - 0x48, _t287 - 0x80, 0, 0xffffffff);
										_push(_t287 - 0x48);
										 *((char*)(_t287 - 4)) = 0x11;
										_push(L"cr_");
										goto L20;
									}
								} else {
									 *((short*)(_t287 - 0x48)) = 0;
									_t231 = _t287 - 0x48;
									 *((intOrPtr*)(_t287 - 0x34)) = 7;
									 *((intOrPtr*)(_t287 - 0x38)) = 0;
									E0131A995(_t287 - 0x48, _t287 - 0x80, 0, 0xffffffff);
									_push(_t287 - 0x48);
									 *((char*)(_t287 - 4)) = 0x10;
									_push(L"ff_");
									goto L20;
								}
							} else {
								__eflags = 0;
								 *((short*)(_t287 - 0x48)) = 0;
								_t231 = _t287 - 0x48;
								 *((intOrPtr*)(_t287 - 0x34)) = 7;
								 *((intOrPtr*)(_t287 - 0x38)) = 0;
								E0131A995(_t287 - 0x48, _t287 - 0x80, 0, 0xffffffff);
								_push(_t287 - 0x48);
								 *((char*)(_t287 - 4)) = 0xf;
								_push(L"ie_");
								L20:
								_push( *((intOrPtr*)(_t287 - 0xbc)));
								E01327772(_t231);
								E0131AA87(_t287 - 0x48, _t282, 0);
							}
							E0131AA87(_t287 - 0x80, _t282, 0);
						} else {
							E01319B30( *((intOrPtr*)(_t287 - 0xbc)), 0x13a0d00);
						}
					} else {
						_push(L"HKEY_CLASSES_ROOT\\");
						_push(_t287 - 0x9c);
						_t199 = E0131D937(0, _t287 - 0x2c, _t282, _t298);
						 *((char*)(_t287 - 4)) = 5;
						_t200 = E0132761B(_t287 - 0xb8, _t199, _t287 - 0xb8, L"\\shell\\open\\command\\");
						_t288 = _t288 + 0x10;
						 *((char*)(_t287 - 4)) = 6;
						_t201 = E0135C990(0, _t287 - 0x64, _t200, _t287 - 0x2c, _t199, _t298);
						 *((char*)(_t287 - 4)) = 7;
						E0131A941(_t287 - 0x2c, _t201);
						E0131AA87(_t287 - 0x64, 1, 0);
						E0131AA87(_t287 - 0xb8, 1, 0);
						 *((char*)(_t287 - 4)) = 0;
						E0131AA87(_t287 - 0x9c, 1, 0);
						_t274 = 0x13a0d00;
						goto L7;
					}
				}
				E0131AA87(_t287 - 0x2c, _t282, 0);
				return E0137C2C5(0, _t278, _t282);
			}






























                                                                                                                                                                                                                                0x01324a24
                                                                                                                                                                                                                                0x01324a24
                                                                                                                                                                                                                                0x01324a2e
                                                                                                                                                                                                                                0x01324a38
                                                                                                                                                                                                                                0x01324a3e
                                                                                                                                                                                                                                0x01324a44
                                                                                                                                                                                                                                0x01324a4a
                                                                                                                                                                                                                                0x01324a4c
                                                                                                                                                                                                                                0x01324a51
                                                                                                                                                                                                                                0x01324a5c
                                                                                                                                                                                                                                0x01324a66
                                                                                                                                                                                                                                0x01324a66
                                                                                                                                                                                                                                0x01324a6b
                                                                                                                                                                                                                                0x01324a74
                                                                                                                                                                                                                                0x01324a79
                                                                                                                                                                                                                                0x01324a7c
                                                                                                                                                                                                                                0x01324a82
                                                                                                                                                                                                                                0x01324a84
                                                                                                                                                                                                                                0x01324bc8
                                                                                                                                                                                                                                0x01324bca
                                                                                                                                                                                                                                0x01324bcb
                                                                                                                                                                                                                                0x01324bce
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01324a8a
                                                                                                                                                                                                                                0x01324a95
                                                                                                                                                                                                                                0x01324aa5
                                                                                                                                                                                                                                0x01324aa9
                                                                                                                                                                                                                                0x01324ab6
                                                                                                                                                                                                                                0x01324aba
                                                                                                                                                                                                                                0x01324abf
                                                                                                                                                                                                                                0x01324ac6
                                                                                                                                                                                                                                0x01324aca
                                                                                                                                                                                                                                0x01324acb
                                                                                                                                                                                                                                0x01324ad4
                                                                                                                                                                                                                                0x01324ad8
                                                                                                                                                                                                                                0x01324add
                                                                                                                                                                                                                                0x01324ae4
                                                                                                                                                                                                                                0x01324ae8
                                                                                                                                                                                                                                0x01324af0
                                                                                                                                                                                                                                0x01324af5
                                                                                                                                                                                                                                0x01324aff
                                                                                                                                                                                                                                0x01324b0c
                                                                                                                                                                                                                                0x01324b19
                                                                                                                                                                                                                                0x01324b1c
                                                                                                                                                                                                                                0x01324b21
                                                                                                                                                                                                                                0x01324b27
                                                                                                                                                                                                                                0x01324b29
                                                                                                                                                                                                                                0x01324b2e
                                                                                                                                                                                                                                0x01324b39
                                                                                                                                                                                                                                0x01324b43
                                                                                                                                                                                                                                0x01324b43
                                                                                                                                                                                                                                0x01324b48
                                                                                                                                                                                                                                0x01324b4b
                                                                                                                                                                                                                                0x01324bd4
                                                                                                                                                                                                                                0x01324bd8
                                                                                                                                                                                                                                0x01324be8
                                                                                                                                                                                                                                0x01324bec
                                                                                                                                                                                                                                0x01324bfc
                                                                                                                                                                                                                                0x01324c00
                                                                                                                                                                                                                                0x01324c05
                                                                                                                                                                                                                                0x01324c09
                                                                                                                                                                                                                                0x01324c0d
                                                                                                                                                                                                                                0x01324c0e
                                                                                                                                                                                                                                0x01324c1a
                                                                                                                                                                                                                                0x01324c1e
                                                                                                                                                                                                                                0x01324c23
                                                                                                                                                                                                                                0x01324c2a
                                                                                                                                                                                                                                0x01324c2e
                                                                                                                                                                                                                                0x01324c38
                                                                                                                                                                                                                                0x01324c45
                                                                                                                                                                                                                                0x01324c52
                                                                                                                                                                                                                                0x01324c5c
                                                                                                                                                                                                                                0x01324c5f
                                                                                                                                                                                                                                0x01324c64
                                                                                                                                                                                                                                0x01324c6a
                                                                                                                                                                                                                                0x01324c6f
                                                                                                                                                                                                                                0x01324c73
                                                                                                                                                                                                                                0x01324c78
                                                                                                                                                                                                                                0x01324c7d
                                                                                                                                                                                                                                0x01324c81
                                                                                                                                                                                                                                0x01324c8e
                                                                                                                                                                                                                                0x01324c93
                                                                                                                                                                                                                                0x01324c9b
                                                                                                                                                                                                                                0x01324ca5
                                                                                                                                                                                                                                0x01324ca8
                                                                                                                                                                                                                                0x01324ca8
                                                                                                                                                                                                                                0x01324cae
                                                                                                                                                                                                                                0x01324cb8
                                                                                                                                                                                                                                0x01324ccf
                                                                                                                                                                                                                                0x01324cd5
                                                                                                                                                                                                                                0x01324cdf
                                                                                                                                                                                                                                0x01324ce2
                                                                                                                                                                                                                                0x01324ce7
                                                                                                                                                                                                                                0x01324ce9
                                                                                                                                                                                                                                0x01324cf5
                                                                                                                                                                                                                                0x01324cfe
                                                                                                                                                                                                                                0x01324d02
                                                                                                                                                                                                                                0x01324d0c
                                                                                                                                                                                                                                0x01324d0f
                                                                                                                                                                                                                                0x01324d16
                                                                                                                                                                                                                                0x01324d16
                                                                                                                                                                                                                                0x01324d16
                                                                                                                                                                                                                                0x01324d1e
                                                                                                                                                                                                                                0x01324d24
                                                                                                                                                                                                                                0x01324d28
                                                                                                                                                                                                                                0x01324d2c
                                                                                                                                                                                                                                0x01324d2f
                                                                                                                                                                                                                                0x01324d31
                                                                                                                                                                                                                                0x01324dc7
                                                                                                                                                                                                                                0x01324d37
                                                                                                                                                                                                                                0x01324d37
                                                                                                                                                                                                                                0x01324d3a
                                                                                                                                                                                                                                0x01324d3a
                                                                                                                                                                                                                                0x01324d3c
                                                                                                                                                                                                                                0x01324d43
                                                                                                                                                                                                                                0x01324d46
                                                                                                                                                                                                                                0x01324d48
                                                                                                                                                                                                                                0x01324d48
                                                                                                                                                                                                                                0x01324d5a
                                                                                                                                                                                                                                0x01324d5f
                                                                                                                                                                                                                                0x01324d75
                                                                                                                                                                                                                                0x01324d7a
                                                                                                                                                                                                                                0x01324d7c
                                                                                                                                                                                                                                0x01324dce
                                                                                                                                                                                                                                0x01324de1
                                                                                                                                                                                                                                0x01324de6
                                                                                                                                                                                                                                0x01324de8
                                                                                                                                                                                                                                0x01324e18
                                                                                                                                                                                                                                0x01324e2b
                                                                                                                                                                                                                                0x01324e30
                                                                                                                                                                                                                                0x01324e32
                                                                                                                                                                                                                                0x01324e65
                                                                                                                                                                                                                                0x01324e6b
                                                                                                                                                                                                                                0x01324e70
                                                                                                                                                                                                                                0x01324e74
                                                                                                                                                                                                                                0x01324e7e
                                                                                                                                                                                                                                0x01324e82
                                                                                                                                                                                                                                0x01324e8f
                                                                                                                                                                                                                                0x01324e9c
                                                                                                                                                                                                                                0x01324ea6
                                                                                                                                                                                                                                0x01324eaa
                                                                                                                                                                                                                                0x01324eaa
                                                                                                                                                                                                                                0x01324eba
                                                                                                                                                                                                                                0x01324e34
                                                                                                                                                                                                                                0x01324e38
                                                                                                                                                                                                                                0x01324e41
                                                                                                                                                                                                                                0x01324e44
                                                                                                                                                                                                                                0x01324e4b
                                                                                                                                                                                                                                0x01324e4e
                                                                                                                                                                                                                                0x01324e56
                                                                                                                                                                                                                                0x01324e57
                                                                                                                                                                                                                                0x01324e5b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01324e5b
                                                                                                                                                                                                                                0x01324dea
                                                                                                                                                                                                                                0x01324dee
                                                                                                                                                                                                                                0x01324df7
                                                                                                                                                                                                                                0x01324dfa
                                                                                                                                                                                                                                0x01324e01
                                                                                                                                                                                                                                0x01324e04
                                                                                                                                                                                                                                0x01324e0c
                                                                                                                                                                                                                                0x01324e0d
                                                                                                                                                                                                                                0x01324e11
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01324e11
                                                                                                                                                                                                                                0x01324d7e
                                                                                                                                                                                                                                0x01324d7e
                                                                                                                                                                                                                                0x01324d82
                                                                                                                                                                                                                                0x01324d8b
                                                                                                                                                                                                                                0x01324d8e
                                                                                                                                                                                                                                0x01324d95
                                                                                                                                                                                                                                0x01324d98
                                                                                                                                                                                                                                0x01324da0
                                                                                                                                                                                                                                0x01324da1
                                                                                                                                                                                                                                0x01324da5
                                                                                                                                                                                                                                0x01324daa
                                                                                                                                                                                                                                0x01324daa
                                                                                                                                                                                                                                0x01324db0
                                                                                                                                                                                                                                0x01324dbd
                                                                                                                                                                                                                                0x01324dbd
                                                                                                                                                                                                                                0x01324ec4
                                                                                                                                                                                                                                0x01324cba
                                                                                                                                                                                                                                0x01324cc5
                                                                                                                                                                                                                                0x01324cc5
                                                                                                                                                                                                                                0x01324b51
                                                                                                                                                                                                                                0x01324b57
                                                                                                                                                                                                                                0x01324b5c
                                                                                                                                                                                                                                0x01324b60
                                                                                                                                                                                                                                0x01324b73
                                                                                                                                                                                                                                0x01324b77
                                                                                                                                                                                                                                0x01324b7c
                                                                                                                                                                                                                                0x01324b84
                                                                                                                                                                                                                                0x01324b88
                                                                                                                                                                                                                                0x01324b90
                                                                                                                                                                                                                                0x01324b94
                                                                                                                                                                                                                                0x01324b9f
                                                                                                                                                                                                                                0x01324bad
                                                                                                                                                                                                                                0x01324bbb
                                                                                                                                                                                                                                0x01324bbe
                                                                                                                                                                                                                                0x01324bc3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01324bc3
                                                                                                                                                                                                                                0x01324b4b
                                                                                                                                                                                                                                0x01324ece
                                                                                                                                                                                                                                0x01324ede

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01324A2E
                                                                                                                                                                                                                                • GetVersion.KERNEL32(013A0D00,000000B8,01322949,?,getenabledtbcnt,gethddpercent,gethddsize,getcrincumbentds,getcrincumbenthpr,getffincumbentds,getffincumbenthpr,getieincumbenthpr,getieincumbentds,getchromeversioninstalled,getffversioninstalled,getieversioninstalled), ref: 01324A7C
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01324CD5
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01324D68
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: __EH_prolog3_GS.LIBCMT ref: 0135CB34
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: _wcslen.LIBCMT ref: 0135CC26
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: RegCloseKey.ADVAPI32(00000000,?,?,?,013A0D00), ref: 0135CC68
                                                                                                                                                                                                                                  • Part of subcall function 0131A941: _memmove.LIBCMT ref: 0131A968
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                  • Part of subcall function 0131D888: _strlen.LIBCMT ref: 0131D894
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0134BC6C
                                                                                                                                                                                                                                  • Part of subcall function 01311524: _memmove.LIBCMT ref: 01311544
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01324DD4
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01324E1E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen$H_prolog3_$_memmove_setlocale$_memset_strlen$CloseCurrentIos_base_dtorLocalProcessTimeVersion__cftoestd::ios_base::_swprintf
                                                                                                                                                                                                                                • String ID: GetDefaultBrowser in$GetDefaultBrowser out $GetDefaultBrowser vista$GetDefaultBrowser xp $HKEY_CLASSES_ROOT$HKEY_CLASSES_ROOT\$HKEY_CURRENT_USER$Progid$Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\userchoice$\shell\open\command\$chrome$cr_$ff_$firefox$http\shell\open\command\$ie_$iexplore
                                                                                                                                                                                                                                • API String ID: 1098407102-3614356324
                                                                                                                                                                                                                                • Opcode ID: f0792112505ae69b771c87ac4aab43030ec46d6aa25eeb4dad76f7f61acf1794
                                                                                                                                                                                                                                • Instruction ID: af4843fbd72f43426653fbfa9046934e7a7468dd08d73231a15e78b07e5e796d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0792112505ae69b771c87ac4aab43030ec46d6aa25eeb4dad76f7f61acf1794
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2BD18372D01299EAEB18EBACCD90EEEBB7CEF2520CF544159E40673245DA705F48CB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01349DD0, Relevance: 33.6, APIs: 12, Strings: 7, Instructions: 316threadwindowsleepCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                			E01349DD0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t145;
				void* _t148;
				intOrPtr _t151;
				void* _t152;
				long _t155;
				void* _t156;
				void* _t166;
				void* _t168;
				void* _t180;
				struct HWND__* _t182;
				int _t185;
				void* _t188;
				WCHAR* _t193;
				intOrPtr _t209;
				signed char _t214;
				intOrPtr _t217;
				int _t249;
				intOrPtr _t256;
				void* _t263;
				void* _t264;
				void* _t265;
				intOrPtr _t266;
				void* _t290;

				_push(0x364);
				E0137C242(0x1396906, __ebx, __edi, __esi);
				 *(_t263 - 0x338) = 0;
				_t208 = __ecx;
				 *((intOrPtr*)(_t263 - 0x33c)) = __ecx;
				 *((intOrPtr*)(_t263 - 0x368)) = 0;
				 *(_t263 - 0x358) = 0;
				 *((intOrPtr*)(_t263 - 0x354)) = 0;
				 *((intOrPtr*)(_t263 - 0x350)) = 0;
				 *((char*)(_t263 - 0x34c)) = 0;
				 *(_t263 - 0x348) = 0;
				 *((intOrPtr*)(_t263 - 0x36c)) = 0x13a6730;
				 *((intOrPtr*)(_t263 - 0x344)) =  *((intOrPtr*)(__ecx + 0x124));
				 *((intOrPtr*)(_t263 - 0x340)) =  *((intOrPtr*)(__ecx + 0x14c));
				 *(_t263 - 4) = 0;
				_t145 =  *0x13bed10; // 0xffffffff
				if(_t145 != 0xffffffff) {
					SuspendThread(_t145);
				}
				 *((char*)(_t208 + 0xf4)) = 1;
				E01319B30(_t263 - 0x2a8, L"ShowProgCancelDlg");
				 *(_t263 - 4) = 1;
				if(E0131FD87(_t263 - 0x2a8, _t263 - 0x2a8,  *((intOrPtr*)(_t208 + 0x124))) <= 0xffffffff) {
					_t148 = E01319B30(_t263 - 0x2fc, L"true");
					_push(4);
				} else {
					E01319B30(_t263 - 0x2c4, L"ShowProgCancelDlg");
					 *(_t263 - 4) = 2;
					 *(_t263 - 0x338) = 1;
					_t148 = E0131FD37(_t263 - 0x334, _t263 - 0x2c4, 0, _t263 - 0x2c4, _t263 - 0x334);
					_push(3);
				}
				_pop(_t214);
				 *(_t263 - 4) = _t214;
				 *(_t263 - 0x338) = _t214;
				E01319B61(_t263 - 0x238, _t148);
				 *(_t263 - 4) = 5;
				_t256 = 0;
				if(( *(_t263 - 0x338) & 0x00000004) != 0) {
					 *(_t263 - 0x338) =  *(_t263 - 0x338) & 0xfffffffb;
					E0131AA87(_t263 - 0x2fc, 1, 0);
				}
				if(( *(_t263 - 0x338) & 0x00000002) != 0) {
					 *(_t263 - 0x338) =  *(_t263 - 0x338) & 0xfffffffd;
					E0131AA87(_t263 - 0x334, 1, _t256);
				}
				if(( *(_t263 - 0x338) & 0x00000001) != 0) {
					 *(_t263 - 0x338) =  *(_t263 - 0x338) & 0xfffffffe;
					E0131AA87(_t263 - 0x2c4, 1, _t256);
				}
				 *(_t263 - 4) = 9;
				E0131AA87(_t263 - 0x2a8, 1, _t256);
				_t217 =  *((intOrPtr*)(_t263 - 0x238));
				_t243 = _t217;
				if( *((intOrPtr*)(_t263 - 0x224)) >= 8) {
					_t151 = _t217;
				} else {
					_t243 = _t263 - 0x238;
					_t151 = _t263 - 0x238;
				}
				_t152 = _t151 +  *(_t263 - 0x228) * 2;
				if( *((intOrPtr*)(_t263 - 0x224)) < 8) {
					_t217 = _t263 - 0x238;
				}
				E01327736(_t263 - 0x370, _t217, _t152, _t243, E0137814A);
				_t265 = _t264 + 0x14;
				if( *((intOrPtr*)(_t208 + 0x14c)) != _t256) {
					_t155 = E01327839(_t243, _t263 - 0x238, __eflags, L"false");
					__eflags = _t155;
					if(_t155 == 0) {
						_t249 = 1;
						__eflags = 1;
						goto L36;
					}
					_t182 = GetActiveWindow();
					E01311DB3(_t263 - 0x36c, _t263 - 0x364);
					_t209 =  *0x13c172c; // 0x1310000
					 *(_t263 - 0x348) =  *(_t263 - 0x348) & 0x00000000;
					 *((char*)(_t263 - 0x34c)) = 1;
					_t185 = E0131D656(_t209, 0x6d, _t182);
					__eflags =  *(_t263 - 0x348);
					_t249 = _t185;
					if( *(_t263 - 0x348) < 0) {
						__eflags = _t249 - 0xffffffff;
						if(_t249 == 0xffffffff) {
							SetLastError( *(_t263 - 0x348));
						}
					}
					_t208 =  *((intOrPtr*)(_t263 - 0x33c));
					goto L34;
				} else {
					E01319B30(_t263 - 0x2e0, L"CancelText");
					 *(_t263 - 4) = 0xa;
					if(E0131FD87(_t263 - 0x2e0, _t263 - 0x2e0,  *((intOrPtr*)(_t208 + 0x124))) <= 0xffffffff) {
						_t188 = E01319B30(_t263 - 0x318, L"Are you sure you want to cancel?");
						 *(_t263 - 4) = 0xd;
						_t77 = _t263 - 0x338;
						 *_t77 =  *(_t263 - 0x338) | 0x00000020;
						__eflags =  *_t77;
					} else {
						E01319B30(_t263 - 0x28c, L"CancelText");
						 *(_t263 - 4) = 0xb;
						 *(_t263 - 0x338) =  *(_t263 - 0x338) | 0x00000008;
						_t188 = E0131FD37(_t263 - 0x270, _t263 - 0x28c, _t243, _t263 - 0x28c, _t263 - 0x270);
						 *(_t263 - 4) = 0xc;
						 *(_t263 - 0x338) =  *(_t263 - 0x338) | 0x00000010;
					}
					E01319B61(_t263 - 0x254, _t188);
					if(( *(_t263 - 0x338) & 0x00000020) != 0) {
						 *(_t263 - 0x338) =  *(_t263 - 0x338) & 0xffffffdf;
						E0131AA87(_t263 - 0x318, 1, 0);
					}
					if(( *(_t263 - 0x338) & 0x00000010) != 0) {
						 *(_t263 - 0x338) =  *(_t263 - 0x338) & 0xffffffef;
						E0131AA87(_t263 - 0x270, 1, 0);
					}
					 *(_t263 - 4) = 0xa;
					if(( *(_t263 - 0x338) & 0x00000008) != 0) {
						E0131AA87(_t263 - 0x28c, 1, 0);
					}
					 *(_t263 - 4) = 9;
					E0131AA87(_t263 - 0x2e0, 1, 0);
					LoadStringW( *0x13c1728, 0x65, _t263 - 0x154, 0x140);
					_t193 =  *(_t263 - 0x254);
					if( *((intOrPtr*)(_t263 - 0x240)) < 8) {
						_t193 = _t263 - 0x254;
					}
					_t249 = MessageBoxW(0, _t193, _t263 - 0x154, 1);
					E0131AA87(_t263 - 0x254, 1, 0);
					L34:
					_t256 = 0;
					L36:
					if(_t249 != 0xb) {
						__eflags = _t249 - 1;
						if(_t249 != 1) {
							_t156 =  *0x13bed10; // 0xffffffff
							__eflags = _t156 - 0xffffffff;
							if(_t156 != 0xffffffff) {
								ResumeThread(_t156);
							}
							 *((char*)(_t208 + 0xf4)) = 0;
							L44:
							E0131AA87(_t263 - 0x238, 1, _t256);
							 *(_t263 - 4) =  *(_t263 - 4) | 0xffffffff;
							_t290 =  *(_t263 - 0x358) - _t256;
							L45:
							 *((intOrPtr*)(_t263 - 0x36c)) = 0x13a6730;
							if(_t290 != 0) {
								E01362C58( *(_t263 - 0x358));
							}
							return E0137C2C5(_t208, _t249, _t256);
						}
						 *((char*)(_t208 + 0xf5)) = 1;
						 *0x13c2af8 = 1;
						GetTempPathW(0x104, _t263 - 0x21c);
						E01319B30(_t263 - 0x254, _t263 - 0x21c);
						_t208 = _t263 - 0x254;
						 *(_t263 - 4) = 0xe;
						_t166 = E01319BC7(_t263 - 0x254, _t263 - 0x254, _t243, __eflags, "\\");
						_t249 = 0;
						_t168 = E01319C49(_t263 - 0x254, _t263 - 0x270, _t263 - 0x254, 0, _t166);
						 *(_t263 - 4) = 0xf;
						E0131A941(_t263 - 0x254, _t168);
						 *(_t263 - 4) = 0xe;
						E0131AA87(_t263 - 0x270, 1, 0);
						_t266 = _t265 - 0x1c;
						 *((intOrPtr*)(_t263 - 0x370)) = _t266;
						E01319B30(_t266, "*.*");
						 *(_t263 - 4) = 0x10;
						 *(_t263 - 0x338) = _t266 - 0x1c;
						E01319B08(_t266 - 0x1c, _t208);
						 *(_t263 - 4) = 0xe;
						E0135C298(_t243);
						_t256 =  *((intOrPtr*)(_t263 - 0x33c));
						SendMessageW( *( *((intOrPtr*)(_t256 + 0x150)) + 4), 0x4cd, 0, 0);
						Sleep(0x3e8);
						EndDialog( *(_t256 + 4), 2);
						E0131AA87(_t208, 1, 0);
						E0131AA87(_t263 - 0x238, 1, 0);
						 *(_t263 - 4) =  *(_t263 - 4) | 0xffffffff;
						__eflags =  *(_t263 - 0x358);
						goto L45;
					}
					_t180 =  *0x13bed10; // 0xffffffff
					 *0x13c2af8 = 1;
					if(_t180 != 0xffffffff) {
						ResumeThread(_t180);
					}
					goto L44;
				}
			}


























                                                                                                                                                                                                                                0x01349dd0
                                                                                                                                                                                                                                0x01349dda
                                                                                                                                                                                                                                0x01349de1
                                                                                                                                                                                                                                0x01349de7
                                                                                                                                                                                                                                0x01349df5
                                                                                                                                                                                                                                0x01349dfb
                                                                                                                                                                                                                                0x01349e01
                                                                                                                                                                                                                                0x01349e07
                                                                                                                                                                                                                                0x01349e0d
                                                                                                                                                                                                                                0x01349e13
                                                                                                                                                                                                                                0x01349e19
                                                                                                                                                                                                                                0x01349e1f
                                                                                                                                                                                                                                0x01349e29
                                                                                                                                                                                                                                0x01349e2f
                                                                                                                                                                                                                                0x01349e35
                                                                                                                                                                                                                                0x01349e38
                                                                                                                                                                                                                                0x01349e40
                                                                                                                                                                                                                                0x01349e43
                                                                                                                                                                                                                                0x01349e43
                                                                                                                                                                                                                                0x01349e55
                                                                                                                                                                                                                                0x01349e5c
                                                                                                                                                                                                                                0x01349e61
                                                                                                                                                                                                                                0x01349e79
                                                                                                                                                                                                                                0x01349ebc
                                                                                                                                                                                                                                0x01349ec1
                                                                                                                                                                                                                                0x01349e7b
                                                                                                                                                                                                                                0x01349e82
                                                                                                                                                                                                                                0x01349e87
                                                                                                                                                                                                                                0x01349e9e
                                                                                                                                                                                                                                0x01349ea8
                                                                                                                                                                                                                                0x01349ead
                                                                                                                                                                                                                                0x01349ead
                                                                                                                                                                                                                                0x01349ec3
                                                                                                                                                                                                                                0x01349ec4
                                                                                                                                                                                                                                0x01349ec7
                                                                                                                                                                                                                                0x01349ed4
                                                                                                                                                                                                                                0x01349ed9
                                                                                                                                                                                                                                0x01349ee0
                                                                                                                                                                                                                                0x01349ee9
                                                                                                                                                                                                                                0x01349eeb
                                                                                                                                                                                                                                0x01349efb
                                                                                                                                                                                                                                0x01349efb
                                                                                                                                                                                                                                0x01349f07
                                                                                                                                                                                                                                0x01349f09
                                                                                                                                                                                                                                0x01349f19
                                                                                                                                                                                                                                0x01349f19
                                                                                                                                                                                                                                0x01349f25
                                                                                                                                                                                                                                0x01349f27
                                                                                                                                                                                                                                0x01349f37
                                                                                                                                                                                                                                0x01349f37
                                                                                                                                                                                                                                0x01349f45
                                                                                                                                                                                                                                0x01349f49
                                                                                                                                                                                                                                0x01349f55
                                                                                                                                                                                                                                0x01349f5b
                                                                                                                                                                                                                                0x01349f5d
                                                                                                                                                                                                                                0x0134a010
                                                                                                                                                                                                                                0x01349f63
                                                                                                                                                                                                                                0x01349f63
                                                                                                                                                                                                                                0x01349f69
                                                                                                                                                                                                                                0x01349f69
                                                                                                                                                                                                                                0x01349f78
                                                                                                                                                                                                                                0x01349f7b
                                                                                                                                                                                                                                0x01349f7d
                                                                                                                                                                                                                                0x01349f7d
                                                                                                                                                                                                                                0x01349f92
                                                                                                                                                                                                                                0x01349f97
                                                                                                                                                                                                                                0x01349fa0
                                                                                                                                                                                                                                0x0134a10c
                                                                                                                                                                                                                                0x0134a111
                                                                                                                                                                                                                                0x0134a113
                                                                                                                                                                                                                                0x0134a174
                                                                                                                                                                                                                                0x0134a174
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0134a174
                                                                                                                                                                                                                                0x0134a115
                                                                                                                                                                                                                                0x0134a129
                                                                                                                                                                                                                                0x0134a12e
                                                                                                                                                                                                                                0x0134a134
                                                                                                                                                                                                                                0x0134a13e
                                                                                                                                                                                                                                0x0134a145
                                                                                                                                                                                                                                0x0134a14a
                                                                                                                                                                                                                                0x0134a153
                                                                                                                                                                                                                                0x0134a155
                                                                                                                                                                                                                                0x0134a157
                                                                                                                                                                                                                                0x0134a15a
                                                                                                                                                                                                                                0x0134a162
                                                                                                                                                                                                                                0x0134a162
                                                                                                                                                                                                                                0x0134a15a
                                                                                                                                                                                                                                0x0134a168
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01349fa6
                                                                                                                                                                                                                                0x01349fb2
                                                                                                                                                                                                                                0x01349fb7
                                                                                                                                                                                                                                0x01349fcf
                                                                                                                                                                                                                                0x0134a022
                                                                                                                                                                                                                                0x0134a027
                                                                                                                                                                                                                                0x0134a02e
                                                                                                                                                                                                                                0x0134a02e
                                                                                                                                                                                                                                0x0134a02e
                                                                                                                                                                                                                                0x01349fd1
                                                                                                                                                                                                                                0x01349fd8
                                                                                                                                                                                                                                0x01349fdd
                                                                                                                                                                                                                                0x01349fe7
                                                                                                                                                                                                                                0x01349ffb
                                                                                                                                                                                                                                0x0134a000
                                                                                                                                                                                                                                0x0134a007
                                                                                                                                                                                                                                0x0134a007
                                                                                                                                                                                                                                0x0134a03c
                                                                                                                                                                                                                                0x0134a04a
                                                                                                                                                                                                                                0x0134a04c
                                                                                                                                                                                                                                0x0134a05c
                                                                                                                                                                                                                                0x0134a05c
                                                                                                                                                                                                                                0x0134a068
                                                                                                                                                                                                                                0x0134a06a
                                                                                                                                                                                                                                0x0134a07a
                                                                                                                                                                                                                                0x0134a07a
                                                                                                                                                                                                                                0x0134a07f
                                                                                                                                                                                                                                0x0134a08d
                                                                                                                                                                                                                                0x0134a098
                                                                                                                                                                                                                                0x0134a098
                                                                                                                                                                                                                                0x0134a0a6
                                                                                                                                                                                                                                0x0134a0aa
                                                                                                                                                                                                                                0x0134a0c3
                                                                                                                                                                                                                                0x0134a0d0
                                                                                                                                                                                                                                0x0134a0d6
                                                                                                                                                                                                                                0x0134a0d8
                                                                                                                                                                                                                                0x0134a0d8
                                                                                                                                                                                                                                0x0134a0f8
                                                                                                                                                                                                                                0x0134a0fa
                                                                                                                                                                                                                                0x0134a16e
                                                                                                                                                                                                                                0x0134a16e
                                                                                                                                                                                                                                0x0134a175
                                                                                                                                                                                                                                0x0134a178
                                                                                                                                                                                                                                0x0134a19b
                                                                                                                                                                                                                                0x0134a19e
                                                                                                                                                                                                                                0x0134a2a4
                                                                                                                                                                                                                                0x0134a2a9
                                                                                                                                                                                                                                0x0134a2ac
                                                                                                                                                                                                                                0x0134a2af
                                                                                                                                                                                                                                0x0134a2af
                                                                                                                                                                                                                                0x0134a2b5
                                                                                                                                                                                                                                0x0134a2bc
                                                                                                                                                                                                                                0x0134a2c5
                                                                                                                                                                                                                                0x0134a2ca
                                                                                                                                                                                                                                0x0134a2ce
                                                                                                                                                                                                                                0x0134a2d4
                                                                                                                                                                                                                                0x0134a2d4
                                                                                                                                                                                                                                0x0134a2de
                                                                                                                                                                                                                                0x0134a2e6
                                                                                                                                                                                                                                0x0134a2e6
                                                                                                                                                                                                                                0x0134a2f2
                                                                                                                                                                                                                                0x0134a2f2
                                                                                                                                                                                                                                0x0134a1b0
                                                                                                                                                                                                                                0x0134a1b7
                                                                                                                                                                                                                                0x0134a1be
                                                                                                                                                                                                                                0x0134a1d1
                                                                                                                                                                                                                                0x0134a1db
                                                                                                                                                                                                                                0x0134a1e1
                                                                                                                                                                                                                                0x0134a1e5
                                                                                                                                                                                                                                0x0134a1eb
                                                                                                                                                                                                                                0x0134a1f7
                                                                                                                                                                                                                                0x0134a1ff
                                                                                                                                                                                                                                0x0134a203
                                                                                                                                                                                                                                0x0134a20d
                                                                                                                                                                                                                                0x0134a211
                                                                                                                                                                                                                                0x0134a216
                                                                                                                                                                                                                                0x0134a21b
                                                                                                                                                                                                                                0x0134a226
                                                                                                                                                                                                                                0x0134a22e
                                                                                                                                                                                                                                0x0134a236
                                                                                                                                                                                                                                0x0134a23d
                                                                                                                                                                                                                                0x0134a242
                                                                                                                                                                                                                                0x0134a246
                                                                                                                                                                                                                                0x0134a24b
                                                                                                                                                                                                                                0x0134a264
                                                                                                                                                                                                                                0x0134a26f
                                                                                                                                                                                                                                0x0134a27a
                                                                                                                                                                                                                                0x0134a285
                                                                                                                                                                                                                                0x0134a293
                                                                                                                                                                                                                                0x0134a298
                                                                                                                                                                                                                                0x0134a29c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0134a29c
                                                                                                                                                                                                                                0x0134a17a
                                                                                                                                                                                                                                0x0134a17f
                                                                                                                                                                                                                                0x0134a189
                                                                                                                                                                                                                                0x0134a190
                                                                                                                                                                                                                                0x0134a190
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0134a189

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01349DDA
                                                                                                                                                                                                                                • SuspendThread.KERNEL32(FFFFFFFF), ref: 01349E43
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                • LoadStringW.USER32(00000065,?,00000140,00000001), ref: 0134A0C3
                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00000001), ref: 0134A0E9
                                                                                                                                                                                                                                • ResumeThread.KERNEL32(FFFFFFFF,false), ref: 0134A190
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                  • Part of subcall function 01327839: _wcslen.LIBCMT ref: 01327841
                                                                                                                                                                                                                                • GetActiveWindow.USER32 ref: 0134A115
                                                                                                                                                                                                                                  • Part of subcall function 01311DB3: GetCurrentThreadId.KERNEL32 ref: 01311DBE
                                                                                                                                                                                                                                  • Part of subcall function 01311DB3: EnterCriticalSection.KERNEL32(013C1788,?,01315163,00000000,00000000,AXWIN Frame Window,00CF0000,00000000,00000000,?), ref: 01311DCD
                                                                                                                                                                                                                                  • Part of subcall function 01311DB3: LeaveCriticalSection.KERNEL32(013C1788,?,01315163,00000000,00000000,AXWIN Frame Window,00CF0000,00000000,00000000,?), ref: 01311DE2
                                                                                                                                                                                                                                  • Part of subcall function 0131D656: FindResourceW.KERNEL32(?,000000FF,00000005), ref: 0131D673
                                                                                                                                                                                                                                  • Part of subcall function 0131D656: FindResourceW.KERNEL32(?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D689
                                                                                                                                                                                                                                  • Part of subcall function 0131D656: LoadResource.KERNEL32(?,00000000,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D69D
                                                                                                                                                                                                                                  • Part of subcall function 0131D656: LockResource.KERNEL32(00000000,?,00000000,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D6A0
                                                                                                                                                                                                                                  • Part of subcall function 0131D656: LoadResource.KERNEL32(?,?,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D6AA
                                                                                                                                                                                                                                  • Part of subcall function 0131D656: LockResource.KERNEL32(00000000,?,?,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D6B1
                                                                                                                                                                                                                                  • Part of subcall function 0131D656: DialogBoxIndirectParamW.USER32 ref: 0131D6CC
                                                                                                                                                                                                                                  • Part of subcall function 0131D656: GetLastError.KERNEL32(?,00000000,?,Function_0000D061,00000000,?,?,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D6DE
                                                                                                                                                                                                                                  • Part of subcall function 0131D656: GlobalHandle.KERNEL32(00000000), ref: 0131D6EC
                                                                                                                                                                                                                                  • Part of subcall function 0131D656: GlobalFree.KERNEL32 ref: 0131D6F3
                                                                                                                                                                                                                                  • Part of subcall function 0131D656: SetLastError.KERNEL32(00000000,?,?,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D70D
                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 0134A162
                                                                                                                                                                                                                                • GetTempPathW.KERNEL32 ref: 0134A1BE
                                                                                                                                                                                                                                • SendMessageW.USER32(0000000E,000004CD,00000000,00000000), ref: 0134A264
                                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 0134A26F
                                                                                                                                                                                                                                • EndDialog.USER32 ref: 0134A27A
                                                                                                                                                                                                                                • ResumeThread.KERNEL32(FFFFFFFF,false), ref: 0134A2AF
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Resource$Thread$ErrorLastLoad$CriticalDialogFindGlobalLockMessageResumeSection_wcslen$ActiveCurrentEnterFreeH_prolog3_HandleIndirectLeaveParamPathSendSleepStringSuspendTempWindow_memmove
                                                                                                                                                                                                                                • String ID: $*.*$Are you sure you want to cancel?$CancelText$ShowProgCancelDlg$false$true
                                                                                                                                                                                                                                • API String ID: 1933230681-1109429650
                                                                                                                                                                                                                                • Opcode ID: c09fbce4ff51a242cd1744e5ccf0425aa9a9ba4a63d85b8f34912d66ca6cbe47
                                                                                                                                                                                                                                • Instruction ID: d40defe5c2d2a0e8954b1cd7c0453f2f62d53e3cfdf77b35bf0dc92ee4409a21
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c09fbce4ff51a242cd1744e5ccf0425aa9a9ba4a63d85b8f34912d66ca6cbe47
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BD19C319013699BDB35DB28CD88BEEBBB8AF15719F5401D8E409A7194CBB12F88CF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01313137, Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 237stringmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                                                			E01313137(WCHAR** __ebx, WCHAR* __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t62;
				signed int _t64;
				char _t65;
				WCHAR* _t68;
				signed int _t69;
				WCHAR* _t70;
				WCHAR* _t71;
				signed int _t73;
				signed int _t74;
				WCHAR* _t75;
				WCHAR* _t76;
				signed int _t77;
				signed int _t79;
				WCHAR* _t80;
				WCHAR* _t81;
				WCHAR* _t82;
				WCHAR* _t83;
				signed int _t84;
				WCHAR* _t85;
				signed int _t86;
				signed int _t88;
				signed int _t93;
				WCHAR* _t94;
				signed int _t97;
				WCHAR** _t99;
				WCHAR* _t105;
				signed int _t109;
				signed int _t111;
				void* _t116;
				void* _t117;
				void* _t118;

				_t99 = __ebx;
				_push(0x68);
				E0137C242(0x1394639, __ebx, __edi, __esi);
				_t114 = __ecx;
				_t109 = __edx;
				 *(_t116 - 0x70) = __edx;
				if(__ecx != 0 && __edx != 0) {
					 *__edx =  *__edx & 0x00000000;
					_t62 = lstrlenW(__ecx) + _t61;
					if(_t62 < 0x64) {
						_t62 = 0x3e8;
					}
					 *(_t116 - 0x6c) =  *(_t116 - 0x6c) & 0x00000000;
					 *(_t116 - 0x5c) =  *(_t116 - 0x5c) & 0x00000000;
					 *((intOrPtr*)(_t116 - 0x68)) = _t62;
					_t64 = E01311B0E(_t116 - 0x5c, _t62, 2);
					_t118 = _t117 + 0xc;
					if(_t64 >= 0) {
						__imp__CoTaskMemAlloc( *(_t116 - 0x5c));
					} else {
						_t64 = 0;
					}
					_t101 = 0;
					 *(_t116 - 0x64) = _t64;
					if(_t64 != 0) {
						 *_t64 = 0;
					}
					 *(_t116 - 4) = _t101;
					if(_t64 != _t101) {
						_t65 =  *0x13c29ad; // 0x0
						 *_t99 = _t114;
						 *((char*)(_t116 - 0x5d)) = _t65;
						 *(_t116 - 0x58) = _t101;
						 *(_t116 - 0x5c) = _t101;
						 *((char*)(_t116 - 0x52)) = 0;
						 *((char*)(_t116 - 0x51)) = 0;
						__eflags =  *_t114 - _t101;
						if( *_t114 == _t101) {
							L38:
							_t35 = _t116 - 0x64;
							 *_t35 =  *(_t116 - 0x64) & 0x00000000;
							__eflags =  *_t35;
							 *_t109 =  *(_t116 - 0x64);
						} else {
							do {
								__eflags =  *((char*)(_t116 - 0x5d)) - 1;
								if( *((char*)(_t116 - 0x5d)) != 1) {
									L32:
									_t68 =  *_t99;
									__eflags =  *_t68 - 0x25;
									_push(_t68);
									if( *_t68 != 0x25) {
										L35:
										_t109 = 1;
										_t114 = _t116 - 0x6c;
										_t69 = E01312793(_t101, 1, _t116 - 0x6c);
										__eflags = _t69;
										if(_t69 == 0) {
											goto L57;
										} else {
											goto L36;
										}
									} else {
										_t85 = CharNextW();
										 *_t99 = _t85;
										__eflags =  *_t85 - 0x25;
										if( *_t85 != 0x25) {
											_t86 = E01312B1C(_t85, 0x25);
											 *(_t116 - 0x74) = _t86;
											__eflags = _t86;
											if(_t86 == 0) {
												L54:
												 *(_t116 - 0x58) = 0x80020009;
												goto L39;
											} else {
												_t101 =  *_t99;
												_t88 = _t86 -  *_t99 >> 1;
												__eflags = _t88 - 0x1f;
												if(_t88 > 0x1f) {
													 *(_t116 - 0x58) = 0x80004005;
													goto L39;
												} else {
													E01311B5C(E01375444(_t116 - 0x50, 0x20, _t101, _t88));
													_t114 = _t99[1];
													_t111 = 0;
													_t118 = _t118 + 0x14;
													__eflags = _t114[6];
													if(_t114[6] <= 0) {
														L45:
														_t109 = _t111 | 0xffffffff;
														__eflags = _t109;
													} else {
														while(1) {
															_t101 = _t116 - 0x50;
															_t97 = lstrcmpiW( *(_t114[2] + _t111 * 4), _t116 - 0x50);
															__eflags = _t97;
															if(_t97 == 0) {
																goto L46;
															}
															_t111 = _t111 + 1;
															__eflags = _t111 - _t114[6];
															if(_t111 < _t114[6]) {
																continue;
															} else {
																goto L45;
															}
															goto L46;
														}
													}
													L46:
													__eflags = _t109 - 0xffffffff;
													if(_t109 == 0xffffffff) {
														goto L54;
													} else {
														__eflags = _t109;
														if(_t109 < 0) {
															L56:
															RaiseException(0xc000008c, 1, 0, 0);
															goto L57;
														} else {
															__eflags = _t109 - _t114[6];
															if(_t109 >= _t114[6]) {
																goto L56;
															} else {
																_t109 =  *(_t114[4] + _t109 * 4);
																__eflags = _t109;
																if(__eflags == 0) {
																	goto L54;
																} else {
																	_push(_t109);
																	_t114 = _t116 - 0x6c;
																	_t93 = E01312839(_t99, _t101, _t109, __eflags);
																	__eflags = _t93;
																	if(_t93 == 0) {
																		goto L57;
																	} else {
																		_t114 =  *(_t116 - 0x74);
																		__eflags =  *_t99 - _t114;
																		if( *_t99 != _t114) {
																			do {
																				_t94 = CharNextW( *_t99);
																				 *_t99 = _t94;
																				__eflags = _t94 - _t114;
																			} while (_t94 != _t114);
																		}
																		goto L36;
																	}
																}
															}
														}
													}
												}
											}
											L60:
										} else {
											_push(_t85);
											goto L35;
										}
									}
								} else {
									__eflags =  *(_t116 - 0x5c);
									if( *(_t116 - 0x5c) != 0) {
										L18:
										_t71 =  *_t99;
										_t101 = 0x27;
										__eflags = _t101 -  *_t71;
										if(_t101 !=  *_t71) {
											L24:
											__eflags =  *((char*)(_t116 - 0x51));
											if( *((char*)(_t116 - 0x51)) != 0) {
												goto L32;
											} else {
												goto L25;
											}
										} else {
											__eflags =  *((char*)(_t116 - 0x51));
											if( *((char*)(_t116 - 0x51)) != 0) {
												_t114 = CharNextW;
												_t75 = CharNextW(_t71);
												_t101 = 0x27;
												__eflags = _t101 -  *_t75;
												if(_t101 ==  *_t75) {
													_t76 = CharNextW( *_t99);
													_t109 = 1;
													_t114 = _t116 - 0x6c;
													 *_t99 = _t76;
													_t77 = E01312793(_t101, 1, _t116 - 0x6c, _t76);
													__eflags = _t77;
													if(_t77 == 0) {
														goto L57;
													} else {
														goto L24;
													}
												} else {
													 *((char*)(_t116 - 0x51)) = 0;
													L25:
													_t73 =  *( *_t99) & 0x0000ffff;
													__eflags = _t73 - 0x7b;
													if(_t73 == 0x7b) {
														_t25 = _t116 - 0x5c;
														 *_t25 =  &(( *(_t116 - 0x5c))[0]);
														__eflags =  *_t25;
													}
													__eflags = _t73 - 0x7d;
													if(_t73 != 0x7d) {
														goto L32;
													} else {
														_t27 = _t116 - 0x5c;
														 *_t27 =  *(_t116 - 0x5c) - 1;
														__eflags =  *_t27;
														if( *_t27 != 0) {
															goto L32;
														} else {
															__eflags =  *((char*)(_t116 - 0x52)) - 1;
															if(__eflags != 0) {
																goto L32;
															} else {
																_push(L"\r\n\t}\r\n}\r\n");
																_t114 = _t116 - 0x6c;
																_t74 = E01312839(_t99, _t101, _t109, __eflags);
																__eflags = _t74;
																if(_t74 == 0) {
																	goto L57;
																} else {
																	 *((char*)(_t116 - 0x52)) = 0;
																	goto L32;
																}
															}
														}
													}
												}
											} else {
												 *((char*)(_t116 - 0x51)) = 1;
												goto L32;
											}
										}
									} else {
										_t79 = E01376ED8( *_t99, L"HKCR");
										__eflags = _t79;
										if(_t79 == 0) {
											goto L18;
										} else {
											_t105 =  *_t99;
											__eflags = _t79 - _t105;
											if(__eflags != 0) {
												goto L18;
											} else {
												_t80 = CharNextW(_t105);
												 *_t99 = _t80;
												_t81 = CharNextW(_t80);
												 *_t99 = _t81;
												_t82 = CharNextW(_t81);
												 *_t99 = _t82;
												_t83 = CharNextW(_t82);
												_push(L"HKCU\r\n{\tSoftware\r\n\t{\r\n\t\tClasses");
												_t114 = _t116 - 0x6c;
												 *_t99 = _t83;
												_t84 = E01312839(_t99, _t105, _t109, __eflags);
												__eflags = _t84;
												if(_t84 == 0) {
													L57:
													 *(_t116 - 0x58) = 0x8007000e;
												} else {
													 *((char*)(_t116 - 0x52)) = 1;
													goto L18;
												}
											}
										}
									}
								}
								goto L39;
								L36:
								_t70 = CharNextW( *_t99);
								 *_t99 = _t70;
								__eflags =  *_t70;
							} while ( *_t70 != 0);
							_t109 =  *(_t116 - 0x70);
							goto L38;
						}
						L39:
						__imp__CoTaskMemFree( *(_t116 - 0x64));
					} else {
						__imp__CoTaskMemFree(_t101);
					}
				}
				return E0137C2C5(_t99, _t109, _t114);
				goto L60;
			}


































                                                                                                                                                                                                                                0x01313137
                                                                                                                                                                                                                                0x01313137
                                                                                                                                                                                                                                0x0131313e
                                                                                                                                                                                                                                0x01313143
                                                                                                                                                                                                                                0x01313145
                                                                                                                                                                                                                                0x01313147
                                                                                                                                                                                                                                0x0131314c
                                                                                                                                                                                                                                0x0131315a
                                                                                                                                                                                                                                0x01313164
                                                                                                                                                                                                                                0x01313169
                                                                                                                                                                                                                                0x0131316b
                                                                                                                                                                                                                                0x0131316b
                                                                                                                                                                                                                                0x01313170
                                                                                                                                                                                                                                0x01313174
                                                                                                                                                                                                                                0x0131317b
                                                                                                                                                                                                                                0x01313182
                                                                                                                                                                                                                                0x01313187
                                                                                                                                                                                                                                0x0131318c
                                                                                                                                                                                                                                0x01313195
                                                                                                                                                                                                                                0x0131318e
                                                                                                                                                                                                                                0x0131318e
                                                                                                                                                                                                                                0x0131318e
                                                                                                                                                                                                                                0x0131319b
                                                                                                                                                                                                                                0x0131319d
                                                                                                                                                                                                                                0x013131a2
                                                                                                                                                                                                                                0x013131a6
                                                                                                                                                                                                                                0x013131a6
                                                                                                                                                                                                                                0x013131a9
                                                                                                                                                                                                                                0x013131ae
                                                                                                                                                                                                                                0x013131c1
                                                                                                                                                                                                                                0x013131c6
                                                                                                                                                                                                                                0x013131c8
                                                                                                                                                                                                                                0x013131cb
                                                                                                                                                                                                                                0x013131ce
                                                                                                                                                                                                                                0x013131d1
                                                                                                                                                                                                                                0x013131d5
                                                                                                                                                                                                                                0x013131d9
                                                                                                                                                                                                                                0x013131dc
                                                                                                                                                                                                                                0x01313303
                                                                                                                                                                                                                                0x01313306
                                                                                                                                                                                                                                0x01313306
                                                                                                                                                                                                                                0x01313306
                                                                                                                                                                                                                                0x0131330a
                                                                                                                                                                                                                                0x013131e2
                                                                                                                                                                                                                                0x013131e2
                                                                                                                                                                                                                                0x013131e2
                                                                                                                                                                                                                                0x013131e6
                                                                                                                                                                                                                                0x013132c1
                                                                                                                                                                                                                                0x013132c1
                                                                                                                                                                                                                                0x013132c3
                                                                                                                                                                                                                                0x013132c7
                                                                                                                                                                                                                                0x013132c8
                                                                                                                                                                                                                                0x013132d9
                                                                                                                                                                                                                                0x013132db
                                                                                                                                                                                                                                0x013132dc
                                                                                                                                                                                                                                0x013132df
                                                                                                                                                                                                                                0x013132e4
                                                                                                                                                                                                                                0x013132e6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132ca
                                                                                                                                                                                                                                0x013132ca
                                                                                                                                                                                                                                0x013132d0
                                                                                                                                                                                                                                0x013132d2
                                                                                                                                                                                                                                0x013132d6
                                                                                                                                                                                                                                0x0131331f
                                                                                                                                                                                                                                0x01313325
                                                                                                                                                                                                                                0x01313328
                                                                                                                                                                                                                                0x0131332a
                                                                                                                                                                                                                                0x013133c0
                                                                                                                                                                                                                                0x013133c0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313330
                                                                                                                                                                                                                                0x01313330
                                                                                                                                                                                                                                0x01313334
                                                                                                                                                                                                                                0x01313336
                                                                                                                                                                                                                                0x01313339
                                                                                                                                                                                                                                0x013133cc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131333f
                                                                                                                                                                                                                                0x0131334d
                                                                                                                                                                                                                                0x01313352
                                                                                                                                                                                                                                0x01313355
                                                                                                                                                                                                                                0x01313357
                                                                                                                                                                                                                                0x0131335a
                                                                                                                                                                                                                                0x0131335d
                                                                                                                                                                                                                                0x0131337a
                                                                                                                                                                                                                                0x0131337a
                                                                                                                                                                                                                                0x0131337a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131335f
                                                                                                                                                                                                                                0x01313365
                                                                                                                                                                                                                                0x0131336a
                                                                                                                                                                                                                                0x01313370
                                                                                                                                                                                                                                0x01313372
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313374
                                                                                                                                                                                                                                0x01313375
                                                                                                                                                                                                                                0x01313378
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313378
                                                                                                                                                                                                                                0x0131335f
                                                                                                                                                                                                                                0x0131337d
                                                                                                                                                                                                                                0x0131337d
                                                                                                                                                                                                                                0x01313380
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313382
                                                                                                                                                                                                                                0x01313382
                                                                                                                                                                                                                                0x01313384
                                                                                                                                                                                                                                0x013133d8
                                                                                                                                                                                                                                0x013133e3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313386
                                                                                                                                                                                                                                0x01313386
                                                                                                                                                                                                                                0x01313389
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131338b
                                                                                                                                                                                                                                0x0131338e
                                                                                                                                                                                                                                0x01313391
                                                                                                                                                                                                                                0x01313393
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313395
                                                                                                                                                                                                                                0x01313395
                                                                                                                                                                                                                                0x01313396
                                                                                                                                                                                                                                0x01313399
                                                                                                                                                                                                                                0x0131339e
                                                                                                                                                                                                                                0x013133a0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013133a2
                                                                                                                                                                                                                                0x013133a2
                                                                                                                                                                                                                                0x013133a5
                                                                                                                                                                                                                                0x013133a7
                                                                                                                                                                                                                                0x013133ad
                                                                                                                                                                                                                                0x013133af
                                                                                                                                                                                                                                0x013133b5
                                                                                                                                                                                                                                0x013133b7
                                                                                                                                                                                                                                0x013133b7
                                                                                                                                                                                                                                0x013133bb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013133a7
                                                                                                                                                                                                                                0x013133a0
                                                                                                                                                                                                                                0x01313393
                                                                                                                                                                                                                                0x01313389
                                                                                                                                                                                                                                0x01313384
                                                                                                                                                                                                                                0x01313380
                                                                                                                                                                                                                                0x01313339
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132d8
                                                                                                                                                                                                                                0x013132d8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132d8
                                                                                                                                                                                                                                0x013132d6
                                                                                                                                                                                                                                0x013131ec
                                                                                                                                                                                                                                0x013131ec
                                                                                                                                                                                                                                0x013131f0
                                                                                                                                                                                                                                0x0131323e
                                                                                                                                                                                                                                0x0131323e
                                                                                                                                                                                                                                0x01313242
                                                                                                                                                                                                                                0x01313243
                                                                                                                                                                                                                                0x01313246
                                                                                                                                                                                                                                0x01313285
                                                                                                                                                                                                                                0x01313285
                                                                                                                                                                                                                                0x01313289
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313248
                                                                                                                                                                                                                                0x01313248
                                                                                                                                                                                                                                0x0131324c
                                                                                                                                                                                                                                0x01313254
                                                                                                                                                                                                                                0x0131325b
                                                                                                                                                                                                                                0x0131325f
                                                                                                                                                                                                                                0x01313260
                                                                                                                                                                                                                                0x01313263
                                                                                                                                                                                                                                0x0131326d
                                                                                                                                                                                                                                0x01313272
                                                                                                                                                                                                                                0x01313273
                                                                                                                                                                                                                                0x01313276
                                                                                                                                                                                                                                0x01313278
                                                                                                                                                                                                                                0x0131327d
                                                                                                                                                                                                                                0x0131327f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313265
                                                                                                                                                                                                                                0x01313265
                                                                                                                                                                                                                                0x0131328b
                                                                                                                                                                                                                                0x0131328d
                                                                                                                                                                                                                                0x01313290
                                                                                                                                                                                                                                0x01313293
                                                                                                                                                                                                                                0x01313295
                                                                                                                                                                                                                                0x01313295
                                                                                                                                                                                                                                0x01313295
                                                                                                                                                                                                                                0x01313295
                                                                                                                                                                                                                                0x01313298
                                                                                                                                                                                                                                0x0131329b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131329d
                                                                                                                                                                                                                                0x0131329d
                                                                                                                                                                                                                                0x0131329d
                                                                                                                                                                                                                                0x0131329d
                                                                                                                                                                                                                                0x013132a0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132a2
                                                                                                                                                                                                                                0x013132a2
                                                                                                                                                                                                                                0x013132a6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132a8
                                                                                                                                                                                                                                0x013132a8
                                                                                                                                                                                                                                0x013132ad
                                                                                                                                                                                                                                0x013132b0
                                                                                                                                                                                                                                0x013132b5
                                                                                                                                                                                                                                0x013132b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132bd
                                                                                                                                                                                                                                0x013132bd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132bd
                                                                                                                                                                                                                                0x013132b7
                                                                                                                                                                                                                                0x013132a6
                                                                                                                                                                                                                                0x013132a0
                                                                                                                                                                                                                                0x0131329b
                                                                                                                                                                                                                                0x0131324e
                                                                                                                                                                                                                                0x0131324e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131324e
                                                                                                                                                                                                                                0x0131324c
                                                                                                                                                                                                                                0x013131f2
                                                                                                                                                                                                                                0x013131fa
                                                                                                                                                                                                                                0x01313201
                                                                                                                                                                                                                                0x01313203
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313205
                                                                                                                                                                                                                                0x01313205
                                                                                                                                                                                                                                0x01313207
                                                                                                                                                                                                                                0x01313209
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131320b
                                                                                                                                                                                                                                0x01313212
                                                                                                                                                                                                                                0x01313215
                                                                                                                                                                                                                                0x01313217
                                                                                                                                                                                                                                0x0131321a
                                                                                                                                                                                                                                0x0131321c
                                                                                                                                                                                                                                0x0131321f
                                                                                                                                                                                                                                0x01313221
                                                                                                                                                                                                                                0x01313223
                                                                                                                                                                                                                                0x01313228
                                                                                                                                                                                                                                0x0131322b
                                                                                                                                                                                                                                0x0131322d
                                                                                                                                                                                                                                0x01313232
                                                                                                                                                                                                                                0x01313234
                                                                                                                                                                                                                                0x013133e9
                                                                                                                                                                                                                                0x013133e9
                                                                                                                                                                                                                                0x0131323a
                                                                                                                                                                                                                                0x0131323a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131323a
                                                                                                                                                                                                                                0x01313234
                                                                                                                                                                                                                                0x01313209
                                                                                                                                                                                                                                0x01313203
                                                                                                                                                                                                                                0x013131f0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132ec
                                                                                                                                                                                                                                0x013132ee
                                                                                                                                                                                                                                0x013132f4
                                                                                                                                                                                                                                0x013132f6
                                                                                                                                                                                                                                0x013132f6
                                                                                                                                                                                                                                0x01313300
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313300
                                                                                                                                                                                                                                0x0131330c
                                                                                                                                                                                                                                0x0131330f
                                                                                                                                                                                                                                0x013131b0
                                                                                                                                                                                                                                0x013131b1
                                                                                                                                                                                                                                0x013131b7
                                                                                                                                                                                                                                0x013131ae
                                                                                                                                                                                                                                0x013133ff
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0131313E
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,00000068,0131342F,00000000,?), ref: 0131315E
                                                                                                                                                                                                                                • CoTaskMemAlloc.OLE32(?,?,?,?), ref: 01313195
                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,?,?), ref: 013131B1
                                                                                                                                                                                                                                • CharNextW.USER32(HKCR), ref: 01313212
                                                                                                                                                                                                                                • CharNextW.USER32(00000000), ref: 01313217
                                                                                                                                                                                                                                • CharNextW.USER32(00000000), ref: 0131321C
                                                                                                                                                                                                                                • CharNextW.USER32(00000000), ref: 01313221
                                                                                                                                                                                                                                  • Part of subcall function 01312839: __EH_prolog3.LIBCMT ref: 01312840
                                                                                                                                                                                                                                  • Part of subcall function 01312839: lstrlenW.KERNEL32(?,00000004,0131339E,?,?,?,?,?,?,?,?,?), ref: 01312855
                                                                                                                                                                                                                                • CharNextW.USER32(08000000), ref: 0131325B
                                                                                                                                                                                                                                • CharNextW.USER32 ref: 0131326D
                                                                                                                                                                                                                                • CharNextW.USER32(08000000), ref: 013132CA
                                                                                                                                                                                                                                • CharNextW.USER32(?,08000000), ref: 013132EE
                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 0131330F
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0131336A
                                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,?,?,?,?,?,?,?), ref: 013133AF
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,?,?,?,?,?,?,?), ref: 013133E3
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext$Task$Freelstrlen$AllocExceptionH_prolog3H_prolog3_Raiselstrcmpi
                                                                                                                                                                                                                                • String ID: }}$HKCR$HKCU{Software{Classes
                                                                                                                                                                                                                                • API String ID: 3924261392-1142484189
                                                                                                                                                                                                                                • Opcode ID: 61067850b32655617c490a4fef4c1a5afb38cd97f045b5b7de5b0edd45323d3a
                                                                                                                                                                                                                                • Instruction ID: 2a4d5bae5f83d66c8b8455af02f67b226376692dce4b7b37bcf7fa850835db86
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61067850b32655617c490a4fef4c1a5afb38cd97f045b5b7de5b0edd45323d3a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F681DD719003558FEF2AABA8C8447AE7BB8FF05328F144429E805EF28DDB75E841CB55
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0133756E, Relevance: 31.9, APIs: 12, Strings: 6, Instructions: 363COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                			E0133756E(void* __ebx, signed char __edi, void* __esi, void* __eflags) {
				long _v4;
				signed int _v8;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				long _v28;
				char _v44;
				intOrPtr _v60;
				char _v80;
				signed int _v81;
				char _v82;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				short _v4116;
				char _v4144;
				intOrPtr _v4148;
				signed int _v4152;
				long _t156;
				signed int _t158;
				signed int _t162;
				signed int _t163;
				signed int _t166;
				char* _t191;
				void* _t194;
				void* _t198;
				intOrPtr _t201;
				void* _t211;
				signed int _t212;
				void* _t221;
				void* _t226;
				void* _t228;
				void* _t234;
				void* _t240;
				signed int _t241;
				void* _t250;
				void* _t255;
				void* _t257;
				long _t263;
				signed char _t270;
				signed int _t308;
				signed char _t309;
				signed char _t310;
				void* _t312;
				char* _t317;
				char* _t323;
				signed int _t328;
				signed int _t330;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				void* _t338;
				void* _t378;
				void* _t382;

				_t309 = __edi;
				_push(0x54);
				E0137C242(0x1396f1b, __ebx, __edi, __esi);
				_t263 = 0;
				_t338 =  *0x13c2a33 - _t263; // 0x0
				if(_t338 != 0) {
					_t330 = _t330 - 0x1c;
					_v92 = _t330;
					E01319638(_t330, "SaveCurrentOfferState()...");
					_t270 = 0x13c2b18;
					E0134BA76(0, 0x13c2b18, _t308, __edi, __esi, _t338);
				}
				GetDlgItem( *(_t309 + 4), 0xcd);
				_v24 = 7;
				_v28 = _t263;
				_v44 = 0;
				_v4 = _t263;
				_t156 =  *(_t309 + 0x610);
				_t314 = 0;
				_v82 = 1;
				_v92 = _t156;
				_v88 = 0;
				if(_t156 <= _t263) {
					L19:
					_t157 =  *(_t309 + 0x60c);
					if( *(_t309 + 0x60c) != _t263) {
						E01375111(_t157);
						_pop(_t270);
						 *(_t309 + 0x60c) = _t263;
					}
					_t314 = 0;
					 *(_t309 + 0x610) = _t263;
					 *(_t309 + 0x614) = _t263;
					_v88 = 0;
					if( *(_t309 + 0x61c) <= _t263) {
						L38:
						_t372 =  *((intOrPtr*)(_t309 + 0x219)) - _t263;
						if( *((intOrPtr*)(_t309 + 0x219)) != _t263) {
							_t314 = L"decline:true";
							_t198 = E01376D83(L"decline:true");
							_t270 =  &_v44;
							E0131B7E3(_t270, _t372, L"decline:true", _t198);
						}
						_t158 =  *(_t309 + 0x140);
						if(_t158 < _t263 || _t158 >=  *((intOrPtr*)(_t309 + 0x628))) {
							goto L57;
						} else {
							if( *((intOrPtr*)(_t158 * 0x334 +  *((intOrPtr*)(_t309 + 0x624)) + 0x1b0)) != _t263 &&  *((intOrPtr*)(_t309 + 0x211)) != _t263 && _v28 != _t263) {
								_t378 =  *0x13c2a33 - _t263; // 0x0
								if(_t378 != 0) {
									_push( &_v80);
									_t194 = E0135BE26(_t263,  &_v44, _t309, _t314, _t378);
									_t334 = _t330 - 0x18;
									_v92 = _t334;
									_v4 = 3;
									E0131D888(_t334, _t334, "Saving toolbar offer selections: ", _t194);
									_t330 = _t334 + 0xc;
									E0134BA76(_t263, 0x13c2b18, _t308, _t309, _t314, _t378);
									_v4 = _t263;
									E01311524( &_v80, 1, _t263);
								}
								E01319B08( &_v80,  &_v44);
								_v4 = 4;
								if(E01357C06( &_v80, _t308, _t309, _t314) != 0) {
									_t191 = _v80;
									if(_v60 < 8) {
										_t191 =  &_v80;
									}
									E013124A4(0x13c2db0, L"PIP_Toolbar_Selection", _t191);
								}
								_v4 = _t263;
								E0131AA87( &_v80, 1, _t263);
							}
							_t179 =  *(_t309 + 0x618);
							if( *(_t309 + 0x618) != _t263) {
								E01375111(_t179);
								 *(_t309 + 0x618) = _t263;
							}
							 *(_t309 + 0x61c) = _t263;
							 *(_t309 + 0x620) = _t263;
							_t382 =  *0x13c2a33 - _t263; // 0x0
							if(_t382 != 0) {
								_v92 = _t330 - 0x1c;
								E01319638(_t330 - 0x1c,  *(_t309 + 0x140) + "Finished saving offer state for offer ");
								E0134BA76(_t263, 0x13c2b18, _t308, _t309, _t314,  *(_t309 + 0x140) + "Finished saving offer state for offer ");
							}
							E0131AA87( &_v44, 1, _t263);
							return E0137C2C5(_t263, _t309, _t314);
						}
					} else {
						while(_t314 >= _t263 && _t314 <  *(_t309 + 0x61c)) {
							_t308 = _t314;
							_t201 =  *((intOrPtr*)( *(_t309 + 0x618) + _t308 * 4));
							_t270 =  *((intOrPtr*)(_t201 + 0x59));
							 *( *(_t201 + 0x88)) = _t270;
							if(_t314 >=  *(_t309 + 0x61c)) {
								goto L57;
							} else {
								_v81 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *(_t309 + 0x618) + _t308 * 4)) + 0x88))));
								_t360 = _t314 -  *(_t309 + 0x610);
								if(_t314 >=  *(_t309 + 0x610)) {
									goto L57;
								} else {
									_t330 = _t330 - 0x1c;
									_v92 = _t330;
									E013116F0(_t330,  *((intOrPtr*)( *(_t309 + 0x60c) + _t308 * 4)) + 0x38);
									_t270 = _t309;
									_t211 = E0134032A(_t263, _t270, _t309, _t314, _t360);
									if(_t211 != _t263) {
										_v81 = _v81 &  *(_t211 + 0x194);
									}
									if( *((intOrPtr*)(_t309 + 0x219)) != _t263) {
										L37:
										_t314 = _t314 + 1;
										_v88 = _t314;
										if(_t314 <  *(_t309 + 0x61c)) {
											continue;
										} else {
											goto L38;
										}
									} else {
										_t212 =  *(_t309 + 0x140);
										if(_t212 < _t263 || _t212 >=  *((intOrPtr*)(_t309 + 0x628))) {
											goto L57;
										} else {
											_t270 = _v81;
											 *(_t212 * 0x334 +  *((intOrPtr*)(_t309 + 0x624)) + 0x1ee) =  *(_t212 * 0x334 +  *((intOrPtr*)(_t309 + 0x624)) + 0x1ee) | _t270;
											_t366 = _v82 - _t263;
											if(_v82 == _t263) {
												_t228 = E01376D83("|");
												_pop(_t270);
												E0131B74B(_t228,  &_v44, _t366, "|");
												_t314 = _v88;
												_t263 = 0;
											}
											_push(0xffffffff);
											_push(0xfde9);
											_push(0xfde9);
											_t368 = _t314 -  *(_t309 + 0x61c);
											if(_t314 >=  *(_t309 + 0x61c)) {
												goto L57;
											} else {
												_t335 = _t330 - 0x1c;
												_v92 = _t335;
												E013116F0(_t335,  *((intOrPtr*)( *(_t309 + 0x618) + _t314 * 4)) + 0x6c);
												_push( &_v80);
												_t221 = E0135BED6(_t263, _t309, _t314, _t368);
												_t330 = _t335 + 0x2c;
												_v4 = 2;
												E0131B6A8( &_v44, _t221, _t263, 0xffffffff);
												_v4 = _t263;
												E0131AA87( &_v80, 1, _t263);
												E0131B74B(E01376D83(":"),  &_v44, _t368, ":");
												_t369 = _v81;
												_t317 = L"true";
												if(_v81 == 0) {
													_t317 = L"false";
												}
												_t226 = E01376D83(_t317);
												_pop(_t270);
												E0131B74B(_t226,  &_v44, _t369, _t317);
												_t314 = _v88;
												_v82 = 0;
												_t263 = 0;
												goto L37;
											}
										}
									}
								}
							}
							goto L65;
						}
						goto L57;
					}
				} else {
					while(_t314 >= _t263 && _t314 <  *(_t309 + 0x610)) {
						_v96 =  *((intOrPtr*)( *(_t309 + 0x60c) + _t314 * 4));
						_t234 = E01321300( *((intOrPtr*)( *(_t309 + 0x60c) + _t314 * 4)));
						_t270 =  *(_v96 + 0x70);
						 *_t270 = _t234;
						_t342 = _t314 -  *(_t309 + 0x610);
						if(_t314 >=  *(_t309 + 0x610)) {
							break;
						} else {
							_t330 = _t330 - 0x1c;
							_v81 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *(_t309 + 0x60c) + _t314 * 4)) + 0x70))));
							_v96 = _t330;
							E013116F0(_t330,  *((intOrPtr*)( *(_t309 + 0x60c) + _t314 * 4)) + 0x38);
							_t270 = _t309;
							_t240 = E0134032A(_t263, _t270, _t309, _t314, _t342);
							if(_t240 == _t263) {
								L9:
								if( *((intOrPtr*)(_t309 + 0x219)) != _t263) {
									goto L18;
								} else {
									_t241 =  *(_t309 + 0x140);
									if(_t241 < _t263 || _t241 >=  *((intOrPtr*)(_t309 + 0x628))) {
										break;
									} else {
										_t270 = _v81;
										 *(_t241 * 0x334 +  *((intOrPtr*)(_t309 + 0x624)) + 0x1ee) =  *(_t241 * 0x334 +  *((intOrPtr*)(_t309 + 0x624)) + 0x1ee) | _t270;
										_t349 = _v82 - _t263;
										if(_v82 == _t263) {
											_t257 = E01376D83("|");
											_pop(_t270);
											E0131B74B(_t257,  &_v44, _t349, "|");
											_t314 = _v88;
											_t263 = 0;
										}
										_push(0xffffffff);
										_push(0xfde9);
										_push(0xfde9);
										_t351 = _t314 -  *(_t309 + 0x610);
										if(_t314 >=  *(_t309 + 0x610)) {
											break;
										} else {
											_t336 = _t330 - 0x1c;
											_v96 = _t336;
											E013116F0(_t336,  *((intOrPtr*)( *(_t309 + 0x60c) + _t314 * 4)) + 0x38);
											_push( &_v80);
											_t250 = E0135BED6(_t263, _t309, _t314, _t351);
											_t330 = _t336 + 0x2c;
											_v4 = 1;
											E0131B6A8( &_v44, _t250, _t263, 0xffffffff);
											_v4 = _t263;
											E0131AA87( &_v80, 1, _t263);
											E0131B74B(E01376D83(":"),  &_v44, _t351, ":");
											_t352 = _v81;
											_t323 = L"true";
											if(_v81 == 0) {
												_t323 = L"false";
											}
											_t255 = E01376D83(_t323);
											_pop(_t270);
											E0131B74B(_t255,  &_v44, _t352, _t323);
											_t314 = _v88;
											_v82 = 0;
											_t263 = 0;
											goto L18;
										}
									}
								}
							} else {
								if( *((intOrPtr*)(_t240 + 0x160)) != _t263) {
									L18:
									_t314 = _t314 + 1;
									_v88 = _t314;
									if(_t314 < _v92) {
										continue;
									} else {
										goto L19;
									}
								} else {
									_v81 = _v81 &  *(_t240 + 0x194);
									goto L9;
								}
							}
						}
						goto L65;
					}
					L57:
					RaiseException(0xc000008c, 1, _t263, _t263);
					asm("int3");
					_t328 = _t330;
					_push(0xffffffff);
					_push(0x1395173);
					_push( *[fs:0x0]);
					E01385300(0x1024);
					_t162 =  *0x13bce20; // 0xb4b6cc09
					_t163 = _t162 ^ _t328;
					_v24 = _t163;
					_push(_t309);
					_push(_t163);
					 *[fs:0x0] =  &_v20;
					_v4152 = _v4152 & 0x00000000;
					__eflags =  *0x13c2a33;
					_t310 = _t270;
					if( *0x13c2a33 != 0) {
						_v4148 = _t330 - 0x1c;
						E01319638(_t330 - 0x1c, "GetTempFolderPath()...");
						E0134BA76(_t263, 0x13c2b18, _t308, _t310, _t314, __eflags);
					}
					_t166 = GetTempPathW(0x800,  &_v4116);
					__eflags = _t166 - 0x104;
					if(_t166 > 0x104) {
						L63:
						__eflags = _t310 + 0x9c;
						E01319B08(_t314, _t310 + 0x9c);
					} else {
						__eflags = _t166;
						if(_t166 == 0) {
							goto L63;
						} else {
							E01319B30( &_v4144,  &_v4116);
							_v8 = _v8 & 0x00000000;
							E01319B61(_t314,  &_v4144);
							E0131AA87( &_v4144, 1, 0);
						}
					}
					 *[fs:0x0] = _v16;
					_pop(_t312);
					__eflags = _v20 ^ _t328;
					return E013748C1(_t314, _t263, _v20 ^ _t328, _t308, _t312, _t314);
				}
				L65:
			}

























































                                                                                                                                                                                                                                0x0133756e
                                                                                                                                                                                                                                0x0133756e
                                                                                                                                                                                                                                0x01337575
                                                                                                                                                                                                                                0x0133757a
                                                                                                                                                                                                                                0x0133757c
                                                                                                                                                                                                                                0x01337582
                                                                                                                                                                                                                                0x01337584
                                                                                                                                                                                                                                0x01337589
                                                                                                                                                                                                                                0x01337591
                                                                                                                                                                                                                                0x01337596
                                                                                                                                                                                                                                0x0133759b
                                                                                                                                                                                                                                0x0133759b
                                                                                                                                                                                                                                0x013375a8
                                                                                                                                                                                                                                0x013375b0
                                                                                                                                                                                                                                0x013375b7
                                                                                                                                                                                                                                0x013375ba
                                                                                                                                                                                                                                0x013375be
                                                                                                                                                                                                                                0x013375c1
                                                                                                                                                                                                                                0x013375c7
                                                                                                                                                                                                                                0x013375c9
                                                                                                                                                                                                                                0x013375cd
                                                                                                                                                                                                                                0x013375d0
                                                                                                                                                                                                                                0x013375d5
                                                                                                                                                                                                                                0x01337760
                                                                                                                                                                                                                                0x01337760
                                                                                                                                                                                                                                0x01337768
                                                                                                                                                                                                                                0x0133776b
                                                                                                                                                                                                                                0x01337770
                                                                                                                                                                                                                                0x01337771
                                                                                                                                                                                                                                0x01337771
                                                                                                                                                                                                                                0x01337777
                                                                                                                                                                                                                                0x01337779
                                                                                                                                                                                                                                0x0133777f
                                                                                                                                                                                                                                0x01337785
                                                                                                                                                                                                                                0x0133778e
                                                                                                                                                                                                                                0x0133791f
                                                                                                                                                                                                                                0x0133791f
                                                                                                                                                                                                                                0x01337925
                                                                                                                                                                                                                                0x01337927
                                                                                                                                                                                                                                0x0133792d
                                                                                                                                                                                                                                0x01337935
                                                                                                                                                                                                                                0x01337938
                                                                                                                                                                                                                                0x01337938
                                                                                                                                                                                                                                0x0133793d
                                                                                                                                                                                                                                0x01337945
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01337957
                                                                                                                                                                                                                                0x01337969
                                                                                                                                                                                                                                0x01337984
                                                                                                                                                                                                                                0x0133798a
                                                                                                                                                                                                                                0x0133798f
                                                                                                                                                                                                                                0x01337993
                                                                                                                                                                                                                                0x01337998
                                                                                                                                                                                                                                0x0133799d
                                                                                                                                                                                                                                0x013379a7
                                                                                                                                                                                                                                0x013379ab
                                                                                                                                                                                                                                0x013379b0
                                                                                                                                                                                                                                0x013379b8
                                                                                                                                                                                                                                0x013379c3
                                                                                                                                                                                                                                0x013379c6
                                                                                                                                                                                                                                0x013379c6
                                                                                                                                                                                                                                0x013379d2
                                                                                                                                                                                                                                0x013379d7
                                                                                                                                                                                                                                0x013379e2
                                                                                                                                                                                                                                0x013379e8
                                                                                                                                                                                                                                0x013379eb
                                                                                                                                                                                                                                0x013379ed
                                                                                                                                                                                                                                0x013379ed
                                                                                                                                                                                                                                0x013379fb
                                                                                                                                                                                                                                0x013379fb
                                                                                                                                                                                                                                0x01337a06
                                                                                                                                                                                                                                0x01337a09
                                                                                                                                                                                                                                0x01337a09
                                                                                                                                                                                                                                0x01337a0e
                                                                                                                                                                                                                                0x01337a16
                                                                                                                                                                                                                                0x01337a19
                                                                                                                                                                                                                                0x01337a1f
                                                                                                                                                                                                                                0x01337a1f
                                                                                                                                                                                                                                0x01337a25
                                                                                                                                                                                                                                0x01337a2b
                                                                                                                                                                                                                                0x01337a31
                                                                                                                                                                                                                                0x01337a37
                                                                                                                                                                                                                                0x01337a49
                                                                                                                                                                                                                                0x01337a4d
                                                                                                                                                                                                                                0x01337a57
                                                                                                                                                                                                                                0x01337a57
                                                                                                                                                                                                                                0x01337a62
                                                                                                                                                                                                                                0x01337a6c
                                                                                                                                                                                                                                0x01337a6c
                                                                                                                                                                                                                                0x01337794
                                                                                                                                                                                                                                0x01337794
                                                                                                                                                                                                                                0x013377ae
                                                                                                                                                                                                                                0x013377b0
                                                                                                                                                                                                                                0x013377b3
                                                                                                                                                                                                                                0x013377bc
                                                                                                                                                                                                                                0x013377c4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013377ca
                                                                                                                                                                                                                                0x013377db
                                                                                                                                                                                                                                0x013377de
                                                                                                                                                                                                                                0x013377e4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013377ea
                                                                                                                                                                                                                                0x013377f3
                                                                                                                                                                                                                                0x013377fb
                                                                                                                                                                                                                                0x013377ff
                                                                                                                                                                                                                                0x01337804
                                                                                                                                                                                                                                0x01337806
                                                                                                                                                                                                                                0x0133780d
                                                                                                                                                                                                                                0x01337815
                                                                                                                                                                                                                                0x01337815
                                                                                                                                                                                                                                0x0133781e
                                                                                                                                                                                                                                0x0133790f
                                                                                                                                                                                                                                0x0133790f
                                                                                                                                                                                                                                0x01337910
                                                                                                                                                                                                                                0x01337919
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01337824
                                                                                                                                                                                                                                0x01337824
                                                                                                                                                                                                                                0x0133782c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133783e
                                                                                                                                                                                                                                0x0133783e
                                                                                                                                                                                                                                0x0133784d
                                                                                                                                                                                                                                0x01337853
                                                                                                                                                                                                                                0x01337856
                                                                                                                                                                                                                                0x0133785e
                                                                                                                                                                                                                                0x01337863
                                                                                                                                                                                                                                0x0133786a
                                                                                                                                                                                                                                0x0133786f
                                                                                                                                                                                                                                0x01337872
                                                                                                                                                                                                                                0x01337872
                                                                                                                                                                                                                                0x01337874
                                                                                                                                                                                                                                0x0133787b
                                                                                                                                                                                                                                0x0133787c
                                                                                                                                                                                                                                0x0133787d
                                                                                                                                                                                                                                0x01337883
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01337889
                                                                                                                                                                                                                                0x01337892
                                                                                                                                                                                                                                0x0133789a
                                                                                                                                                                                                                                0x0133789e
                                                                                                                                                                                                                                0x013378a6
                                                                                                                                                                                                                                0x013378a7
                                                                                                                                                                                                                                0x013378ac
                                                                                                                                                                                                                                0x013378b6
                                                                                                                                                                                                                                0x013378ba
                                                                                                                                                                                                                                0x013378c5
                                                                                                                                                                                                                                0x013378c8
                                                                                                                                                                                                                                0x013378df
                                                                                                                                                                                                                                0x013378e4
                                                                                                                                                                                                                                0x013378e8
                                                                                                                                                                                                                                0x013378ed
                                                                                                                                                                                                                                0x013378ef
                                                                                                                                                                                                                                0x013378ef
                                                                                                                                                                                                                                0x013378f5
                                                                                                                                                                                                                                0x013378fa
                                                                                                                                                                                                                                0x01337901
                                                                                                                                                                                                                                0x01337906
                                                                                                                                                                                                                                0x01337909
                                                                                                                                                                                                                                0x0133790d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133790d
                                                                                                                                                                                                                                0x01337883
                                                                                                                                                                                                                                0x0133782c
                                                                                                                                                                                                                                0x0133781e
                                                                                                                                                                                                                                0x013377e4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013377c4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01337794
                                                                                                                                                                                                                                0x013375db
                                                                                                                                                                                                                                0x013375db
                                                                                                                                                                                                                                0x013375fa
                                                                                                                                                                                                                                0x013375fd
                                                                                                                                                                                                                                0x01337605
                                                                                                                                                                                                                                0x01337608
                                                                                                                                                                                                                                0x0133760a
                                                                                                                                                                                                                                0x01337610
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01337616
                                                                                                                                                                                                                                0x01337628
                                                                                                                                                                                                                                0x0133762b
                                                                                                                                                                                                                                0x01337633
                                                                                                                                                                                                                                0x01337637
                                                                                                                                                                                                                                0x0133763c
                                                                                                                                                                                                                                0x0133763e
                                                                                                                                                                                                                                0x01337645
                                                                                                                                                                                                                                0x0133765c
                                                                                                                                                                                                                                0x01337662
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01337668
                                                                                                                                                                                                                                0x01337668
                                                                                                                                                                                                                                0x01337670
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01337682
                                                                                                                                                                                                                                0x01337682
                                                                                                                                                                                                                                0x01337691
                                                                                                                                                                                                                                0x01337697
                                                                                                                                                                                                                                0x0133769a
                                                                                                                                                                                                                                0x013376a2
                                                                                                                                                                                                                                0x013376a7
                                                                                                                                                                                                                                0x013376ae
                                                                                                                                                                                                                                0x013376b3
                                                                                                                                                                                                                                0x013376b6
                                                                                                                                                                                                                                0x013376b6
                                                                                                                                                                                                                                0x013376b8
                                                                                                                                                                                                                                0x013376bf
                                                                                                                                                                                                                                0x013376c0
                                                                                                                                                                                                                                0x013376c1
                                                                                                                                                                                                                                0x013376c7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013376cd
                                                                                                                                                                                                                                0x013376d6
                                                                                                                                                                                                                                0x013376de
                                                                                                                                                                                                                                0x013376e2
                                                                                                                                                                                                                                0x013376ea
                                                                                                                                                                                                                                0x013376eb
                                                                                                                                                                                                                                0x013376f0
                                                                                                                                                                                                                                0x013376fa
                                                                                                                                                                                                                                0x013376fe
                                                                                                                                                                                                                                0x01337709
                                                                                                                                                                                                                                0x0133770c
                                                                                                                                                                                                                                0x01337723
                                                                                                                                                                                                                                0x01337728
                                                                                                                                                                                                                                0x0133772c
                                                                                                                                                                                                                                0x01337731
                                                                                                                                                                                                                                0x01337733
                                                                                                                                                                                                                                0x01337733
                                                                                                                                                                                                                                0x01337739
                                                                                                                                                                                                                                0x0133773e
                                                                                                                                                                                                                                0x01337745
                                                                                                                                                                                                                                0x0133774a
                                                                                                                                                                                                                                0x0133774d
                                                                                                                                                                                                                                0x01337751
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01337751
                                                                                                                                                                                                                                0x013376c7
                                                                                                                                                                                                                                0x01337670
                                                                                                                                                                                                                                0x01337647
                                                                                                                                                                                                                                0x0133764d
                                                                                                                                                                                                                                0x01337753
                                                                                                                                                                                                                                0x01337753
                                                                                                                                                                                                                                0x01337754
                                                                                                                                                                                                                                0x0133775a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01337653
                                                                                                                                                                                                                                0x01337659
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01337659
                                                                                                                                                                                                                                0x0133764d
                                                                                                                                                                                                                                0x01337645
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01337610
                                                                                                                                                                                                                                0x01337a6d
                                                                                                                                                                                                                                0x01337a76
                                                                                                                                                                                                                                0x01337a7c
                                                                                                                                                                                                                                0x01337a7e
                                                                                                                                                                                                                                0x01337a80
                                                                                                                                                                                                                                0x01337a82
                                                                                                                                                                                                                                0x01337a8d
                                                                                                                                                                                                                                0x01337a93
                                                                                                                                                                                                                                0x01337a98
                                                                                                                                                                                                                                0x01337a9d
                                                                                                                                                                                                                                0x01337a9f
                                                                                                                                                                                                                                0x01337aa2
                                                                                                                                                                                                                                0x01337aa3
                                                                                                                                                                                                                                0x01337aa7
                                                                                                                                                                                                                                0x01337aad
                                                                                                                                                                                                                                0x01337ab4
                                                                                                                                                                                                                                0x01337abb
                                                                                                                                                                                                                                0x01337abd
                                                                                                                                                                                                                                0x01337ac4
                                                                                                                                                                                                                                0x01337acf
                                                                                                                                                                                                                                0x01337ad9
                                                                                                                                                                                                                                0x01337ad9
                                                                                                                                                                                                                                0x01337aea
                                                                                                                                                                                                                                0x01337af0
                                                                                                                                                                                                                                0x01337af5
                                                                                                                                                                                                                                0x01337b30
                                                                                                                                                                                                                                0x01337b30
                                                                                                                                                                                                                                0x01337b39
                                                                                                                                                                                                                                0x01337af7
                                                                                                                                                                                                                                0x01337af7
                                                                                                                                                                                                                                0x01337af9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01337afb
                                                                                                                                                                                                                                0x01337b08
                                                                                                                                                                                                                                0x01337b0d
                                                                                                                                                                                                                                0x01337b1a
                                                                                                                                                                                                                                0x01337b29
                                                                                                                                                                                                                                0x01337b29
                                                                                                                                                                                                                                0x01337af9
                                                                                                                                                                                                                                0x01337b43
                                                                                                                                                                                                                                0x01337b4b
                                                                                                                                                                                                                                0x01337b4f
                                                                                                                                                                                                                                0x01337b57
                                                                                                                                                                                                                                0x01337b57
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01337575
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 013375A8
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01337717
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01337739
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0133776B
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0133785E
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: std::_Xinvalid_argument.LIBCPMT ref: 0131B6BF
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: std::_Xinvalid_argument.LIBCPMT ref: 0131B6E1
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: _memmove.LIBCMT ref: 0131B725
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 013378D3
                                                                                                                                                                                                                                  • Part of subcall function 0131B74B: std::_Xinvalid_argument.LIBCPMT ref: 0131B78B
                                                                                                                                                                                                                                  • Part of subcall function 0131B74B: _memmove.LIBCMT ref: 0131B7BF
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 013378F5
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0133792D
                                                                                                                                                                                                                                • _free.LIBCMT ref: 01337A19
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 013376A2
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen$Xinvalid_argument_memmovestd::_$H_prolog3__free$CurrentItemLocalProcessTime_memset_strlenswprintf
                                                                                                                                                                                                                                • String ID: PIP_Toolbar_Selection$SaveCurrentOfferState()...$Saving toolbar offer selections: $decline:true$false$true
                                                                                                                                                                                                                                • API String ID: 2683461092-2116680802
                                                                                                                                                                                                                                • Opcode ID: 3fc42be7f25bc93b5cbb02e147556a9a22f8980e1cc774342332e151d15e2b59
                                                                                                                                                                                                                                • Instruction ID: 8471d1c0f093384d0141c322370ac13d992b86950b6731777d12aa23963c7054
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3fc42be7f25bc93b5cbb02e147556a9a22f8980e1cc774342332e151d15e2b59
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DEE1F4B1E00286AFEB15EBFCC880AEDFBB5AF55318F080169D514BB345C6706A59CBD1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01313560, Relevance: 30.2, APIs: 13, Strings: 4, Instructions: 432registrystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                                                                			E01313560(void* __ecx, void** __edx, void* _a4, void* _a8, void* _a12, signed int _a16, void* _a20, void* _a24, signed int _a28, signed int _a32, void* _a36, void* _a40, void* _a44, signed int _a48, void* _a52, signed int _a56, signed int _a60, char _a64, short _a584, intOrPtr _a8764, signed int _a8780, char _a8788, char _a8796) {
				void* _v0;
				void* _v4;
				void* _v8;
				void* _v12;
				void* _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t142;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t161;
				void* _t172;
				void* _t173;
				void* _t182;
				void* _t184;
				int _t187;
				void* _t194;
				void* _t199;
				void* _t201;
				void* _t208;
				void* _t209;
				void* _t212;
				void* _t222;
				void* _t230;
				void* _t231;
				void* _t240;
				void* _t261;
				void* _t262;
				void* _t265;
				WCHAR* _t270;
				void* _t271;
				void* _t272;
				signed int _t273;
				signed int _t274;
				void* _t293;

				_t259 = __edx;
				_t274 = _t273 & 0xfffffff8;
				_push(0xffffffff);
				_push(0x139238c);
				_push( *[fs:0x0]);
				_push(__ecx);
				E01385300(0x2264);
				_t142 =  *0x13bce20; // 0xb4b6cc09
				_a8780 = _t142 ^ _t274;
				_t144 =  *0x13bce20; // 0xb4b6cc09
				_push(_t144 ^ _t274);
				 *[fs:0x0] =  &_a8788;
				_t270 = _a4;
				_t261 = 0;
				_v16 = __ecx;
				_v0 = _a8;
				_v12 = 0;
				_v8 = 0;
				_v4 = 0;
				_a24 = _a16;
				_a8796 = 0;
				_t229 = E01312B6B(_t270, __ecx);
				if(_t229 < 0) {
					L64:
					 *[fs:0x0] = _a8788;
					_pop(_t262);
					_pop(_t271);
					_pop(_t230);
					return E013748C1(_t150, _t230, _a8780 ^ _t274, _t259, _t262, _t271);
				}
				if( *_t270 == 0x7d) {
					L63:
					_t150 = _t229;
					goto L64;
				} else {
					goto L4;
					L16:
					_t158 = lstrcmpiW(_t270, L"NoRemove");
					__eflags = _t158;
					if(_t158 != 0) {
						L18:
						_t159 = lstrcmpiW(_t270, L"Val");
						__eflags = _t159;
						if(_t159 != 0) {
							_t161 = E01312B1C(_t270, 0x5c);
							_pop(_t240);
							__eflags = _t161;
							if(_t161 != 0) {
								L85:
								__eflags = _v12 - _t261;
								if(_v12 != _t261) {
									RegCloseKey(_v12);
								}
								_t150 = 0x80020009;
								goto L64;
							}
							__eflags = _a12 - _t261;
							if(_a12 == _t261) {
								__eflags = _a16 - _t261;
								if(_a16 != _t261) {
									_a4 = 2;
								} else {
									_v4 = E01312452(0x20019,  &_v12, _t240, _v0, _t270);
									_t261 = 0;
								}
								__eflags = _a4 - _t261;
								if(_a4 != _t261) {
									_a16 = 1;
								}
								E01311B5C(E01375444( &_a64, 0x104, _t270, 0xffffffff));
								_t274 = _t274 + 0x14;
								_t229 = E01312B6B(_t270, _v16);
								__eflags = _t229 - _t261;
								if(_t229 < _t261) {
									L60:
									_t293 = _v12;
									L61:
									if(_t293 != 0) {
										RegCloseKey(_v12);
									}
									goto L63;
								} else {
									_t242 = _v16;
									_t229 = E013130DA(_t229, _v16, _t259, _t270);
									__eflags = _t229;
									if(_t229 < 0) {
										goto L60;
									}
									__eflags =  *_t270 - 0x7b;
									if( *_t270 != 0x7b) {
										L56:
										__eflags = _a4 - 2;
										_a16 = _a24;
										if(_a4 == 2) {
											L83:
											if( *_t270 != 0x7d) {
												_t261 = 0;
												__eflags = 0;
												L4:
												_a8 = 1;
												lstrcmpiW(_t270, L"Delete");
												asm("sbb ebx, ebx");
												_t231 = _t229 + 1;
												_a4 = _t231;
												if(lstrcmpiW(_t270, L"ForceRemove") == 0 || _t231 != _t261) {
													goto L6;
												} else {
													goto L16;
												}
											}
											goto L60;
										}
										_t170 = _a4;
										__eflags = _a4;
										if(_a4 == 0) {
											__eflags = _a24;
											if(_a24 == 0) {
												L70:
												_v0 = E013130A5(_t242, _v12);
												_t172 = 0;
												__eflags = _v16;
												if(_v16 != 0) {
													_t172 = RegCloseKey(_v12);
													_v12 = 0;
												}
												_v8 = 0;
												__eflags = _t172;
												if(_t172 != 0) {
													_t173 = E01311BF1(_t172);
													__eflags = _v12;
													L96:
													_t272 = _t173;
													if(__eflags != 0) {
														RegCloseKey(_v12);
													}
													_t150 = _t272;
													goto L64;
												} else {
													__eflags = _a8;
													if(_a8 == 0) {
														goto L83;
													}
													__eflags = _a4;
													if(_a4 != 0) {
														goto L83;
													}
													_a56 = _a56 & 0;
													_a60 = _a60 & 0;
													_a52 = _v0;
													_t170 = E01312376( &_a52,  &_a64);
													_a48 = 0;
													_a52 = 0;
													_a56 = 0;
													__eflags = _t170;
													if(_t170 != 0) {
														L59:
														_t229 = E01311BF1(_t170);
														goto L60;
													}
													_t124 =  &_a56;
													 *_t124 = _a56 & 0;
													__eflags =  *_t124;
													L77:
													_t261 = 0;
													L78:
													if(_a12 != _t261 &&  *_t270 == 0x7b && lstrlenW(_t270) == 1) {
														_t229 = E01313560(_v16, _t259, _t270, _v12, _a12, _t261);
														if(_t229 < _t261) {
															goto L60;
														}
														_t229 = E01312B6B(_t270, _v16);
														if(_t229 < _t261) {
															goto L60;
														}
													}
													goto L83;
												}
											}
											_t182 = E013130A5(_t242, _v12);
											__eflags = _t182;
											if(_t182 == 0) {
												goto L70;
											}
											_t184 = E01313076( &_a64);
											__eflags = _t184;
											if(_t184 != 0) {
												__eflags = _a8;
												if(__eflags != 0) {
													E013124D9( &_v12, _t259, __eflags,  &_a64);
												}
											}
											goto L83;
										}
										__eflags = _a24;
										if(_a24 != 0) {
											goto L83;
										}
										goto L59;
									}
									_t187 = lstrlenW(_t270);
									__eflags = _t187 - 1;
									if(_t187 != 1) {
										goto L56;
									}
									_t229 = E01313560(_v16, _t259, _t270, _v12, 0, _a16);
									__eflags = _t229;
									if(_t229 >= 0) {
										L55:
										_t242 = _a8764;
										_t229 = E01312B6B(_t270, _a8764);
										__eflags = _t229;
										if(_t229 < 0) {
											goto L60;
										}
										goto L56;
									}
									__eflags = _a16;
									if(_a16 == 0) {
										goto L60;
									}
									goto L55;
								}
							}
							_t233 =  &_v12;
							_t194 = E01312452(0x2001f,  &_v12, _t240, _v0, _t270);
							__eflags = _t194;
							if(_t194 == 0) {
								L40:
								_t229 = E01312B6B(_t270, _v16);
								__eflags = _t229;
								if(_t229 < 0) {
									goto L60;
								}
								__eflags =  *_t270 - 0x3d;
								if( *_t270 != 0x3d) {
									goto L77;
								}
								_t259 =  &_v12;
								_t229 = E01312C91(_v16,  &_v12, 0, _t270);
								__eflags = _t229;
								if(_t229 < 0) {
									goto L60;
								}
								goto L77;
							}
							_t199 = E01312452(0x20019,  &_v12, _t240, _v0, _t270);
							__eflags = _t199;
							if(_t199 == 0) {
								goto L40;
							}
							_t201 = E013123FB(_t233, _t240, _v0, _t270);
							__eflags = _t201;
							if(_t201 != 0) {
								_t173 = E01311BF1(_t201);
								__eflags = _v12;
								goto L96;
							}
							goto L40;
						}
						_t229 = E01312B6B( &_a584, _v16);
						__eflags = _t229 - _t261;
						if(_t229 < _t261) {
							goto L60;
						}
						_t244 = _v16;
						_t229 = E01312B6B(_t270, _v16);
						__eflags = _t229 - _t261;
						if(_t229 < _t261) {
							goto L60;
						}
						__eflags =  *_t270 - 0x3d;
						if( *_t270 != 0x3d) {
							goto L85;
						}
						__eflags = _a12 - _t261;
						if(_a12 == _t261) {
							__eflags = _a16 - _t261;
							if(_a16 != _t261) {
								L33:
								_t229 = E013130DA(_t229, _v16, _t259, _t270);
								__eflags = _t229;
								if(_t229 < 0) {
									goto L60;
								}
								goto L83;
							}
							__eflags = _a8 - _t261;
							if(_a8 == _t261) {
								goto L33;
							}
							_t229 =  &_a28;
							_a28 = _t261;
							_a32 = _t261;
							_a36 = _t261;
							_t208 = E01312452(0x20006,  &_a28, _t244, _v0, _t261);
							__eflags = _t208;
							if(_t208 != 0) {
								_t209 = E01311BF1(_t208);
								__eflags = _a28;
								_t229 = _t209;
								if(_a28 == 0) {
									goto L60;
								}
								_push(_a28);
								L93:
								RegCloseKey();
								goto L60;
							}
							_t265 = _a28;
							_t212 = RegDeleteValueW(_t265,  &_a584);
							__eflags = _t212;
							if(_t212 == 0) {
								L30:
								__eflags = _t265;
								if(_t265 != 0) {
									RegCloseKey(_t265);
									_t62 =  &_a28;
									 *_t62 = _a28 & 0x00000000;
									__eflags =  *_t62;
								}
								_t64 =  &_a32;
								 *_t64 = _a32 & 0x00000000;
								__eflags =  *_t64;
								goto L33;
							}
							__eflags = _t212 - 2;
							if(_t212 != 2) {
								_t229 = E01311BF1(_t212);
								__eflags = _t265;
								if(_t265 == 0) {
									goto L60;
								}
								_push(_t265);
								goto L93;
							}
							goto L30;
						}
						_a8796 = 1;
						_a40 = _v0;
						_t259 =  &_a40;
						_a44 = _t261;
						_a48 = _t261;
						_t229 = E01312C91(_v16,  &_a40,  &_a584, _t270);
						_a32 = _t261;
						_a36 = _t261;
						_a40 = _t261;
						__eflags = _t229 - _t261;
						if(_t229 < _t261) {
							__eflags = _v12 - _t261;
							goto L61;
						}
						_a8796 = 0;
						_a44 = _t261;
						goto L78;
					}
					_a8 = _t261;
					_t229 = E01312B6B(_t270, _v16);
					__eflags = _t229 - _t261;
					if(_t229 < _t261) {
						goto L60;
					}
					goto L18;
					L6:
					_t229 = E01312B6B(_t270, _v16);
					if(_t229 < _t261) {
						goto L60;
					}
					if(_a12 == _t261) {
						goto L16;
					}
					_a12 = _t261;
					_a16 = _t261;
					_a20 = _t261;
					if(E01312B1C(_t270, 0x5c) != 0) {
						goto L85;
					}
					_t222 = E01313076(_t270);
					_t282 = _t222;
					if(_t222 != 0) {
						_a12 = _v0;
						_a16 = _t261;
						_a20 = _t261;
						E013124D9( &_a12, _t259, _t282, _t270);
						_a8 = _t261;
						_a12 = _t261;
						_a16 = _t261;
					}
					if(_a4 == _t261) {
						_a16 = _t261;
						goto L16;
					} else {
						_t229 = E01312B6B(_t270, _v16);
						if(_t229 < _t261) {
							goto L60;
						}
						_t229 = E013130DA(_t229, _v16, _t259, _t270);
						if(_t229 < 0) {
							goto L60;
						}
						_a16 = _a16 & 0x00000000;
						goto L77;
					}
				}
			}








































                                                                                                                                                                                                                                0x01313560
                                                                                                                                                                                                                                0x01313563
                                                                                                                                                                                                                                0x01313566
                                                                                                                                                                                                                                0x01313568
                                                                                                                                                                                                                                0x01313573
                                                                                                                                                                                                                                0x01313574
                                                                                                                                                                                                                                0x0131357a
                                                                                                                                                                                                                                0x0131357f
                                                                                                                                                                                                                                0x01313586
                                                                                                                                                                                                                                0x01313590
                                                                                                                                                                                                                                0x01313597
                                                                                                                                                                                                                                0x0131359f
                                                                                                                                                                                                                                0x013135a8
                                                                                                                                                                                                                                0x013135ab
                                                                                                                                                                                                                                0x013135ad
                                                                                                                                                                                                                                0x013135b1
                                                                                                                                                                                                                                0x013135b5
                                                                                                                                                                                                                                0x013135b9
                                                                                                                                                                                                                                0x013135bd
                                                                                                                                                                                                                                0x013135c4
                                                                                                                                                                                                                                0x013135ca
                                                                                                                                                                                                                                0x013135d6
                                                                                                                                                                                                                                0x013135da
                                                                                                                                                                                                                                0x013139a9
                                                                                                                                                                                                                                0x013139b0
                                                                                                                                                                                                                                0x013139b8
                                                                                                                                                                                                                                0x013139b9
                                                                                                                                                                                                                                0x013139ba
                                                                                                                                                                                                                                0x013139cc
                                                                                                                                                                                                                                0x013139cc
                                                                                                                                                                                                                                0x013135e4
                                                                                                                                                                                                                                0x013139a7
                                                                                                                                                                                                                                0x013139a7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013135ea
                                                                                                                                                                                                                                0x013135ea
                                                                                                                                                                                                                                0x013136cd
                                                                                                                                                                                                                                0x013136d3
                                                                                                                                                                                                                                0x013136d9
                                                                                                                                                                                                                                0x013136db
                                                                                                                                                                                                                                0x013136f6
                                                                                                                                                                                                                                0x013136fc
                                                                                                                                                                                                                                0x01313702
                                                                                                                                                                                                                                0x01313704
                                                                                                                                                                                                                                0x01313822
                                                                                                                                                                                                                                0x01313827
                                                                                                                                                                                                                                0x01313828
                                                                                                                                                                                                                                0x0131382a
                                                                                                                                                                                                                                0x01313ae5
                                                                                                                                                                                                                                0x01313ae5
                                                                                                                                                                                                                                0x01313ae9
                                                                                                                                                                                                                                0x01313aef
                                                                                                                                                                                                                                0x01313aef
                                                                                                                                                                                                                                0x01313af5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313af5
                                                                                                                                                                                                                                0x01313830
                                                                                                                                                                                                                                0x01313833
                                                                                                                                                                                                                                0x013138b1
                                                                                                                                                                                                                                0x013138b4
                                                                                                                                                                                                                                0x013138d1
                                                                                                                                                                                                                                0x013138b6
                                                                                                                                                                                                                                0x013138c9
                                                                                                                                                                                                                                0x013138cd
                                                                                                                                                                                                                                0x013138cd
                                                                                                                                                                                                                                0x013138d9
                                                                                                                                                                                                                                0x013138dd
                                                                                                                                                                                                                                0x013138df
                                                                                                                                                                                                                                0x013138df
                                                                                                                                                                                                                                0x013138f9
                                                                                                                                                                                                                                0x01313902
                                                                                                                                                                                                                                0x0131390c
                                                                                                                                                                                                                                0x0131390e
                                                                                                                                                                                                                                0x01313910
                                                                                                                                                                                                                                0x01313996
                                                                                                                                                                                                                                0x01313996
                                                                                                                                                                                                                                0x0131399b
                                                                                                                                                                                                                                0x0131399b
                                                                                                                                                                                                                                0x013139a1
                                                                                                                                                                                                                                0x013139a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313916
                                                                                                                                                                                                                                0x01313916
                                                                                                                                                                                                                                0x01313921
                                                                                                                                                                                                                                0x01313923
                                                                                                                                                                                                                                0x01313925
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313927
                                                                                                                                                                                                                                0x0131392b
                                                                                                                                                                                                                                0x01313969
                                                                                                                                                                                                                                0x01313969
                                                                                                                                                                                                                                0x01313972
                                                                                                                                                                                                                                0x01313975
                                                                                                                                                                                                                                0x01313ad6
                                                                                                                                                                                                                                0x01313ada
                                                                                                                                                                                                                                0x013135ec
                                                                                                                                                                                                                                0x013135ec
                                                                                                                                                                                                                                0x013135ee
                                                                                                                                                                                                                                0x013135f4
                                                                                                                                                                                                                                0x013135fc
                                                                                                                                                                                                                                0x01313604
                                                                                                                                                                                                                                0x0131360b
                                                                                                                                                                                                                                0x0131360d
                                                                                                                                                                                                                                0x01313619
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313619
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313ae0
                                                                                                                                                                                                                                0x0131397b
                                                                                                                                                                                                                                0x01313981
                                                                                                                                                                                                                                0x01313983
                                                                                                                                                                                                                                0x013139cf
                                                                                                                                                                                                                                0x013139d3
                                                                                                                                                                                                                                0x01313a11
                                                                                                                                                                                                                                0x01313a1a
                                                                                                                                                                                                                                0x01313a1e
                                                                                                                                                                                                                                0x01313a20
                                                                                                                                                                                                                                0x01313a24
                                                                                                                                                                                                                                0x01313a2a
                                                                                                                                                                                                                                0x01313a30
                                                                                                                                                                                                                                0x01313a30
                                                                                                                                                                                                                                0x01313a34
                                                                                                                                                                                                                                0x01313a38
                                                                                                                                                                                                                                0x01313a3a
                                                                                                                                                                                                                                0x01313b47
                                                                                                                                                                                                                                0x01313b4c
                                                                                                                                                                                                                                0x01313b50
                                                                                                                                                                                                                                0x01313b50
                                                                                                                                                                                                                                0x01313b52
                                                                                                                                                                                                                                0x01313b58
                                                                                                                                                                                                                                0x01313b58
                                                                                                                                                                                                                                0x01313b5e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313a40
                                                                                                                                                                                                                                0x01313a40
                                                                                                                                                                                                                                0x01313a44
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313a4a
                                                                                                                                                                                                                                0x01313a4e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313a58
                                                                                                                                                                                                                                0x01313a5c
                                                                                                                                                                                                                                0x01313a60
                                                                                                                                                                                                                                0x01313a6d
                                                                                                                                                                                                                                0x01313a74
                                                                                                                                                                                                                                0x01313a78
                                                                                                                                                                                                                                0x01313a7c
                                                                                                                                                                                                                                0x01313a80
                                                                                                                                                                                                                                0x01313a82
                                                                                                                                                                                                                                0x0131398f
                                                                                                                                                                                                                                0x01313994
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313994
                                                                                                                                                                                                                                0x01313a88
                                                                                                                                                                                                                                0x01313a88
                                                                                                                                                                                                                                0x01313a88
                                                                                                                                                                                                                                0x01313a8c
                                                                                                                                                                                                                                0x01313a8c
                                                                                                                                                                                                                                0x01313a8e
                                                                                                                                                                                                                                0x01313a91
                                                                                                                                                                                                                                0x01313ab7
                                                                                                                                                                                                                                0x01313abb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313acc
                                                                                                                                                                                                                                0x01313ad0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313ad0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313a91
                                                                                                                                                                                                                                0x01313a3a
                                                                                                                                                                                                                                0x013139d9
                                                                                                                                                                                                                                0x013139de
                                                                                                                                                                                                                                0x013139e0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013139e7
                                                                                                                                                                                                                                0x013139ec
                                                                                                                                                                                                                                0x013139ee
                                                                                                                                                                                                                                0x013139f4
                                                                                                                                                                                                                                0x013139f8
                                                                                                                                                                                                                                0x01313a07
                                                                                                                                                                                                                                0x01313a07
                                                                                                                                                                                                                                0x013139f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013139ee
                                                                                                                                                                                                                                0x01313985
                                                                                                                                                                                                                                0x01313989
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313989
                                                                                                                                                                                                                                0x0131392e
                                                                                                                                                                                                                                0x01313934
                                                                                                                                                                                                                                0x01313937
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131394c
                                                                                                                                                                                                                                0x0131394e
                                                                                                                                                                                                                                0x01313950
                                                                                                                                                                                                                                0x01313958
                                                                                                                                                                                                                                0x01313958
                                                                                                                                                                                                                                0x01313963
                                                                                                                                                                                                                                0x01313965
                                                                                                                                                                                                                                0x01313967
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313967
                                                                                                                                                                                                                                0x01313952
                                                                                                                                                                                                                                0x01313956
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313956
                                                                                                                                                                                                                                0x01313910
                                                                                                                                                                                                                                0x0131383f
                                                                                                                                                                                                                                0x01313843
                                                                                                                                                                                                                                0x01313848
                                                                                                                                                                                                                                0x0131384a
                                                                                                                                                                                                                                0x01313873
                                                                                                                                                                                                                                0x0131387e
                                                                                                                                                                                                                                0x01313880
                                                                                                                                                                                                                                0x01313882
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313888
                                                                                                                                                                                                                                0x0131388c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313899
                                                                                                                                                                                                                                0x013138a2
                                                                                                                                                                                                                                0x013138a4
                                                                                                                                                                                                                                0x013138a6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013138ac
                                                                                                                                                                                                                                0x01313856
                                                                                                                                                                                                                                0x0131385b
                                                                                                                                                                                                                                0x0131385d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313866
                                                                                                                                                                                                                                0x0131386b
                                                                                                                                                                                                                                0x0131386d
                                                                                                                                                                                                                                0x01313b3b
                                                                                                                                                                                                                                0x01313b40
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313b40
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131386d
                                                                                                                                                                                                                                0x0131371a
                                                                                                                                                                                                                                0x0131371c
                                                                                                                                                                                                                                0x0131371e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313724
                                                                                                                                                                                                                                0x0131372f
                                                                                                                                                                                                                                0x01313731
                                                                                                                                                                                                                                0x01313733
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313739
                                                                                                                                                                                                                                0x0131373d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313743
                                                                                                                                                                                                                                0x01313746
                                                                                                                                                                                                                                0x0131379d
                                                                                                                                                                                                                                0x013137a0
                                                                                                                                                                                                                                0x01313804
                                                                                                                                                                                                                                0x0131380f
                                                                                                                                                                                                                                0x01313811
                                                                                                                                                                                                                                0x01313813
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313819
                                                                                                                                                                                                                                0x013137a2
                                                                                                                                                                                                                                0x013137a6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013137b2
                                                                                                                                                                                                                                0x013137b6
                                                                                                                                                                                                                                0x013137ba
                                                                                                                                                                                                                                0x013137be
                                                                                                                                                                                                                                0x013137c2
                                                                                                                                                                                                                                0x013137c7
                                                                                                                                                                                                                                0x013137c9
                                                                                                                                                                                                                                0x01313b1a
                                                                                                                                                                                                                                0x01313b1f
                                                                                                                                                                                                                                0x01313b24
                                                                                                                                                                                                                                0x01313b26
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313b2c
                                                                                                                                                                                                                                0x01313b30
                                                                                                                                                                                                                                0x01313b30
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313b30
                                                                                                                                                                                                                                0x013137cf
                                                                                                                                                                                                                                0x013137dc
                                                                                                                                                                                                                                0x013137e2
                                                                                                                                                                                                                                0x013137e4
                                                                                                                                                                                                                                0x013137ef
                                                                                                                                                                                                                                0x013137ef
                                                                                                                                                                                                                                0x013137f1
                                                                                                                                                                                                                                0x013137f4
                                                                                                                                                                                                                                0x013137fa
                                                                                                                                                                                                                                0x013137fa
                                                                                                                                                                                                                                0x013137fa
                                                                                                                                                                                                                                0x013137fa
                                                                                                                                                                                                                                0x013137ff
                                                                                                                                                                                                                                0x013137ff
                                                                                                                                                                                                                                0x013137ff
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013137ff
                                                                                                                                                                                                                                0x013137e6
                                                                                                                                                                                                                                0x013137e9
                                                                                                                                                                                                                                0x01313b0d
                                                                                                                                                                                                                                0x01313b0f
                                                                                                                                                                                                                                0x01313b11
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313b17
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313b17
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013137e9
                                                                                                                                                                                                                                0x01313750
                                                                                                                                                                                                                                0x01313758
                                                                                                                                                                                                                                0x01313765
                                                                                                                                                                                                                                0x01313769
                                                                                                                                                                                                                                0x0131376d
                                                                                                                                                                                                                                0x01313776
                                                                                                                                                                                                                                0x01313778
                                                                                                                                                                                                                                0x0131377c
                                                                                                                                                                                                                                0x01313780
                                                                                                                                                                                                                                0x01313784
                                                                                                                                                                                                                                0x01313786
                                                                                                                                                                                                                                0x01313aff
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313aff
                                                                                                                                                                                                                                0x0131378c
                                                                                                                                                                                                                                0x01313794
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313794
                                                                                                                                                                                                                                0x013136e3
                                                                                                                                                                                                                                0x013136ec
                                                                                                                                                                                                                                0x013136ee
                                                                                                                                                                                                                                0x013136f0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313623
                                                                                                                                                                                                                                0x0131362e
                                                                                                                                                                                                                                0x01313632
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131363b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313645
                                                                                                                                                                                                                                0x01313649
                                                                                                                                                                                                                                0x0131364d
                                                                                                                                                                                                                                0x01313659
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313660
                                                                                                                                                                                                                                0x01313665
                                                                                                                                                                                                                                0x01313667
                                                                                                                                                                                                                                0x01313672
                                                                                                                                                                                                                                0x01313676
                                                                                                                                                                                                                                0x0131367a
                                                                                                                                                                                                                                0x0131367e
                                                                                                                                                                                                                                0x01313683
                                                                                                                                                                                                                                0x01313687
                                                                                                                                                                                                                                0x0131368b
                                                                                                                                                                                                                                0x0131368b
                                                                                                                                                                                                                                0x01313693
                                                                                                                                                                                                                                0x013136c9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313695
                                                                                                                                                                                                                                0x013136a0
                                                                                                                                                                                                                                0x013136a4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013136b5
                                                                                                                                                                                                                                0x013136b9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013136bf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013136bf
                                                                                                                                                                                                                                0x01313693

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,Delete,B4B6CC09,00000000,?,00000000,?,?,0139238C,000000FF,?,0131353F,?,?,00000000,00000000), ref: 013135FC
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,ForceRemove,?,00000000,?,?,0139238C,000000FF,?,0131353F,?,?,00000000,00000000), ref: 01313611
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,NoRemove,?,00000000,?,?,0139238C,000000FF,?,0131353F,?,?,00000000,00000000), ref: 013136D3
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,Val,?,00000000,?,?,0139238C,000000FF,?,0131353F,?,?,00000000,00000000), ref: 013136FC
                                                                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(?,?,00000002,00000000), ref: 013137DC
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 013137F4
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,01312A43,?,?,?), ref: 0131392E
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,00000000,?,?,0139238C,000000FF,?,0131353F,?,?,00000000,00000000), ref: 013139A1
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?), ref: 01313A2A
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?), ref: 01313A9A
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000,?,?,0139238C,000000FF,?,0131353F,?,?,00000000,00000000), ref: 01313AEF
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,?,?,00000002,00000000), ref: 01313B30
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?), ref: 01313B58
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Close$lstrcmpi$lstrlen$DeleteValue
                                                                                                                                                                                                                                • String ID: Delete$ForceRemove$NoRemove$Val
                                                                                                                                                                                                                                • API String ID: 523517142-1781481701
                                                                                                                                                                                                                                • Opcode ID: 2449b98ba78ed81fed4800618299517f1ed30eb3d288e83b7ccf9afc4aa2311d
                                                                                                                                                                                                                                • Instruction ID: f12df44275e376f6e7b00b7186b6b575535f26b464dfc3fbc0864bf260317d11
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2449b98ba78ed81fed4800618299517f1ed30eb3d288e83b7ccf9afc4aa2311d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22F17E306087029BD729DF6DC88462FBBE5BFD8768F10092EF58592258EBB1C944CB53
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01320E3D, Relevance: 30.2, APIs: 20, Instructions: 177COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01320E47
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 01320E60
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 01320E74
                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 01320E82
                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 01320E8D
                                                                                                                                                                                                                                • FillRect.USER32 ref: 01320E99
                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 01320EA3
                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 01320EBF
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 01320ECC
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 01320EE0
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?,00000001,00000000,?,?), ref: 01320F66
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 01320F77
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01320FD4
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 01320FEC
                                                                                                                                                                                                                                • MoveWindow.USER32(?,00000000,00000002,0000000D,0000000D,00000001,?,?,?,?,?,0000000F,00000000), ref: 01320FFE
                                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000001), ref: 0132100D
                                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000001), ref: 0132102E
                                                                                                                                                                                                                                • GetWindowTextW.USER32 ref: 0132103C
                                                                                                                                                                                                                                • DrawTextW.USER32 ref: 01321054
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 01321073
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ObjectTextWindow$Rect$ColorCreateDeleteLength$BrushClientDrawFillFontH_prolog3_IndirectInfoModeMoveParametersSelectSolidSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3477234795-0
                                                                                                                                                                                                                                • Opcode ID: ad6675cf104e441052a336c2372f7f9008cf892ede67df9f670a10a2f381b77d
                                                                                                                                                                                                                                • Instruction ID: ca60d5e5e4e3daf5fad196047ad6a6357ef3adfc06655e34b5b1e4e5af04df27
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad6675cf104e441052a336c2372f7f9008cf892ede67df9f670a10a2f381b77d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3616E7184112ABFDF269BA4CD49EADBB7DFF05304F0041A9F619A2191C7329E94DF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01320B74, Relevance: 28.7, APIs: 19, Instructions: 200COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01320B7E
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 01320B98
                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 01320BA7
                                                                                                                                                                                                                                  • Part of subcall function 01320689: CreateFontW.GDI32(?,00000000,?,?,?,00000000,?,?,?,?,?,?,?,01320189,?,01320189), ref: 013206C5
                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 01320BB2
                                                                                                                                                                                                                                • FillRect.USER32 ref: 01320BBE
                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 01320BC8
                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 01320BE5
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 01320BF2
                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 01320C0A
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 01320C10
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?,00000001,00000000,?,?), ref: 01320C9A
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 01320CAB
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01320D0A
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 01320D1E
                                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000001), ref: 01320D2D
                                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000001), ref: 01320D4A
                                                                                                                                                                                                                                • GetWindowTextW.USER32 ref: 01320D52
                                                                                                                                                                                                                                • DrawTextW.USER32 ref: 01320DAE
                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 01320DDD
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Object$Text$CreateWindow$ColorDeleteFontLengthRectSelect$BrushClientDrawFillH_prolog3_IndirectInfoModeParametersSolidSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3503674268-0
                                                                                                                                                                                                                                • Opcode ID: 2d02b86cfa6bafbbb007335272b2a98d720c0c58478b191733d2c1c895d07762
                                                                                                                                                                                                                                • Instruction ID: 5f0e739df21d2551c8ffc42d70c65af3900ea694acafda8c030ffe93a2a17533
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d02b86cfa6bafbbb007335272b2a98d720c0c58478b191733d2c1c895d07762
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94718E71801229AFEF269BA4CC49FEDBB7DFF09314F040199F209A6191C775AA98CF51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01324EDF, Relevance: 28.4, APIs: 9, Strings: 7, Instructions: 379COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001C,00000000,B4B6CC09,?,?,?,?,013956AB,000000FF), ref: 01324F2A
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0132761B: _wcslen.LIBCMT ref: 01327627
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0132503F
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                  • Part of subcall function 0131D888: _strlen.LIBCMT ref: 0131D894
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 01311524: _memmove.LIBCMT ref: 01311544
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 013250C8
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 013252EB
                                                                                                                                                                                                                                  • Part of subcall function 0132061F: _strlen.LIBCMT ref: 01320626
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 013251DA
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01325324
                                                                                                                                                                                                                                  • Part of subcall function 0131A79E: _memmove.LIBCMT ref: 0131A7C2
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01325374
                                                                                                                                                                                                                                  • Part of subcall function 01320766: _memcmp.LIBCMT ref: 0132078A
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 013253A0
                                                                                                                                                                                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 01325431
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _strlen$_memmove_setlocale$H_prolog3_Ios_base_dtor_memset_wcslenstd::ios_base::_$CurrentFolderLocalPathProcessSpecialTime__cftoe_memcmpswprintf
                                                                                                                                                                                                                                • String ID: "browser_action":$"settings":$"state": 0$"state": 1$CheckToolbarOfChrome():$CheckToolbarOfChrome():out.fail() return true.$\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                                                                                • API String ID: 3292182871-2033783441
                                                                                                                                                                                                                                • Opcode ID: e92d0f5a10db492949a4c13358674ecc69504e8976e4ea7daca651952f3bfaef
                                                                                                                                                                                                                                • Instruction ID: 527393d094cfb8e66ce0a60a305a46b33af4e9d8c921ba8ccfe91c2503cda0fc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e92d0f5a10db492949a4c13358674ecc69504e8976e4ea7daca651952f3bfaef
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4E17E71A0026D9AFB25EB58CC40FEEBBB8AB1631CF1442D9E50A63581DB745F84CF52
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131800E, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 110registrywindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(013C1788,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 0131801F
                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(WM_ATLGETHOST,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 01318030
                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(WM_ATLGETCONTROL,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 0131803C
                                                                                                                                                                                                                                • GetClassInfoExW.USER32 ref: 0131805B
                                                                                                                                                                                                                                • LoadCursorW.USER32 ref: 01318096
                                                                                                                                                                                                                                • RegisterClassExW.USER32 ref: 013180B9
                                                                                                                                                                                                                                  • Part of subcall function 0131950F: __recalloc.LIBCMT ref: 0131954D
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 013180E7
                                                                                                                                                                                                                                • GetClassInfoExW.USER32 ref: 01318104
                                                                                                                                                                                                                                • LoadCursorW.USER32 ref: 01318145
                                                                                                                                                                                                                                • RegisterClassExW.USER32 ref: 01318168
                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(013C1788,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 0131819B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ClassRegister$CriticalCursorInfoLoadMessageSectionWindow$EnterLeave__recalloc_memset
                                                                                                                                                                                                                                • String ID: AtlAxWin100$AtlAxWinLic100$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                                                                                                                                                • API String ID: 2252124385-1587594278
                                                                                                                                                                                                                                • Opcode ID: b21fdf1262e7682d50d0b03a0b6bf62aaf4bfadd8d3e80daa39121f687e7937e
                                                                                                                                                                                                                                • Instruction ID: b530d2d30b5bc8918b7c18087f824ec51d0ebb3a944ad14a1b8f506c015ab204
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b21fdf1262e7682d50d0b03a0b6bf62aaf4bfadd8d3e80daa39121f687e7937e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD4126B1908310AFC311DF1AD88496BFBE8FB88758F40991EF599A2204D3759909CF96
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134A2F3, Relevance: 25.7, APIs: 17, Instructions: 194COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0134A323
                                                                                                                                                                                                                                • MoveWindow.USER32(?,00000000,00000000,?,?,00000001,?,00000001,?), ref: 0134A340
                                                                                                                                                                                                                                  • Part of subcall function 0131F26E: GetWindowLongW.USER32 ref: 0131F290
                                                                                                                                                                                                                                  • Part of subcall function 0131F26E: GetParent.USER32 ref: 0131F2A6
                                                                                                                                                                                                                                  • Part of subcall function 0131F26E: GetWindowRect.USER32 ref: 0131F2BD
                                                                                                                                                                                                                                  • Part of subcall function 0131F26E: GetWindowLongW.USER32 ref: 0131F2D8
                                                                                                                                                                                                                                  • Part of subcall function 0131F26E: MonitorFromWindow.USER32(?,00000002), ref: 0131F2FD
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0134A34F
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0134A358
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0134A365
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0134A375
                                                                                                                                                                                                                                • EnableWindow.USER32(00000000,?), ref: 0134A38A
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0134A397
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0134A3A0
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0134A3A9
                                                                                                                                                                                                                                • MoveWindow.USER32(?,00000028,0000005A,?,?,00000001,?,00000001,?), ref: 0134A3E4
                                                                                                                                                                                                                                • MoveWindow.USER32(?,00000028,00000078,?,?,00000001,?,00000001,?), ref: 0134A3FF
                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,000000A0,0000004B,00000017,00000001,?,00000001,?), ref: 0134A419
                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 0134A430
                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 0134A4DC
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0134A4F3
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,00000068,?,?,013A0D00,50000000,00000020,00000000,?), ref: 0134A506
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Rect$Move$Item$InvalidateLong$EnableFromMonitorParentText
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3060590528-0
                                                                                                                                                                                                                                • Opcode ID: 631d1c97b61a58f5d4598fbac8f4033d67e60eba5a99fe991a3d42ce13d06d1c
                                                                                                                                                                                                                                • Instruction ID: a4c26fb0ba42bba48bfd827b6c774ced795ee2982ddeeed750fb90ca79bb4b14
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 631d1c97b61a58f5d4598fbac8f4033d67e60eba5a99fe991a3d42ce13d06d1c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20611C71A40219AFEF11DFA8CC85FAEBBB9FF08714F104125E605BB294DB71A845CB64
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01315BD2, Relevance: 25.6, APIs: 17, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • BeginPaint.USER32(?,?,00000001,?), ref: 01315BF5
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 01315C0D
                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 01315C19
                                                                                                                                                                                                                                • FillRect.USER32 ref: 01315C2D
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 01315C34
                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 01315C41
                                                                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 01315C63
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 01315C7D
                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,01315406), ref: 01315C92
                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 01315CA0
                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 01315CB0
                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 01315CC3
                                                                                                                                                                                                                                • FillRect.USER32 ref: 01315CD6
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 01315CDF
                                                                                                                                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 01315D13
                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 01315D1D
                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 01315D24
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateObjectRect$DeletePaint$BeginBrushClientCompatibleFillSelectSolid$Bitmap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2927874120-0
                                                                                                                                                                                                                                • Opcode ID: 8d3404d3414b9a343dee569d04ef90c7b6b04106ad6f1a35392349287548cc99
                                                                                                                                                                                                                                • Instruction ID: 470c2808a87c20ff658c6138d676f99eabb4e27132941cf105e78d1439e8b8ba
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d3404d3414b9a343dee569d04ef90c7b6b04106ad6f1a35392349287548cc99
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3413971900209AFDB219FB4DC8DDAEBFBDFB89705F105918F61AE6218D7329805CB20
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131F26E, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 0131F290
                                                                                                                                                                                                                                • GetParent.USER32 ref: 0131F2A6
                                                                                                                                                                                                                                • GetWindow.USER32(?,00000004), ref: 0131F2AE
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0131F2BD
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 0131F2D8
                                                                                                                                                                                                                                • MonitorFromWindow.USER32(?,00000002), ref: 0131F2FD
                                                                                                                                                                                                                                • GetMonitorInfoW.USER32 ref: 0131F31A
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0131F347
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,000000FF,000000FF,00000015,?,?,?,?,00000004,?,000000F0), ref: 0131F3EE
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$LongMonitorRect$FromInfoParent
                                                                                                                                                                                                                                • String ID: (
                                                                                                                                                                                                                                • API String ID: 1468510684-3887548279
                                                                                                                                                                                                                                • Opcode ID: a8d34e3fb8bbfb31c067060e7e1b7a26b5d35e795ce496d2a8d42094109ca444
                                                                                                                                                                                                                                • Instruction ID: ad185e0bfeaad7eff3be62f519fe55115510f39b3837a6701360e72bcb2d49d0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8d34e3fb8bbfb31c067060e7e1b7a26b5d35e795ce496d2a8d42094109ca444
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55511835A00219DFDB25CFA8CD48AEDBBBAFF48318F140625E905B7298D771AD09CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131FFEF, Relevance: 24.1, APIs: 16, Instructions: 145COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0131FFF9
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 01320014
                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 01320026
                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 01320031
                                                                                                                                                                                                                                • FillRect.USER32 ref: 0132003D
                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 01320047
                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 01320063
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 01320070
                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 01320082
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 0132008C
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?,00000001,00000000,?,?), ref: 0132011E
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 0132012F
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01320195
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 013201A9
                                                                                                                                                                                                                                • DrawTextW.USER32 ref: 013201CF
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 013201E3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Object$ColorCreateDeleteRectSelectText$BrushClientDrawFillFontH_prolog3_IndirectInfoModeParametersSolidSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 266841132-0
                                                                                                                                                                                                                                • Opcode ID: 6964833fd8e22bc50e4ec1431b366192206d1010a08e0ee9ee3e068f8140b10f
                                                                                                                                                                                                                                • Instruction ID: fd4321d944cb4c855fa187e8c41256061e1f9827340f76a5633962e53c9b6be4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6964833fd8e22bc50e4ec1431b366192206d1010a08e0ee9ee3e068f8140b10f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E513A7184016AEFEF25ABA4CC48EADBB79FF09304F1002A5F619A2151C7769E94DF60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0137B915, Relevance: 24.1, APIs: 16, Instructions: 95COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 0137B92E
                                                                                                                                                                                                                                  • Part of subcall function 0137C651: Sleep.KERNEL32(00000000,?,01381389,00000001,00000214,?,01357857,HandleEvents returning %s further.,continue), ref: 0137C679
                                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 0137B952
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0137B960
                                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 0137B96E
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0137B97E
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0137B984
                                                                                                                                                                                                                                • __copytlocinfo_nolock.LIBCMT ref: 0137B993
                                                                                                                                                                                                                                • __setlocale_nolock.LIBCMT ref: 0137B9A0
                                                                                                                                                                                                                                • ___removelocaleref.LIBCMT ref: 0137B9AC
                                                                                                                                                                                                                                • ___freetlocinfo.LIBCMT ref: 0137B9B3
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0137B9B9
                                                                                                                                                                                                                                • __setmbcp_nolock.LIBCMT ref: 0137B9CB
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0137B9D9
                                                                                                                                                                                                                                • ___removelocaleref.LIBCMT ref: 0137B9E0
                                                                                                                                                                                                                                • ___freetlocinfo.LIBCMT ref: 0137B9E7
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0137B9ED
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref$Sleep__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 888903860-0
                                                                                                                                                                                                                                • Opcode ID: 4e8e0ec23b24ae4a1d6a417119a92efb2bab70aaa5cc2f778df0f55d6959d764
                                                                                                                                                                                                                                • Instruction ID: e26290dad5f05cb7529e15b4d88ea3788863d4d7fa1448de258ffec344b19290
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e8e0ec23b24ae4a1d6a417119a92efb2bab70aaa5cc2f778df0f55d6959d764
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2521C435204603EFEB367F2DEC45A1AFBF4DF5276DB204019E49496165EE39D801C691
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01357579, Relevance: 21.2, APIs: 2, Strings: 10, Instructions: 233COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01357583
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 01357688
                                                                                                                                                                                                                                  • Part of subcall function 01327581: _vwprintf.LIBCMT ref: 0132759F
                                                                                                                                                                                                                                  • Part of subcall function 01327581: _vswprintf_s.LIBCMT ref: 013275C3
                                                                                                                                                                                                                                  • Part of subcall function 01327449: _memcpy_s.LIBCMT ref: 01327498
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0134BC6C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_$CurrentErrorIos_base_dtorLastLocalProcessTime_memcpy_s_memset_strlen_vswprintf_s_vwprintfstd::ios_base::_swprintf
                                                                                                                                                                                                                                • String ID: HandleEvents returning %s further.$HandleEvents returning abort. LastError %d$HandleEvents. EventID %d$Handling pip_local_error$Handling pip_ui_ready_local$Handling pip_ui_ready_remote$Handling remote exit event$Handling remote process exited.$abort$continue
                                                                                                                                                                                                                                • API String ID: 1041530440-470094772
                                                                                                                                                                                                                                • Opcode ID: 0d587639536aa9dd894ea9d0fe8c166dc23c1c4c23b562ccab5bc1936695b197
                                                                                                                                                                                                                                • Instruction ID: fe98bd63ce64ad7be0f7513e905eec96ebbcf76bb8d374ad6a3d28fff2d0ba51
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d587639536aa9dd894ea9d0fe8c166dc23c1c4c23b562ccab5bc1936695b197
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A91B171D04259DFEB64EB6CC891FEDBF78BF11208F848089D849A7284DE705A88DB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01327C1B, Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 121COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _strlen$H_prolog3_
                                                                                                                                                                                                                                • String ID: GeneralParameters$LanguageParameters$OwnerInformation$langid$params$stringtable
                                                                                                                                                                                                                                • API String ID: 2786647812-67934747
                                                                                                                                                                                                                                • Opcode ID: 66b4bbb5f11d138f84cab2a11c0fde4a9dd441b468fe4ad2a82744d0e481de2b
                                                                                                                                                                                                                                • Instruction ID: 5c6169be9ee3ffaee24316c819c018f0d499c0abd7e3d4017868d68a13f78d9a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66b4bbb5f11d138f84cab2a11c0fde4a9dd441b468fe4ad2a82744d0e481de2b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15414C32A003179BCF29FB7D99806AEB3F4BF7425CB604429E546D7255EB74E9098B10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01316A8D, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 114comCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 01316AD4
                                                                                                                                                                                                                                • GetStockObject.GDI32(0000000D), ref: 01316ADC
                                                                                                                                                                                                                                • GetObjectW.GDI32(00000000,0000005C,?), ref: 01316AED
                                                                                                                                                                                                                                • GetDC.USER32 ref: 01316B42
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01316B51
                                                                                                                                                                                                                                • ReleaseDC.USER32 ref: 01316B8C
                                                                                                                                                                                                                                • OleCreateFontIndirect.OLEAUT32(00000020,013A1964,?), ref: 01316BB6
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Object$Stock$CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2212500748-3916222277
                                                                                                                                                                                                                                • Opcode ID: ccd6b31294c82f32fb7cb7452ddc1179e294a8d6165d05e4ac1671289ba9cfbd
                                                                                                                                                                                                                                • Instruction ID: 8e5de143d7d69f2e029a3b911b21794dab8154a8404f2823f210e4d3e0fd8e8f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ccd6b31294c82f32fb7cb7452ddc1179e294a8d6165d05e4ac1671289ba9cfbd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32412BB5A003199FDB25DFBAC845BAEBBF8BF09305F108059E945EB245EB759900CF60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01323F5D, Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 248COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01323F67
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001C,00000000,013A0D00,00000398,0131F108,?), ref: 01323FA6
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 01323FB0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFolderH_prolog3_LastPathSpecial_wcslen
                                                                                                                                                                                                                                • String ID: "search_url": "$GetChromeIncumbentDSProvider in $\Google\Chrome\User Data\Default\Preferences$google:baseURL$www.google.com
                                                                                                                                                                                                                                • API String ID: 1572872009-3680679511
                                                                                                                                                                                                                                • Opcode ID: cf7dcfaa50c1ed4941e4b079f1e41fa6410420e56bad42f42f1803029a2de636
                                                                                                                                                                                                                                • Instruction ID: 79a5c157e568a1e1f2243291a8c959ebba82c4499d37dee62fff654dcb2ebe56
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf7dcfaa50c1ed4941e4b079f1e41fa6410420e56bad42f42f1803029a2de636
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B91937190126ADEDF25FB68CD98BEEB7BCAF25208F0041D9E509A3144DA745F88CF61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131D71A, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 124registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(013C1788,00000000,?,?), ref: 0131D744
                                                                                                                                                                                                                                • GetClassInfoExW.USER32 ref: 0131D77E
                                                                                                                                                                                                                                • GetClassInfoExW.USER32 ref: 0131D793
                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(013C1788), ref: 0131D79A
                                                                                                                                                                                                                                • LoadCursorW.USER32(?,?), ref: 0131D7DD
                                                                                                                                                                                                                                • swprintf.LIBCMT ref: 0131D807
                                                                                                                                                                                                                                • GetClassInfoExW.USER32 ref: 0131D82A
                                                                                                                                                                                                                                • RegisterClassExW.USER32 ref: 0131D83A
                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(013C1788), ref: 0131D86A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Class$CriticalInfoSection$Leave$CursorEnterLoadRegisterswprintf
                                                                                                                                                                                                                                • String ID: 0$ATL:%p
                                                                                                                                                                                                                                • API String ID: 1053483253-2453800769
                                                                                                                                                                                                                                • Opcode ID: 77c1b22551b9fd5e20234938027cceafff38be1087f98f4de31e791dcfdb17f8
                                                                                                                                                                                                                                • Instruction ID: 0e309d7f982eea4c961a7cbf62fbfede07ffe117a047e36c0a46d01511306442
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77c1b22551b9fd5e20234938027cceafff38be1087f98f4de31e791dcfdb17f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25419BB6500311DFCB29DFA8C8C496A7BA8FF48764F405559FD089B24AE731E844CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135C6CB, Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 73COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135C6D2
                                                                                                                                                                                                                                  • Part of subcall function 0132618B: _wcslen.LIBCMT ref: 01326196
                                                                                                                                                                                                                                  • Part of subcall function 01327839: _wcslen.LIBCMT ref: 01327841
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen$H_prolog3_
                                                                                                                                                                                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKUS
                                                                                                                                                                                                                                • API String ID: 2000020936-1451923704
                                                                                                                                                                                                                                • Opcode ID: 889a42d2f2de439f1f845676201455c4e6eb13a4ffa39ff002917789c16ad862
                                                                                                                                                                                                                                • Instruction ID: e787c5f8be1c3606cb6f8cbcb335e8c4f1cac5464a5bcb9aa6b8338f8c695f5d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 889a42d2f2de439f1f845676201455c4e6eb13a4ffa39ff002917789c16ad862
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 142115B82403579DFFA47AAE4D42F7939ACDF64E1CF641019ED54A5680DBE4D400C6E3
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01363BB1, Relevance: 18.1, APIs: 12, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ____lc_handle_func.LIBCMT ref: 01363BE5
                                                                                                                                                                                                                                • ____lc_codepage_func.LIBCMT ref: 01363BED
                                                                                                                                                                                                                                • __GetLocaleForCP.LIBCPMT ref: 01363C15
                                                                                                                                                                                                                                • ____mb_cur_max_l_func.LIBCMT ref: 01363C2B
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000002,?,00000000,00000001,00000001,00000000,?,0131468F,00000000,00000000,00000001,00000000), ref: 01363C4A
                                                                                                                                                                                                                                • ____mb_cur_max_l_func.LIBCMT ref: 01363C58
                                                                                                                                                                                                                                • ___pctype_func.LIBCMT ref: 01363C7D
                                                                                                                                                                                                                                • ____mb_cur_max_l_func.LIBCMT ref: 01363CA3
                                                                                                                                                                                                                                • ____mb_cur_max_l_func.LIBCMT ref: 01363CBB
                                                                                                                                                                                                                                • ____mb_cur_max_l_func.LIBCMT ref: 01363CD3
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,?,00000000,00000001,00000001,00000000,?,0131468F,00000000,00000000,00000001,00000000), ref: 01363CE0
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000001,?,00000000,00000001,00000001,00000000,?,0131468F,00000000,00000000,00000001,00000000), ref: 01363D11
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ____mb_cur_max_l_func$ByteCharMultiWide$Locale____lc_codepage_func____lc_handle_func___pctype_func
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3819326198-0
                                                                                                                                                                                                                                • Opcode ID: 56fe75a831f923811ff56741f46e07b28f6759f52f1afca158b3e6f1aba815ac
                                                                                                                                                                                                                                • Instruction ID: e8df5ff88414886b831fe6fd6ccaff1e1e080ea60789ffcb161e3f1ea62bd698
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56fe75a831f923811ff56741f46e07b28f6759f52f1afca158b3e6f1aba815ac
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B941B331204246AEEF215F3ACC84B7A7BACBF01769F14C52AF859CB199E734C590DB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134BA76, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 148timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                • swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0134BC6C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentH_prolog3_Ios_base_dtorLocalProcessTime_memsetstd::ios_base::_swprintf
                                                                                                                                                                                                                                • String ID: %s %d %2d/%02d/%04d %02d:%02d:%02d.%03d$APNLog.txt$Local$Remote
                                                                                                                                                                                                                                • API String ID: 3432463907-497205089
                                                                                                                                                                                                                                • Opcode ID: e1c3cf27f093e2917de296cbe6fa3a9414d0e8be6d8b85c947a2b694b1342883
                                                                                                                                                                                                                                • Instruction ID: f78bd0ec6024ca2f9ec77d391017356ad5d597bf63f523b15c3995e15f1fef28
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1c3cf27f093e2917de296cbe6fa3a9414d0e8be6d8b85c947a2b694b1342883
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 755143F1800119AEDB24DB58CD90BEEB7BCEB18309F4440DDE609A2145DB75AF89CF65
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135D59C, Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 294COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135D5A6
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                • LoadStringW.USER32(00000071,?,00000100,000003F8), ref: 0135D622
                                                                                                                                                                                                                                • LoadStringW.USER32(00000076,?,00000100), ref: 0135D651
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                • LoadStringW.USER32(00000077,?,00000100,?), ref: 0135D679
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                  • Part of subcall function 0135D119: __EH_prolog3_GS.LIBCMT ref: 0135D123
                                                                                                                                                                                                                                  • Part of subcall function 0135D119: InternetGetCookieW.WININET(00000000), ref: 0135D1E2
                                                                                                                                                                                                                                  • Part of subcall function 0135D119: GetLastError.KERNEL32(00000001,00000000,00000001,00000000), ref: 0135D219
                                                                                                                                                                                                                                  • Part of subcall function 0135D119: GetLastError.KERNEL32 ref: 0135D21B
                                                                                                                                                                                                                                  • Part of subcall function 01311524: _memmove.LIBCMT ref: 01311544
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000001,00000000,00000001,00000000,?), ref: 0135D6FD
                                                                                                                                                                                                                                  • Part of subcall function 01319BC7: _wcslen.LIBCMT ref: 01319BD0
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 0135D76D
                                                                                                                                                                                                                                  • Part of subcall function 01320766: _memcmp.LIBCMT ref: 0132078A
                                                                                                                                                                                                                                  • Part of subcall function 0135BED6: __EH_prolog3_GS.LIBCMT ref: 0135BEDD
                                                                                                                                                                                                                                  • Part of subcall function 0135BED6: MultiByteToWideChar.KERNEL32(0135D1A8,00000000,?,00000000,00000000,00000000,00000028,0135D1A8,?), ref: 0135BF0C
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 0135D86B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_$LoadString_setlocale_strlen$ErrorLast_memset_wcslen$ByteCharCookieCurrentFileInternetLocalModuleMultiNameProcessTimeWide__cftoe_memcmp_memmoveswprintf
                                                                                                                                                                                                                                • String ID: ERROR$GetPartnerID()...
                                                                                                                                                                                                                                • API String ID: 2242571165-3027112791
                                                                                                                                                                                                                                • Opcode ID: 29302c6f7b2ae1bd297fb4f1a1b88d8af8955c89e82a9e18e0ceba3bc6280adf
                                                                                                                                                                                                                                • Instruction ID: 02cde59f4e5e2c6961d328d471de3714a601982744b4e2644e559a0ef017c72d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29302c6f7b2ae1bd297fb4f1a1b88d8af8955c89e82a9e18e0ceba3bc6280adf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FB19571901269ABDB29EB68CD90FEEBB7CEF65718F0001D9F509A3184DA701F85CB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135F16F, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: invalid string position$string too long
                                                                                                                                                                                                                                • API String ID: 1771113911-4289949731
                                                                                                                                                                                                                                • Opcode ID: bd40bf1734aac68c06cf283b5c2aaf97366da4cc09f41a6f850979b7c3cb6edd
                                                                                                                                                                                                                                • Instruction ID: 85c0b1bcd190705a243331496fd41f5c85cc8e3a1ec61c0f153c5668b6ffac39
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd40bf1734aac68c06cf283b5c2aaf97366da4cc09f41a6f850979b7c3cb6edd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83518FB4610609DBCB68CF58D8C0C6AB7BEFF85B48724462DE942CB654DB30EA44CBD4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01361941, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 01361948
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 01361952
                                                                                                                                                                                                                                • int.LIBCPMT ref: 01361969
                                                                                                                                                                                                                                  • Part of subcall function 01314493: std::_Lockit::_Lockit.LIBCPMT ref: 013144A4
                                                                                                                                                                                                                                • codecvt.LIBCPMT ref: 0136198C
                                                                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 013619A0
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 013619AE
                                                                                                                                                                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 013619BE
                                                                                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 013619C4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowcodecvtstd::bad_exception::bad_exception
                                                                                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                                                                                • API String ID: 3288166080-3145022300
                                                                                                                                                                                                                                • Opcode ID: 67c5566dc48fee901dbea7810bb2212abddf03a4df7c7789879096ce0fb8efcd
                                                                                                                                                                                                                                • Instruction ID: 8cdc5bff030a4ec54cac8eca531b25b346fb278e1c13805b4b21b003576603d4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67c5566dc48fee901dbea7810bb2212abddf03a4df7c7789879096ce0fb8efcd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1301D63190011BDBCF19EBB8C8009EEB379BFA5728F154108D114771D4DF789A05CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131D9C3, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0131D9CA
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0131D9D4
                                                                                                                                                                                                                                • int.LIBCPMT ref: 0131D9EB
                                                                                                                                                                                                                                  • Part of subcall function 01314493: std::_Lockit::_Lockit.LIBCPMT ref: 013144A4
                                                                                                                                                                                                                                • codecvt.LIBCPMT ref: 0131DA0E
                                                                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 0131DA22
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 0131DA30
                                                                                                                                                                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 0131DA40
                                                                                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0131DA46
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowcodecvtstd::bad_exception::bad_exception
                                                                                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                                                                                • API String ID: 3288166080-3145022300
                                                                                                                                                                                                                                • Opcode ID: 5fa8f7a4ef6dddf91794eedab1608a2f19d01cb85a3dc66b9426b41e45df319e
                                                                                                                                                                                                                                • Instruction ID: 1bd5d77b24a738de89c188c99cc36219965f73c457c00e2c94324e6a4794718d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fa8f7a4ef6dddf91794eedab1608a2f19d01cb85a3dc66b9426b41e45df319e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F01C03290021F9BCF19EBA8C800AAEB739BF64B28F140118E114772D8DF78A905CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013618A4, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 013618AB
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 013618B5
                                                                                                                                                                                                                                • int.LIBCPMT ref: 013618CC
                                                                                                                                                                                                                                  • Part of subcall function 01314493: std::_Lockit::_Lockit.LIBCPMT ref: 013144A4
                                                                                                                                                                                                                                • codecvt.LIBCPMT ref: 013618EF
                                                                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 01361903
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 01361911
                                                                                                                                                                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 01361921
                                                                                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 01361927
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowcodecvtstd::bad_exception::bad_exception
                                                                                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                                                                                • API String ID: 3288166080-3145022300
                                                                                                                                                                                                                                • Opcode ID: b984289931826c14cb584fee77907be8690a112b9c82c953d4a6e6e226c51b43
                                                                                                                                                                                                                                • Instruction ID: f9cb945b79922b876a4db730d5070d9136787e21527f2b893e502f6d0c4472a8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b984289931826c14cb584fee77907be8690a112b9c82c953d4a6e6e226c51b43
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7501C431D0021BDBCF15EBA8D800AAEB779BFA4728F104108D110772D8DF389A05CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013274E4, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 013274EB
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 013274F5
                                                                                                                                                                                                                                • int.LIBCPMT ref: 0132750C
                                                                                                                                                                                                                                  • Part of subcall function 01314493: std::_Lockit::_Lockit.LIBCPMT ref: 013144A4
                                                                                                                                                                                                                                • ctype.LIBCPMT ref: 0132752F
                                                                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 01327543
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 01327551
                                                                                                                                                                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 01327561
                                                                                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 01327567
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowctypestd::bad_exception::bad_exception
                                                                                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                                                                                • API String ID: 3349589501-3145022300
                                                                                                                                                                                                                                • Opcode ID: 79fbf51b079c1e4d237328ae619bab7b1cf88649c08329ffc7134ff62428c348
                                                                                                                                                                                                                                • Instruction ID: 08b6145bf62989aeff0aa83b3584b353acc68a80e2f862d43aff3f3fdcc62080
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79fbf51b079c1e4d237328ae619bab7b1cf88649c08329ffc7134ff62428c348
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7701C03190022BDBCF19FBA8C840AAEB739BF65728FA40518D510772D4DF38AA059B60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132779C, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 013277A3
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 013277AD
                                                                                                                                                                                                                                • int.LIBCPMT ref: 013277C4
                                                                                                                                                                                                                                  • Part of subcall function 01314493: std::_Lockit::_Lockit.LIBCPMT ref: 013144A4
                                                                                                                                                                                                                                • messages.LIBCPMT ref: 013277E7
                                                                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 013277FB
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 01327809
                                                                                                                                                                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 01327819
                                                                                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0132781F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowmessagesstd::bad_exception::bad_exception
                                                                                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                                                                                • API String ID: 3217876713-3145022300
                                                                                                                                                                                                                                • Opcode ID: 3dfda23c9312f81fdcfdbd50f30224bd967ce8f63f803490a62e71df1b27e3ac
                                                                                                                                                                                                                                • Instruction ID: a1e742b4e4f7feb0e20edbe7a11c724bc97402b78c789299ea3bc4ca00ccdc71
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dfda23c9312f81fdcfdbd50f30224bd967ce8f63f803490a62e71df1b27e3ac
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B001C03694022BDBCF19FBA8C851AAEB739BF64728F200118E514772D4DF789905CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01312C91, Relevance: 15.3, APIs: 10, Instructions: 290stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01312A86: lstrcmpiW.KERNEL32(?,?,?,01312D17,?,?,B4B6CC09,00000000,?,00000000,?,?,01391934,000000FF,?,01313776), ref: 01312AF4
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,B4B6CC09,00000000,?,00000000,?,?,01391934,000000FF,?,01313776,?,?), ref: 01312D74
                                                                                                                                                                                                                                • CharNextW.USER32(?,?,01313776,?,?), ref: 01312DE4
                                                                                                                                                                                                                                • CharNextW.USER32(00000000,?,01313776,?,?), ref: 01312DFD
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext$lstrcmpilstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1051761657-0
                                                                                                                                                                                                                                • Opcode ID: ad00d12fd4782dea87187608bc9f56df38c9fd66fd63fada6e45e668e70f4301
                                                                                                                                                                                                                                • Instruction ID: 0fcabe264f3eb61aa171f9d753897c51ee83e4c8754389a9579b6a2b085b470f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad00d12fd4782dea87187608bc9f56df38c9fd66fd63fada6e45e668e70f4301
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28B195719002199EDB39DF68CD899EEB7F9FF18314F1140AAE709A3148D7309E948FA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01328E69, Relevance: 15.1, APIs: 10, Instructions: 73memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 01328E70
                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,00000008,?,?,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328E9C
                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328EA3
                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(00000008,00000001(TokenIntegrityLevel),00000000,00000000,?,?,?,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328EBE
                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,?,?,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328EC5
                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(00000008,00000001(TokenIntegrityLevel),00000000,?,?,?,?,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328EDE
                                                                                                                                                                                                                                • ConvertSidToStringSidW.ADVAPI32(00000000,?), ref: 01328EEA
                                                                                                                                                                                                                                  • Part of subcall function 01326209: _wcslen.LIBCMT ref: 01326216
                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328EFF
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000008,?,?,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328F0D
                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,?,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328F18
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LocalToken$FreeInformationProcess$AllocCloseConvertCurrentH_prolog3HandleOpenString_wcslen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2454477774-0
                                                                                                                                                                                                                                • Opcode ID: 1132204e3cd046f898b3828ac5204fdfa7956c532dccbbdcc03be3aa8b3ce258
                                                                                                                                                                                                                                • Instruction ID: 1f027413d2bd1646ed5805473729a9e35c53a834ca3f595cb76c8d10bcc28e4a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1132204e3cd046f898b3828ac5204fdfa7956c532dccbbdcc03be3aa8b3ce258
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4212A7190011BAFDF20AFA4DC85EAEBBBAFF04308F400425E601B3254DB369945CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01324909, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 88memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileVersionInfoSizeW.VERSION(013A0D00,?,013A2D3C,00000001,00000000), ref: 0132494C
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000), ref: 01324965
                                                                                                                                                                                                                                • GlobalLock.KERNEL32 ref: 0132496E
                                                                                                                                                                                                                                • GetFileVersionInfoW.VERSION(013A0D00,?,00000000,00000000), ref: 0132498B
                                                                                                                                                                                                                                • VerQueryValueW.VERSION(?,013A11F0,?,?), ref: 013249AE
                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 013249F0
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 013249F7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$FileInfoVersion$AllocFreeLockQuerySizeUnlockValue
                                                                                                                                                                                                                                • String ID: %d.%d.%d.%d
                                                                                                                                                                                                                                • API String ID: 363595264-3491811756
                                                                                                                                                                                                                                • Opcode ID: 494cd8c5e35522409816e3c72ae0efe0e77a9137797003b83a8d7fe796f5f4f3
                                                                                                                                                                                                                                • Instruction ID: 55912d7d6216c646e6b81ec8c3c0d36e4405a7b45936acbe71f4e01c0bf5f4fb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 494cd8c5e35522409816e3c72ae0efe0e77a9137797003b83a8d7fe796f5f4f3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14310D71A00229AFDB20AF99DC44FAABBBCFB48745F00419AE549E7240D7759E84CF70
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132461D, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 87COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLogicalDriveStringsW.KERNEL32(00000100,?), ref: 01324683
                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 0132469F
                                                                                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 013246BC
                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 013246C3
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 013246E3
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Drive$Type$CurrentDiskFreeH_prolog3_LocalLogicalProcessSpaceStringsTime_memset_strlen_wcslenswprintf
                                                                                                                                                                                                                                • String ID: %I64u$GetDiskTotalSize in$GetDiskTotalSize out
                                                                                                                                                                                                                                • API String ID: 3079154940-2267826229
                                                                                                                                                                                                                                • Opcode ID: a9928ae44829f70dc8a6ec21e79956339fb0f8bb21b9909ea68228250b0c2879
                                                                                                                                                                                                                                • Instruction ID: 097e82006f863780e01de6f233dfd0e7e40ce32ef21b23401058285870a39cb5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9928ae44829f70dc8a6ec21e79956339fb0f8bb21b9909ea68228250b0c2879
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1314D7190122D9FDF20FF68CC99ADDB7B8FB05318F4040D9E149A7100DB30AA858F91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131DAAC, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0131DAB3
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0131DABD
                                                                                                                                                                                                                                • int.LIBCPMT ref: 0131DAD4
                                                                                                                                                                                                                                  • Part of subcall function 01314493: std::_Lockit::_Lockit.LIBCPMT ref: 013144A4
                                                                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 0131DB0B
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 0131DB19
                                                                                                                                                                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 0131DB29
                                                                                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0131DB2F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                                                                                • API String ID: 158301680-3145022300
                                                                                                                                                                                                                                • Opcode ID: ef371690879c6531025f0eb6e637642faea60404e14c57b0902295bdd0d3888d
                                                                                                                                                                                                                                • Instruction ID: d1dcfca880dddb3a2ae3c5fe9b216c28c7a7a782bb7d99f96177f2571834d016
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef371690879c6531025f0eb6e637642faea60404e14c57b0902295bdd0d3888d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3501C43194021F97CF19EBA8C840AEE7339BF65728F104108D511772D8DF78A9059B50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01317280, Relevance: 13.6, APIs: 9, Instructions: 80COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: f3e447f6f7fed40fe267d568e4eb74d444978297bfbba2922cda3c6819c67cb4
                                                                                                                                                                                                                                • Instruction ID: 352a1cdb43d82458dce66557983e591b755453367715e8edca982c9313eaa96d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3e447f6f7fed40fe267d568e4eb74d444978297bfbba2922cda3c6819c67cb4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D631417150020AEFEB269F78C849BAEBBFDBF08308F181419ED45E2259D772D954CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013242DA, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 013242E4
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001C,00000000,013A0D00,00000398,0131F1EA,?), ref: 01324323
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0132432D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • \Google\Chrome\User Data\Default\Preferences, xrefs: 0132436A
                                                                                                                                                                                                                                • "homepage": ", xrefs: 0132444F
                                                                                                                                                                                                                                • GetChromeIncumbentHPR in , xrefs: 013243B4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFolderH_prolog3_LastPathSpecial_wcslen
                                                                                                                                                                                                                                • String ID: "homepage": "$GetChromeIncumbentHPR in $\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                                                                                • API String ID: 1572872009-294888114
                                                                                                                                                                                                                                • Opcode ID: 97d06cb097bd3e44986355c0faa7dda40beaa0c057b8cf18325a924a976a7c0f
                                                                                                                                                                                                                                • Instruction ID: 09d84c5cc5e67a0d35307287201f493f5956aaf5b9f96082fc212ffde99a0eb3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97d06cb097bd3e44986355c0faa7dda40beaa0c057b8cf18325a924a976a7c0f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2191617190126ADEDF25FB68CD98BEEB7BCAF25208F1041D9E509A3144DA345F88CF61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01320401, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105,00000000,?,?,013202DA,?), ref: 01320603
                                                                                                                                                                                                                                  • Part of subcall function 0132061F: _strlen.LIBCMT ref: 01320626
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,offer,control,00000000,?,?,013202DA,?), ref: 01320618
                                                                                                                                                                                                                                  • Part of subcall function 0134032A: __EH_prolog3.LIBCMT ref: 01340331
                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 0132050A
                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 0132053E
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000000), ref: 01320574
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Enable$ExceptionH_prolog3InvalidateRaiseRectRedraw_strlen
                                                                                                                                                                                                                                • String ID: control$offer
                                                                                                                                                                                                                                • API String ID: 1310084176-4090155873
                                                                                                                                                                                                                                • Opcode ID: aeb3479f90e1f0733a72485a7736883a0280b1d164e008cee0d55c07497f8f13
                                                                                                                                                                                                                                • Instruction ID: ce7a1e91f7890766cebad0740612561b1968771e53915ec4a238178c3a879cae
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aeb3479f90e1f0733a72485a7736883a0280b1d164e008cee0d55c07497f8f13
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4517030B04625EFDB19EFACC584FE8BBF1BF44308F1541A5E518AB252C771A964CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013278DD, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: invalid string position$string too long
                                                                                                                                                                                                                                • API String ID: 1771113911-4289949731
                                                                                                                                                                                                                                • Opcode ID: e47412d19d85d16450c80674670a224d074d080a1e41259ccd9886aa2217f188
                                                                                                                                                                                                                                • Instruction ID: 072d25f0b601e834ad2d6278fd5a1d29ec4e289bb6284cfef236dc6e983e8682
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e47412d19d85d16450c80674670a224d074d080a1e41259ccd9886aa2217f188
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB41A271310328ABC724FE6CD885D6AB7EAFBA5668714491DE586C7740EB30ED01C7A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01325478, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 107registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Internet Explorer\Toolbar,00000000,00020019,?,B4B6CC09,?,?,?,?,01393384,000000FF), ref: 013254CF
                                                                                                                                                                                                                                • RegQueryInfoKeyW.ADVAPI32 ref: 013254FE
                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32 ref: 0132554D
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01325571
                                                                                                                                                                                                                                  • Part of subcall function 013255F6: RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00020019,?,?), ref: 01325617
                                                                                                                                                                                                                                  • Part of subcall function 013255F6: RegQueryValueExW.ADVAPI32(?,Flags,00000000,00000000,?,?), ref: 0132563D
                                                                                                                                                                                                                                  • Part of subcall function 013255F6: RegCloseKey.ADVAPI32(?), ref: 01325658
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,01393384,000000FF), ref: 013255D6
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\Ext\Settings\, xrefs: 01325557
                                                                                                                                                                                                                                • SOFTWARE\Microsoft\Internet Explorer\Toolbar, xrefs: 013254B9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue_wcslen$EnumInfo
                                                                                                                                                                                                                                • String ID: SOFTWARE\Microsoft\Internet Explorer\Toolbar$Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
                                                                                                                                                                                                                                • API String ID: 1747174133-1822556347
                                                                                                                                                                                                                                • Opcode ID: 379c5bf4d715df5f91474b826ab0d27206e3e2cadea43b08f353d7d70bb73788
                                                                                                                                                                                                                                • Instruction ID: 7e89be74fce90deb26a596b98e48dd790222da9f60e4622d8a2e35ba355f6f04
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 379c5bf4d715df5f91474b826ab0d27206e3e2cadea43b08f353d7d70bb73788
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10416E71900568EEDB719B59CC44EAFBBBDFB44794F208199E54AE2240DF705B88CF10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131DF1D, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 100COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: invalid string position$string too long
                                                                                                                                                                                                                                • API String ID: 1771113911-4289949731
                                                                                                                                                                                                                                • Opcode ID: fb7d9e2d242c476d7dd882b1ae7b9308006e52761ad616edec8ba32c949e94fc
                                                                                                                                                                                                                                • Instruction ID: 457882e2b00695f3b7df9949f793ed81982497bd7b096b8714be1172a5bbb5e2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb7d9e2d242c476d7dd882b1ae7b9308006e52761ad616edec8ba32c949e94fc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE31A7713101049BDB3CDE5CC858E2ABBBAEB8265C714091CF5428778DD731EE44C795
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01328827, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82comCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0132882E
                                                                                                                                                                                                                                • CoInitializeEx.OLE32(00000000,00000002,00000018,01328747,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328856
                                                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,76D26490,?,?,?,01328712,?), ref: 01328872
                                                                                                                                                                                                                                • OutputDebugStringW.KERNEL32(?), ref: 013288E9
                                                                                                                                                                                                                                • CoCreateInstance.OLE32(013A3794,00000000,00000004,013A37A4,?,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328908
                                                                                                                                                                                                                                • CoUninitialize.OLE32(?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328914
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Downloader(BITS)::InitializeBITS::CoInitializeSecurity : Error = 0x%X - %s, xrefs: 013288B8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Initialize$CreateDebugH_prolog3InstanceOutputSecurityStringUninitialize
                                                                                                                                                                                                                                • String ID: Downloader(BITS)::InitializeBITS::CoInitializeSecurity : Error = 0x%X - %s
                                                                                                                                                                                                                                • API String ID: 3838462571-3250974012
                                                                                                                                                                                                                                • Opcode ID: fbec6337b881a51acefc27c1f32860da8370490964f4db9b3a020a20d5734166
                                                                                                                                                                                                                                • Instruction ID: b3820df39936f92f5a0c8944467d606a2299e4a009c03261e7adbfd304e3a906
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fbec6337b881a51acefc27c1f32860da8370490964f4db9b3a020a20d5734166
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C3152B190022EDFDB10EFA4D884AAEBBF8FF1831CF544469E505B7240D7715A44CB91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134A84D, Relevance: 12.1, APIs: 8, Instructions: 139COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetScrollInfo.USER32(?,00000000,0000001C,00000001), ref: 0134A8CB
                                                                                                                                                                                                                                • SetScrollInfo.USER32(?,00000001,0000001C,00000001), ref: 0134A91A
                                                                                                                                                                                                                                • GetWindow.USER32(?,00000005), ref: 0134A935
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0134A954
                                                                                                                                                                                                                                • MapWindowPoints.USER32 ref: 0134A967
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000015), ref: 0134A983
                                                                                                                                                                                                                                • GetWindow.USER32(?,00000002), ref: 0134A98E
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,00000000,00000000), ref: 0134A9B8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$InfoRectScroll$InvalidatePoints
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2230122999-0
                                                                                                                                                                                                                                • Opcode ID: 85b9900ab4e8e4dd89398792d5cf5e9bb7547d1d03401aefc6b92a5ca6088c9c
                                                                                                                                                                                                                                • Instruction ID: 2c98951a623a35350db5f351dcd15313a501791a37545e260e9cc4fd70c30f68
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85b9900ab4e8e4dd89398792d5cf5e9bb7547d1d03401aefc6b92a5ca6088c9c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97510775A40609AFEB21DFA8C984AEEFBF9FB0C304F105429E606B7650D371A944CF60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134AA6E, Relevance: 12.1, APIs: 8, Instructions: 130COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetScrollInfo.USER32(?,00000000,0000001C,?), ref: 0134AAF2
                                                                                                                                                                                                                                • SetScrollInfo.USER32(?,00000001,0000001C,?), ref: 0134AB32
                                                                                                                                                                                                                                • GetWindow.USER32(?,00000005), ref: 0134AB4C
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0134AB69
                                                                                                                                                                                                                                • MapWindowPoints.USER32 ref: 0134AB7E
                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,?,00000000,00000000,00000015), ref: 0134AB97
                                                                                                                                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 0134ABA0
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0134ABBC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$InfoRectScroll$InvalidatePoints
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2230122999-0
                                                                                                                                                                                                                                • Opcode ID: 3ddba87aaa10c58ff9541d0048611230b07f670f9a9c22e6d427fbee02c05a74
                                                                                                                                                                                                                                • Instruction ID: 10dbb0affc5778721e1d840ea08858b685bdf2557680e8369235f1bd5926aa6e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ddba87aaa10c58ff9541d0048611230b07f670f9a9c22e6d427fbee02c05a74
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76512F71A40209AFEB11CFA8C989BEEBFF9FB48304F045415E605BB291D775A944CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013209BC, Relevance: 12.1, APIs: 8, Instructions: 96windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 013209E9
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 013209F6
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 01320A11
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 01320A2F
                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 01320A7C
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 01320A96
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 01320AA3
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 01320AB6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateFontIndirectObject$DeleteInfoMessageParametersSendSystem_memset_wcscpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2167349133-0
                                                                                                                                                                                                                                • Opcode ID: ae81021d03ab65a82e3915c905104b11e98b5657841f43e5541d7162172987cf
                                                                                                                                                                                                                                • Instruction ID: abae90951f7e41384365133c919e093935e179a57d1ff06cecb40d6e10720bc3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae81021d03ab65a82e3915c905104b11e98b5657841f43e5541d7162172987cf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53315C71900748EFEB20EFB8DC899AABBFDAB04318F40156AF556D7690D631A948CB10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132892E, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 01328935
                                                                                                                                                                                                                                  • Part of subcall function 01328827: __EH_prolog3.LIBCMT ref: 0132882E
                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?,00000000,?,?,?,?,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328AF7
                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?,00000000,S-1-5-18,?,?,?,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328B03
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeH_prolog3Task
                                                                                                                                                                                                                                • String ID: S-1-5-18
                                                                                                                                                                                                                                • API String ID: 4001087172-4289277601
                                                                                                                                                                                                                                • Opcode ID: e03a414211da555df306e94d31038fd160f0b084286bca2a79f5f3f661efc257
                                                                                                                                                                                                                                • Instruction ID: de69c25533b96e8624f5923ee90e4c49eadd3cf8e375f12d025e40e9d5ac0dc1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e03a414211da555df306e94d31038fd160f0b084286bca2a79f5f3f661efc257
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03813F70D0022AEFCF00EFA8C98899EBBB9FF49718F148489F905EB255D7359941CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01333172, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0133317C
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 0133328A
                                                                                                                                                                                                                                • __wcstoui64.LIBCMT ref: 013332BF
                                                                                                                                                                                                                                • __wcstoui64.LIBCMT ref: 013332F2
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 01311716: std::_Xinvalid_argument.LIBCPMT ref: 01311730
                                                                                                                                                                                                                                • __wcstoui64.LIBCMT ref: 01333325
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __wcstoui64$H_prolog3__strlen$CurrentLocalProcessTimeXinvalid_argument_memsetstd::_swprintf
                                                                                                                                                                                                                                • String ID: StringHexToRGB()...
                                                                                                                                                                                                                                • API String ID: 1186222580-3392537412
                                                                                                                                                                                                                                • Opcode ID: 4a22796957a494ea31978f7e6a40393f776f04c66c64d7367de601077a6d66ae
                                                                                                                                                                                                                                • Instruction ID: 266f24e1c980483917e4a12bf04402518d83f2a3c03856c349482d491018fd2b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a22796957a494ea31978f7e6a40393f776f04c66c64d7367de601077a6d66ae
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33518371C00259AEDB25EBA8CC85FDEBFB8FF54308F04805AE545A7181DB745B89CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135D119, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 162networkCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135D123
                                                                                                                                                                                                                                  • Part of subcall function 0135BED6: __EH_prolog3_GS.LIBCMT ref: 0135BEDD
                                                                                                                                                                                                                                  • Part of subcall function 0135BED6: MultiByteToWideChar.KERNEL32(0135D1A8,00000000,?,00000000,00000000,00000000,00000028,0135D1A8,?), ref: 0135BF0C
                                                                                                                                                                                                                                • InternetGetCookieW.WININET(00000000), ref: 0135D1E2
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000001,00000000,00000001,00000000), ref: 0135D219
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0135D21B
                                                                                                                                                                                                                                • _wmemset.LIBCMT ref: 0135D263
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0132618B: _wcslen.LIBCMT ref: 01326196
                                                                                                                                                                                                                                  • Part of subcall function 0131A941: _memmove.LIBCMT ref: 0131A968
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorH_prolog3_Last_memmove_wcslen$ByteCharCookieInternetMultiWide_wmemset
                                                                                                                                                                                                                                • String ID: ERROR
                                                                                                                                                                                                                                • API String ID: 4186435405-2861137601
                                                                                                                                                                                                                                • Opcode ID: 491086b82adffc623a289618f21bfb916092a2cabccc42be0bdb9572e83e498a
                                                                                                                                                                                                                                • Instruction ID: efae64c320a17e70c10748868f07ca636befc00dfcfdf6feb28ff20d237477b1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 491086b82adffc623a289618f21bfb916092a2cabccc42be0bdb9572e83e498a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F851AB71D0121A9FEF28EBA8CC45FEDBBB4FF14718F108199E549E7290DA705A84CB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01311FA4, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 141stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(01310000,?,00000104), ref: 01312036
                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 0131207E
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 013120D5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Module$FileHandleNamelstrlen
                                                                                                                                                                                                                                • String ID: Module$Module_Raw$REGISTRY
                                                                                                                                                                                                                                • API String ID: 2970045096-549000027
                                                                                                                                                                                                                                • Opcode ID: 39afa06585442b725d618f95e625b748699295982a41403e672e802ade725e44
                                                                                                                                                                                                                                • Instruction ID: e3fafc8de007dc0ab4947eaad90a97f220874013e3b1d30fe060d89ae6e2592a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39afa06585442b725d618f95e625b748699295982a41403e672e802ade725e44
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5519676A002199BCF38DF58DC84ADE77B9AB49208F2005B9FA09E7644DB749E84CF51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01312184, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 133stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(01310000,?,00000104), ref: 0131220D
                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 01312255
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 013122AC
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Module$FileHandleNamelstrlen
                                                                                                                                                                                                                                • String ID: Module$Module_Raw$REGISTRY
                                                                                                                                                                                                                                • API String ID: 2970045096-549000027
                                                                                                                                                                                                                                • Opcode ID: 8188604aac2f5ce6e1f24e3db4248d0df025fa7f76a424a16ffa19f79ebb0c4f
                                                                                                                                                                                                                                • Instruction ID: 255945b4ea659e13fd1e5548ccb284a84886d2bfb201e769ac0f2f6a04484cb2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8188604aac2f5ce6e1f24e3db4248d0df025fa7f76a424a16ffa19f79ebb0c4f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E041B976A00229DBCB28DF68DC84ADE77B8EF49308F5004A9F909E7545DB749E84CF51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134C78E, Relevance: 10.6, APIs: 7, Instructions: 112COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen$H_prolog3___ui64tow_s_memset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1005177162-0
                                                                                                                                                                                                                                • Opcode ID: 6f9f00a2e44bb9ad9b3adaea212bcba0567017bb34bb430b4bfe517fb724065c
                                                                                                                                                                                                                                • Instruction ID: 9241d39e57d4c8a9c5b41b070ce7035ddad2b935b06c9dd924d1b0a017cfa71c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f9f00a2e44bb9ad9b3adaea212bcba0567017bb34bb430b4bfe517fb724065c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7441FB71A012659BEB34EB6CCC80FEDB7B89F14714F1441D5D60CB7284DBB06E848B91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01345B51, Relevance: 10.6, APIs: 7, Instructions: 110windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindResourceW.KERNEL32(01310000,00000110,000000F0,00000001), ref: 01345B89
                                                                                                                                                                                                                                • LoadResource.KERNEL32(01310000,00000000), ref: 01345B99
                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000), ref: 01345BA8
                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32 ref: 01345C1C
                                                                                                                                                                                                                                • _free.LIBCMT ref: 01345C42
                                                                                                                                                                                                                                • _free.LIBCMT ref: 01345C97
                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32 ref: 01345CB5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Resource$ItemMessageSend_free$FindLoadLock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1490153787-0
                                                                                                                                                                                                                                • Opcode ID: 318a55fe71d46d4aa1f76cf85472fe738d9d625337a8f23c31a7285ea054a959
                                                                                                                                                                                                                                • Instruction ID: 666f6d3bba4f1460d2ee6678ec3b9d177ab49db3cb04da2e6eef2868296ec69a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 318a55fe71d46d4aa1f76cf85472fe738d9d625337a8f23c31a7285ea054a959
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60414D71D002289BDF359B28DC81BE9B7F8AB18715F5042D5E689E6180DBB4AFC4CF54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013234AE, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 95COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 013234B8
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: __EH_prolog3_GS.LIBCMT ref: 0135CB34
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: _wcslen.LIBCMT ref: 0135CC26
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: RegCloseKey.ADVAPI32(00000000,?,?,?,013A0D00), ref: 0135CC68
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                  • Part of subcall function 01327839: _wcslen.LIBCMT ref: 01327841
                                                                                                                                                                                                                                  • Part of subcall function 0131D937: __EH_prolog3.LIBCMT ref: 0131D93E
                                                                                                                                                                                                                                  • Part of subcall function 0131D937: _wcslen.LIBCMT ref: 0131D967
                                                                                                                                                                                                                                  • Part of subcall function 0131D937: _wcslen.LIBCMT ref: 0131D97A
                                                                                                                                                                                                                                  • Part of subcall function 0131A941: _memmove.LIBCMT ref: 0131A968
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen$H_prolog3__memmove$CloseH_prolog3
                                                                                                                                                                                                                                • String ID: DefaultScope$HKEY_CURRENT_USER$SOFTWARE\Microsoft\Internet Explorer\SearchScopes$SOFTWARE\Microsoft\Internet Explorer\SearchScopes\$URL
                                                                                                                                                                                                                                • API String ID: 1666650827-2303847271
                                                                                                                                                                                                                                • Opcode ID: 4ffe783f358b6c29354e9ee22d4870d0d1b816e38e9290805fdaafee618737dd
                                                                                                                                                                                                                                • Instruction ID: 46762e1bd0356b539372960df6a270ab6378620a6f1a65860b63e0ef9275f001
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ffe783f358b6c29354e9ee22d4870d0d1b816e38e9290805fdaafee618737dd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E3112B1901259EEDB18EBA8CD90FEDBB7CEF6520DF504099E40973244DA705F49CB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01312900, Relevance: 10.6, APIs: 7, Instructions: 94libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 0131290A
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,00000424,0131215D,?,REGISTRY,00000000,013A1478,Module_Raw,?,013A1478,Module,?), ref: 0131293C
                                                                                                                                                                                                                                • FindResourceW.KERNEL32(00000000,?,?), ref: 0131295B
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?), ref: 01312A4B
                                                                                                                                                                                                                                  • Part of subcall function 01311BDC: GetLastError.KERNEL32(0131296C,?,?), ref: 01311BDC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Library$ErrorFindFreeH_prolog3_catch_LastLoadResource
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 724505223-0
                                                                                                                                                                                                                                • Opcode ID: e80b3ade7f00f07b62382254845867fc274d8e1de88d82ef567ae377664dafaa
                                                                                                                                                                                                                                • Instruction ID: 6ba7a1613799915ddd24ba6869ee831ce6f41d6241dbb276450a4cdd83a23ef0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e80b3ade7f00f07b62382254845867fc274d8e1de88d82ef567ae377664dafaa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D3188B190016D9FCF359B68CC44BDEBBB9EB44754F2080E9E609A7145DA304FC48F94
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131668B, Relevance: 10.6, APIs: 7, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 013166C7
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 013166F5
                                                                                                                                                                                                                                • SysStringLen.OLEAUT32(?), ref: 01316706
                                                                                                                                                                                                                                • SysStringLen.OLEAUT32(?), ref: 0131670F
                                                                                                                                                                                                                                • CoTaskMemAlloc.OLE32(00000002), ref: 01316716
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 01316725
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$AllocFree$Task
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1511711959-0
                                                                                                                                                                                                                                • Opcode ID: a9569596ce1c26653589845180b6bae537387a89ec96c48679b10a085e52ea12
                                                                                                                                                                                                                                • Instruction ID: de8981e2420bb3e22d747970018f6baa838bb462cf42b6a28b28c1b2d33639f5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9569596ce1c26653589845180b6bae537387a89ec96c48679b10a085e52ea12
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F21C2B650011AEFDF149FA9DD8599E7BA8FF04358F000029FA00A7119E7B5DD20CB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01329254, Relevance: 10.6, APIs: 7, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 01329270
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 01329298
                                                                                                                                                                                                                                • GetMenu.USER32 ref: 013292A3
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 013292BE
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 013292C6
                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,00000000,00000000,00000000), ref: 013292D1
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000016,?,000000F0,?,000000EC,?,000000F0,?,?), ref: 013292F2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Long$Rect$AdjustClientMenu
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1765799542-0
                                                                                                                                                                                                                                • Opcode ID: d1cfc646a7f8421d2cf031ce6234d86d1f8fdb375d9145ee65c912effafe404d
                                                                                                                                                                                                                                • Instruction ID: 39661bae2bcb820413c3fae47aaaf22da058c831c5270baf2a811270a7f4b585
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1cfc646a7f8421d2cf031ce6234d86d1f8fdb375d9145ee65c912effafe404d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51215471A0421DEFEB21AFB9DC44FBE7BFDFB49368F200618E511E2195D63299008B50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01345F0E, Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • PtInRect.USER32(01344CA7,00000000,?), ref: 01345F33
                                                                                                                                                                                                                                • SetCursor.USER32(?,?,01344CA7,?), ref: 01345F40
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,01344CA7,00000001,?,01344CA7,?), ref: 01345F61
                                                                                                                                                                                                                                • UpdateWindow.USER32(?), ref: 01345F6A
                                                                                                                                                                                                                                • _TrackMouseEvent.COMCTL32(01344CA7), ref: 01345F90
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,01344CA7,00000001,?,01344CA7,?), ref: 01345FB6
                                                                                                                                                                                                                                • UpdateWindow.USER32(?), ref: 01345FBF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Rect$InvalidateUpdateWindow$CursorEventMouseTrack
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1598129390-0
                                                                                                                                                                                                                                • Opcode ID: 0d44e1a3804c4194814da6ed1301c6364e92b155a3d1109ac80baf6d747298e2
                                                                                                                                                                                                                                • Instruction ID: 6ab337f98c1ff6d4a24679dfaabacd579688505442121518b5d2aa40cf0860a1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d44e1a3804c4194814da6ed1301c6364e92b155a3d1109ac80baf6d747298e2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32215031500B44DFEB228B6DC949BABBBF8BF05708F404818E5C3A6A61C771F449DB51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013207AB, Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDC.USER32 ref: 013207D2
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(01320758,0000005A), ref: 013207F5
                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000000,?,00000000), ref: 013207FC
                                                                                                                                                                                                                                • DPtoLP.GDI32(?,?,00000001), ref: 01320814
                                                                                                                                                                                                                                • DPtoLP.GDI32(?,?,00000001), ref: 01320825
                                                                                                                                                                                                                                • ReleaseDC.USER32 ref: 01320843
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 0132084D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3808545654-0
                                                                                                                                                                                                                                • Opcode ID: a193981a69a0ccf927991307f18578be2043a996f2a7c54468ac54c5df638d7f
                                                                                                                                                                                                                                • Instruction ID: da446caacb5ec607075d1e18767acaf7bfa7a84ef3d8be2e366031eadbca6c09
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a193981a69a0ccf927991307f18578be2043a996f2a7c54468ac54c5df638d7f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E21B0B1D0031CAFDB20EFB8D88899EBBB9FB09305F60152AE509EB241D7719944CF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013255F6, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00020019,?,?), ref: 01325617
                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Flags,00000000,00000000,?,?), ref: 0132563D
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 01325658
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                • String ID: A$Flags$d
                                                                                                                                                                                                                                • API String ID: 3677997916-3843220365
                                                                                                                                                                                                                                • Opcode ID: 65eb9a8fa739c697ed154241f54f31fe0e14576e803695b295182095231f8695
                                                                                                                                                                                                                                • Instruction ID: 493c67cb721021857eab71ed6f8ff37914a0d519b1709f7af735f199bcdb640d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65eb9a8fa739c697ed154241f54f31fe0e14576e803695b295182095231f8695
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD016D31901228BBDB219E94EC08EDBBF7CEB05768F001194E905A2145D7719B04CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01312B6B, Relevance: 9.1, APIs: 6, Instructions: 123COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01312B46: CharNextW.USER32(?,01312B7B,00000000,?,?,?,?,0131345A,00000000,00000000,?), ref: 01312B60
                                                                                                                                                                                                                                • CharNextW.USER32(00000000,00000000,00000000,?,?,?,?,0131345A,00000000,00000000,?), ref: 01312BA8
                                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,?,?,0131345A,00000000,00000000,?), ref: 01312C25
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3213498283-0
                                                                                                                                                                                                                                • Opcode ID: 0879e6581d6a6185b1987623f9b534a7c0b67cc5941c5b65822a48cedeb24486
                                                                                                                                                                                                                                • Instruction ID: bab243c8724bcf7527d8bc2b7baa099928c6d20026fef57b88a5f0de6d23858c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0879e6581d6a6185b1987623f9b534a7c0b67cc5941c5b65822a48cedeb24486
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A41A0312102069EDF299FBCD88467BB7E5FF68718BB04819D682C7269E770D880C754
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01329892, Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 013444F0: _malloc.LIBCMT ref: 01344511
                                                                                                                                                                                                                                • _free.LIBCMT ref: 013298B8
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 013298CD
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 01329907
                                                                                                                                                                                                                                • CreateDIBSection.GDI32(00000000,00000000,00000000,?,00000000,00000000), ref: 01329918
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0132992A
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0132995C
                                                                                                                                                                                                                                  • Part of subcall function 01375111: RtlFreeHeap.NTDLL(00000000,00000000), ref: 01375127
                                                                                                                                                                                                                                  • Part of subcall function 01375111: GetLastError.KERNEL32(00000000), ref: 01375139
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$_memset$CreateErrorFreeHeapLastSection_malloc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2892610931-0
                                                                                                                                                                                                                                • Opcode ID: b9f907ffeb9927fc128aeaa4cf56ea30073f18e3a75c2dcb6627a6784b65413d
                                                                                                                                                                                                                                • Instruction ID: e7563dd5c32659b3c19138611628731ff6b82501646caf02addc6d3a1f87e3a3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9f907ffeb9927fc128aeaa4cf56ea30073f18e3a75c2dcb6627a6784b65413d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C421B472910235EBDB21EF29D844A9BBBECDF8532CF158469E895F7240D274ED00C7A0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013170CC, Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ClientScreen$MoveParentWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2420994850-0
                                                                                                                                                                                                                                • Opcode ID: 5a296c338ad7c62569a8e4c5197fe499f58e3bb1a4f07ef740b67c5505a83599
                                                                                                                                                                                                                                • Instruction ID: a8ee28e96fb0f563c53d40246d8cb55e6f7f77526f7a5d0c298683ab78c7f6cf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a296c338ad7c62569a8e4c5197fe499f58e3bb1a4f07ef740b67c5505a83599
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66110D72900119AFDF12DFA8CD849BFBBBEEF09314B150065E900F7118DA71AE418B61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01344A79, Relevance: 9.1, APIs: 6, Instructions: 66stringwindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 01344A80
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,0000000C,0134675E,?,?), ref: 01344A98
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?), ref: 01344ADE
                                                                                                                                                                                                                                • lstrcpyW.KERNEL32 ref: 01344AEC
                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 01344B04
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000001,00000000), ref: 01344B19
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$H_prolog3_catchMessageSendWindowlstrcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3371861467-0
                                                                                                                                                                                                                                • Opcode ID: 25439f7f303f6cdccae792aec18fad9a3def65a29efd1ffb830d415ede40aca3
                                                                                                                                                                                                                                • Instruction ID: 6814cebd63f9930d0697d3f6ea3f0f18dff7bc27e38f7b50688d2062479e4a1f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25439f7f303f6cdccae792aec18fad9a3def65a29efd1ffb830d415ede40aca3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA21D671200301AFEB259F58D845B6A7BEAFF48714F00552DF1069B5A0DBB6B940CB55
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01381BE3, Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 01381BEF
                                                                                                                                                                                                                                  • Part of subcall function 013813D7: __getptd_noexit.LIBCMT ref: 013813DA
                                                                                                                                                                                                                                  • Part of subcall function 013813D7: __amsg_exit.LIBCMT ref: 013813E7
                                                                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 01381C0F
                                                                                                                                                                                                                                • __lock.LIBCMT ref: 01381C1F
                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 01381C3C
                                                                                                                                                                                                                                • _free.LIBCMT ref: 01381C4F
                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(02B02C38), ref: 01381C67
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3470314060-0
                                                                                                                                                                                                                                • Opcode ID: bac741773498ae9724c0fdf24a9c18efffb7865049983a72cbe22be6a58d2bdb
                                                                                                                                                                                                                                • Instruction ID: 3389e81f878fa308e8ed4f08249790cc9e4f4260700f2638b76cc35628a15632
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bac741773498ae9724c0fdf24a9c18efffb7865049983a72cbe22be6a58d2bdb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47018032A01B129FDF35BB6D948979DB7B4BF0472CF010119E605A7A84D7789582CBD1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01362BEA, Relevance: 9.0, APIs: 6, Instructions: 47memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000C,01362C7A,?,?,01314F4B), ref: 01362BEC
                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000018,00000008,?,?,?,?,?,01314F4B), ref: 01362C1B
                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,01314F4B), ref: 01362C1E
                                                                                                                                                                                                                                • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 01362C34
                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,01314F4B), ref: 01362C41
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,01314F4B), ref: 01362C44
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Heap$Process$AllocCompareExchangeFeatureFreeInterlockedPresentProcessor
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3509966971-0
                                                                                                                                                                                                                                • Opcode ID: a79a9c958077dc0113d99b74e87395ebb68fba527e2eeb3c6801250ca8583167
                                                                                                                                                                                                                                • Instruction ID: cf43e1322a7b3476e358848c4cde578178cbcb013c5379f47915667a9f5f77d9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a79a9c958077dc0113d99b74e87395ebb68fba527e2eeb3c6801250ca8583167
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D011DB26012019FEF609FB99848E1777ECFB49785F155465F545D3248E731E8019B70
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013181AC, Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDC.USER32 ref: 013181C9
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 013181DA
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 013181E2
                                                                                                                                                                                                                                • ReleaseDC.USER32 ref: 013181EA
                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000004,00000000,000009EC), ref: 01318204
                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000000,?,000009EC), ref: 01318212
                                                                                                                                                                                                                                  • Part of subcall function 01311000: __CxxThrowException@8.LIBCMT ref: 01311012
                                                                                                                                                                                                                                  • Part of subcall function 01311000: SysFreeString.OLEAUT32(00000000), ref: 0131101A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CapsDevice$Exception@8FreeReleaseStringThrow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1710212063-0
                                                                                                                                                                                                                                • Opcode ID: 18b9752a2a2fb2570eadb0f88a5702a48586b93eae9822c0d3de447fa008faf4
                                                                                                                                                                                                                                • Instruction ID: 914001ef18e13387acb6fe12575d56f884ded58b52e8a67de419d386cd209c80
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18b9752a2a2fb2570eadb0f88a5702a48586b93eae9822c0d3de447fa008faf4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55014F71A00214BFEB219FA5CC49F5BBFB8EB95755F004069FA04A7254D6719900CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131821D, Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDC.USER32 ref: 0131823A
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 0131824B
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01318253
                                                                                                                                                                                                                                • ReleaseDC.USER32 ref: 0131825B
                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,00000000,?), ref: 01318275
                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 01318283
                                                                                                                                                                                                                                  • Part of subcall function 01311000: __CxxThrowException@8.LIBCMT ref: 01311012
                                                                                                                                                                                                                                  • Part of subcall function 01311000: SysFreeString.OLEAUT32(00000000), ref: 0131101A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CapsDevice$Exception@8FreeReleaseStringThrow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1710212063-0
                                                                                                                                                                                                                                • Opcode ID: a0ad7e02f2b0d3d6332a1ffe7d8609de4774224cfeed68da908456c2a99b6454
                                                                                                                                                                                                                                • Instruction ID: 88a54ef51cb5d7d870df3d1e4394d2db2fcfd93aa35f566dd039e803f5606a85
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0ad7e02f2b0d3d6332a1ffe7d8609de4774224cfeed68da908456c2a99b6454
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1018F71A00218BFEB219FA5CC48F9EBFB8EB59791F008059FA0867244D6718901DB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132094C, Relevance: 9.0, APIs: 6, Instructions: 38COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTextColor.GDI32(?), ref: 01320958
                                                                                                                                                                                                                                • GetBkColor.GDI32(?), ref: 0132096B
                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 01320975
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 01320989
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,000000FF), ref: 01320999
                                                                                                                                                                                                                                • SetBkColor.GDI32(?,000000FF), ref: 013209AF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Color$Text$BrushCreateDeleteObjectSolid
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 438708776-0
                                                                                                                                                                                                                                • Opcode ID: c54254f75ec0761b00d9e1cb312eeb7c6fbf17ed262975eaa07c3416177f731c
                                                                                                                                                                                                                                • Instruction ID: 42351ed1c72cd31122a7080da106c83519ffe613d6d5e1d1185dacb461626afb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c54254f75ec0761b00d9e1cb312eeb7c6fbf17ed262975eaa07c3416177f731c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D017130200700DFDB316F69D948A56BFB9BB05325F406619F58B82AA0C732E454CF10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132A91F, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 267COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0132A926
                                                                                                                                                                                                                                  • Part of subcall function 0132A15A: __EH_prolog3.LIBCMT ref: 0132A161
                                                                                                                                                                                                                                  • Part of subcall function 0132A15A: _strlen.LIBCMT ref: 0132A1C2
                                                                                                                                                                                                                                  • Part of subcall function 0132A15A: _wcslen.LIBCMT ref: 0132A1DC
                                                                                                                                                                                                                                  • Part of subcall function 013297F1: EnterCriticalSection.KERNEL32(013C17C0,?), ref: 01329827
                                                                                                                                                                                                                                  • Part of subcall function 013297F1: LeaveCriticalSection.KERNEL32(013C17C0), ref: 01329834
                                                                                                                                                                                                                                  • Part of subcall function 01352870: __EH_prolog3.LIBCMT ref: 01352877
                                                                                                                                                                                                                                  • Part of subcall function 01352870: _wcslen.LIBCMT ref: 013528DD
                                                                                                                                                                                                                                  • Part of subcall function 01359C0C: __EH_prolog3.LIBCMT ref: 01359C13
                                                                                                                                                                                                                                  • Part of subcall function 013476E9: std::exception::exception.LIBCMT ref: 01347705
                                                                                                                                                                                                                                  • Part of subcall function 013476E9: __CxxThrowException@8.LIBCMT ref: 0134771A
                                                                                                                                                                                                                                  • Part of subcall function 0134783F: std::exception::exception.LIBCMT ref: 0134785B
                                                                                                                                                                                                                                  • Part of subcall function 0134783F: __CxxThrowException@8.LIBCMT ref: 01347870
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0132AD52
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0132ADC4
                                                                                                                                                                                                                                  • Part of subcall function 0131B7E3: _memmove.LIBCMT ref: 0131B83B
                                                                                                                                                                                                                                  • Part of subcall function 01355088: __EH_prolog3_catch.LIBCMT ref: 0135508F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • http://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}&src={publisher}, xrefs: 0132ADBE, 0132ADC3, 0132ADCB
                                                                                                                                                                                                                                • +, xrefs: 0132AD42
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_wcslen$CriticalException@8SectionThrowstd::exception::exception$EnterH_prolog3_catchLeave_memmove_strlen
                                                                                                                                                                                                                                • String ID: +$http://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}&src={publisher}
                                                                                                                                                                                                                                • API String ID: 3606588679-64641019
                                                                                                                                                                                                                                • Opcode ID: c15bdd8b8f69ea52190f5c7f82584c35548f202b2d208e5f30b290bff3152f5b
                                                                                                                                                                                                                                • Instruction ID: 6384c2c524ab4c6edef7e0f0d521d6ae43af779d55ceff6f3e54029ef95ec28f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c15bdd8b8f69ea52190f5c7f82584c35548f202b2d208e5f30b290bff3152f5b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6E197B0A15A42AEC348DF3AC5847C6FBA5BF69304F90832ED16C87251DB716164CFD5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132111A, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 144windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01321124
                                                                                                                                                                                                                                  • Part of subcall function 0135BED6: __EH_prolog3_GS.LIBCMT ref: 0135BEDD
                                                                                                                                                                                                                                  • Part of subcall function 0135BED6: MultiByteToWideChar.KERNEL32(0135D1A8,00000000,?,00000000,00000000,00000000,00000028,0135D1A8,?), ref: 0135BF0C
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00000004), ref: 0132127E
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_$ByteCharMessageMultiWide_memmove_wcslen
                                                                                                                                                                                                                                • String ID: LoadingTitle$false$true
                                                                                                                                                                                                                                • API String ID: 1608090813-3632203004
                                                                                                                                                                                                                                • Opcode ID: e1c0c10b878c81fe8a64516f15c8146faca6992bf64aa8c30985432d5fe5c9da
                                                                                                                                                                                                                                • Instruction ID: c463ee096333f19f93c9cb3b3c6ef6321baa77c462fc59601313b75d42cb2dce
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1c0c10b878c81fe8a64516f15c8146faca6992bf64aa8c30985432d5fe5c9da
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A51A6B1C04369DAEF14EBA8CD44FEDBB78AF52318F544198E805B7185CB705B45CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134686A, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,00000000,?,?,?,?,013469D4,?,?,?,?,?,?,?,?), ref: 013468A2
                                                                                                                                                                                                                                • CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003,?,00000000,?,?,?,?,013469D4,?,?,?), ref: 013468D3
                                                                                                                                                                                                                                • CompareStringW.KERNEL32(00000400,00000001,?,00000004,</A>,00000004,?,00000000,?,?,?,?,013469D4,?,?,?), ref: 0134690E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CompareString$lstrlen
                                                                                                                                                                                                                                • String ID: </A>$<A>
                                                                                                                                                                                                                                • API String ID: 1657112622-2122467442
                                                                                                                                                                                                                                • Opcode ID: 991dc914cb7ac7b2004d04bf25c5303af6c3e233a25c5d5913bc2ccf04fd1dd9
                                                                                                                                                                                                                                • Instruction ID: 201c94faf2af99dee001610fbb2cbe2161b0e18ac96dce520373a70521b62200
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 991dc914cb7ac7b2004d04bf25c5303af6c3e233a25c5d5913bc2ccf04fd1dd9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF316CF5640209AFDB21CF5DC486A9A7FF5FB4A318F104069F909DB390D3B1A945CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131B6A8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0131B6BF
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 01363236
                                                                                                                                                                                                                                  • Part of subcall function 01363221: __CxxThrowException@8.LIBCMT ref: 0136324B
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 0136325C
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0131B6E1
                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0131B725
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                                                                                                                                                                • String ID: invalid string position$string too long
                                                                                                                                                                                                                                • API String ID: 3404309857-4289949731
                                                                                                                                                                                                                                • Opcode ID: eacdc30a0b6fc93e10de88a159cccc07449e9949f7747535b9f5ba02aa2238dd
                                                                                                                                                                                                                                • Instruction ID: db8e2529b6d4ed858ea291ffe2dcd0b229599e2403006bb620c361200e684c89
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eacdc30a0b6fc93e10de88a159cccc07449e9949f7747535b9f5ba02aa2238dd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2611DF312002099BCB28DF2CD880C5AF7B9FF8472C728091DE8468B658EB30E915CBA4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013272E2, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 013272F9
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 01363236
                                                                                                                                                                                                                                  • Part of subcall function 01363221: __CxxThrowException@8.LIBCMT ref: 0136324B
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 0136325C
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0132731B
                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 01327358
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                                                                                                                                                                • String ID: invalid string position$string too long
                                                                                                                                                                                                                                • API String ID: 3404309857-4289949731
                                                                                                                                                                                                                                • Opcode ID: 43d48b57bebb9c11107123fc7741e513a0ecf90b61efc6458e9926b6ff58a258
                                                                                                                                                                                                                                • Instruction ID: 270feec6aac72070d622df741bc804a94e998146673af3f18340639853a3eceb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43d48b57bebb9c11107123fc7741e513a0ecf90b61efc6458e9926b6ff58a258
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0711B2313103259FDB28EE6CD881A5AB7E9FF25618B04092DFA52CB241D770E9408794
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01311CD3, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46registrylibraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 01311CE2
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 01311CF2
                                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 01311D32
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressCreateHandleModuleProc
                                                                                                                                                                                                                                • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                                                                                                                                                                                • API String ID: 1964897782-2994018265
                                                                                                                                                                                                                                • Opcode ID: 69ff31ab7216e6117ae86ba18fff95effafbc7ba1fad100b2645795bd9f26ce9
                                                                                                                                                                                                                                • Instruction ID: 5a24745fbcaa214267e9c9fb48663880a7b2ac3f9e0d2b01390540cbff11ea9f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69ff31ab7216e6117ae86ba18fff95effafbc7ba1fad100b2645795bd9f26ce9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07013171102229BBDB265EA19C48CEFBF2DFF15BA9B804410F71990019C3328460DBE1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01311C74, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38registrylibraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 01311C83
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 01311C93
                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 01311CC3
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressHandleModuleOpenProc
                                                                                                                                                                                                                                • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                                                                                                                                                • API String ID: 1337834000-3913318428
                                                                                                                                                                                                                                • Opcode ID: 3858807d176041e090d2d3528f7deb7225592406e737ef9b1b15e82ffa669b25
                                                                                                                                                                                                                                • Instruction ID: 5f3988e2f139ec16a5c20b11fb77b3ac76da2a4b4455afe97d5013a10497dcd0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3858807d176041e090d2d3528f7deb7225592406e737ef9b1b15e82ffa669b25
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6F06732100208BBCF264FA5DD08DAB7FBEFBC5B58B644918FA5590128C3338960EB20
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01312376, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,?,013125C9,?), ref: 0131239B
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 013123AB
                                                                                                                                                                                                                                  • Part of subcall function 01311D42: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 01311D51
                                                                                                                                                                                                                                  • Part of subcall function 01311D42: GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 01311D61
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                • String ID: Advapi32.dll$RegDeleteKeyExW
                                                                                                                                                                                                                                • API String ID: 1646373207-2191092095
                                                                                                                                                                                                                                • Opcode ID: 56c1dcc92b9403cdeaec7546e863e7acb68fe5be4cf782b9455fd9ea57abfce0
                                                                                                                                                                                                                                • Instruction ID: 9cd4e88f5a8ce1a9a3d8698fe5484cb693faab49c301bc027db8f347f45ff6c2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56c1dcc92b9403cdeaec7546e863e7acb68fe5be4cf782b9455fd9ea57abfce0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11F04F35501209BFEB295F64EC44FD6BF6CFB04788F540415FA00A551DC7B2A4B0EB51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013124D9, Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,00000000,?,00000000), ref: 01312538
                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32 ref: 01312596
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 013125B0
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?), ref: 013125D9
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?), ref: 013125FC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Close$Enum
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 464197530-0
                                                                                                                                                                                                                                • Opcode ID: 5b2a9d5c99b49bf513d34ad0171e68d681e91b59cb1888d855ed4a4a3b2507ab
                                                                                                                                                                                                                                • Instruction ID: d6b51a09e7134d0ce799b3256b59fc21709df8a1d3070b40272a08c092cb2c7e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b2a9d5c99b49bf513d34ad0171e68d681e91b59cb1888d855ed4a4a3b2507ab
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA31EB7194122CDBCB259B55DCD8ADEFBB9AB28714F6001D6E109A2254DB309FC0CF90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01320320, Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: BitmapLoad$DeleteObject
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3795396168-0
                                                                                                                                                                                                                                • Opcode ID: 871731467f1d04993c0817cc13ec2c956ef2714d423db5a607ae411941d1c193
                                                                                                                                                                                                                                • Instruction ID: 617a37c57c29d25e9549859961b932ef338873a42f3edf5ea543aea3226e97b5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 871731467f1d04993c0817cc13ec2c956ef2714d423db5a607ae411941d1c193
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B215CB1900219EFDB21DF69DC80AAABFFDFB44704F50416BEA04E6259E771A844DF90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0137F16F, Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 0137F17D
                                                                                                                                                                                                                                  • Part of subcall function 01376C17: __FF_MSGBANNER.LIBCMT ref: 01376C30
                                                                                                                                                                                                                                  • Part of subcall function 01376C17: __NMSG_WRITE.LIBCMT ref: 01376C37
                                                                                                                                                                                                                                  • Part of subcall function 01376C17: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,0137C61D,?,00000001,?,?,013822FD,00000018,013B0180,0000000C,0138238D), ref: 01376C5C
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0137F190
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeap_free_malloc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1020059152-0
                                                                                                                                                                                                                                • Opcode ID: 8105cedcd203bc6cbf616679ec08cda3845100bde0c36dfedbed5da7127e9304
                                                                                                                                                                                                                                • Instruction ID: 46518e5406057f9b33c4661d9d5f2cc963cece95634a693a5610d0d66b0040b3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8105cedcd203bc6cbf616679ec08cda3845100bde0c36dfedbed5da7127e9304
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4311E336804616ABCB323F7CFC046597BADBB413BDF100126E8A997144DB3C88408791
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01315A18, Relevance: 7.6, APIs: 5, Instructions: 60windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Focus$ChildH_prolog3Window
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3907702801-0
                                                                                                                                                                                                                                • Opcode ID: aa4568224dfb91466aa90a5eda22438a50b11056f0ae1ecc957d15e7829c93dc
                                                                                                                                                                                                                                • Instruction ID: 97c58d0464e05074abe0a72baddab3c129d99a2bad98a4b7c8cb1d2600ff888e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa4568224dfb91466aa90a5eda22438a50b11056f0ae1ecc957d15e7829c93dc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA217F71640705DFEB269F68C889E2ABBB9FF85708F14494CE5A6972A5D731A900CB10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013811AE, Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 013811BA
                                                                                                                                                                                                                                  • Part of subcall function 013813D7: __getptd_noexit.LIBCMT ref: 013813DA
                                                                                                                                                                                                                                  • Part of subcall function 013813D7: __amsg_exit.LIBCMT ref: 013813E7
                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 013811D1
                                                                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 013811DF
                                                                                                                                                                                                                                • __lock.LIBCMT ref: 013811EF
                                                                                                                                                                                                                                • __updatetlocinfoEx_nolock.LIBCMT ref: 01381203
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 938513278-0
                                                                                                                                                                                                                                • Opcode ID: c457faf5516085b3a850b9d1c1783d9e5afa13f57d6ce0d1378ef3891307d608
                                                                                                                                                                                                                                • Instruction ID: ab0d5ec4848f85d8f869ad2e4f202d4f4b03caaeb4247606b4eaa675162c215d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c457faf5516085b3a850b9d1c1783d9e5afa13f57d6ce0d1378ef3891307d608
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DF0E232A407169FEB71BBFD9406B4E77E06F1072CF114149E600A7AC0DBB89602CB56
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01352B23, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 221COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01352B2D
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01352BF2
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01352C13
                                                                                                                                                                                                                                  • Part of subcall function 01311568: _memmove.LIBCMT ref: 013115B9
                                                                                                                                                                                                                                  • Part of subcall function 0135BED6: __EH_prolog3_GS.LIBCMT ref: 0135BEDD
                                                                                                                                                                                                                                  • Part of subcall function 0135BED6: MultiByteToWideChar.KERNEL32(0135D1A8,00000000,?,00000000,00000000,00000000,00000028,0135D1A8,?), ref: 0135BF0C
                                                                                                                                                                                                                                  • Part of subcall function 0131A941: _memmove.LIBCMT ref: 0131A968
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove$H_prolog3__strlen$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID: offerid
                                                                                                                                                                                                                                • API String ID: 2512056922-2367701880
                                                                                                                                                                                                                                • Opcode ID: 2d66493bc1d86c47b33b8153972a9ef2cf43abc0ac3d6f977f861d75a0d35438
                                                                                                                                                                                                                                • Instruction ID: 423db00aced861fd571fe12745e3808167388bc6ecff761f61c8dd22c1295003
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d66493bc1d86c47b33b8153972a9ef2cf43abc0ac3d6f977f861d75a0d35438
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92815F71D0125AEEDF14EBA8CC90FEEBBB4BF14718F1441A9E519A7280DB705A84CB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135CD7A, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 133COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135CD84
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0136188B: _vswprintf_s.LIBCMT ref: 0136189A
                                                                                                                                                                                                                                  • Part of subcall function 01327646: __EH_prolog3.LIBCMT ref: 0132764D
                                                                                                                                                                                                                                  • Part of subcall function 01327646: _wcslen.LIBCMT ref: 01327679
                                                                                                                                                                                                                                  • Part of subcall function 01327646: _wcslen.LIBCMT ref: 01327697
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen$H_prolog3H_prolog3__vswprintf_s
                                                                                                                                                                                                                                • String ID: => $%%%2x$encode
                                                                                                                                                                                                                                • API String ID: 561373678-626136692
                                                                                                                                                                                                                                • Opcode ID: 2e3e283e16b846826eac386e7b18bf4e2e030e38142657fb122ab6a6b474ea8c
                                                                                                                                                                                                                                • Instruction ID: 2165e498dd1481c260a9ff027c082ab1513a3f9b7c834489f937c313187b7b22
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e3e283e16b846826eac386e7b18bf4e2e030e38142657fb122ab6a6b474ea8c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D415FB1D01219EEDB64EBA8D880FDEBBBCBF5560CF14409AE50DE7245DA305E84CB91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135C5A9, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135C5B0
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                  • Part of subcall function 0131D888: _strlen.LIBCMT ref: 0131D894
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 01311524: _memmove.LIBCMT ref: 01311544
                                                                                                                                                                                                                                  • Part of subcall function 0132618B: _wcslen.LIBCMT ref: 01326196
                                                                                                                                                                                                                                  • Part of subcall function 0131A941: _memmove.LIBCMT ref: 0131A968
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(?,?,?,?,00000001,00000000,00000000,?,00000001,013A11F0,?,0000006C,01318EC3,HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce,PIP,0072002D), ref: 0135C695
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000001,013A11F0,?,0000006C,01318EC3,HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce,PIP,0072002D,0064002D,0074002D,?), ref: 0135C6A3
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3__memmove_setlocale$_memset$CloseCurrentDeleteLocalProcessTimeValue__cftoe_strlen_wcslenswprintf
                                                                                                                                                                                                                                • String ID: DeleteRegister:
                                                                                                                                                                                                                                • API String ID: 1756513192-2144187180
                                                                                                                                                                                                                                • Opcode ID: 710b827ca5049d449ba1c953f2d6613e11a1a1ae47411c287e7733c274e7524b
                                                                                                                                                                                                                                • Instruction ID: af8fbfe107640e339dd02546d310e58c27bb74ee889380bef0583814606414c0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 710b827ca5049d449ba1c953f2d6613e11a1a1ae47411c287e7733c274e7524b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78317C71D00309DAEF24EBA9C944EEEFBB8EF55B0DF64102AD90467144D6716A44CFA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013201F2, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RedrawWindow.USER32 ref: 013202B9
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,?), ref: 01320319
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0135CD33: WritePrivateProfileStringA.KERNEL32(034B29C0,?,?,02B07BA8), ref: 0135CD6F
                                                                                                                                                                                                                                  • Part of subcall function 01311524: _memmove.LIBCMT ref: 01311544
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionPrivateProfileRaiseRedrawStringWindowWrite_memmove_strlen
                                                                                                                                                                                                                                • String ID: false$true
                                                                                                                                                                                                                                • API String ID: 2279222524-2658103896
                                                                                                                                                                                                                                • Opcode ID: d9274cb23ff78f7b5cac7c5ef891b98eb03f594db3f2513dcdb4413feb7eb8ef
                                                                                                                                                                                                                                • Instruction ID: 7edc4581a54d4c859635ed3ae0044ef5a54717b2463d489214721f9c720038ee
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d9274cb23ff78f7b5cac7c5ef891b98eb03f594db3f2513dcdb4413feb7eb8ef
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB31E5316002199FDB18EB6CC890FDCB7F2BF58718F0500A5F5057B2A1CB61B955CBA4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013279EA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                                                                • API String ID: 1771113911-2556327735
                                                                                                                                                                                                                                • Opcode ID: 8fc32ad4d26c50b645120e7644a6a16d4d738f9446eca07e913292e93cd521c4
                                                                                                                                                                                                                                • Instruction ID: 5a0bb2b31d49da11bf2875b4a6eb0f8f3ec19f38613dab7967d106d643c128ec
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fc32ad4d26c50b645120e7644a6a16d4d738f9446eca07e913292e93cd521c4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F21D1317102649BE634AEACDC84D1ABBFAFBA5B7C714091DE586C7740DB20EE04C7A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131F16D, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01326209: _wcslen.LIBCMT ref: 01326216
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 0131F221
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Failed to get GChrome HPR value. Win32 error code %d, xrefs: 0131F1F6
                                                                                                                                                                                                                                • Invalid argument, xrefs: 0131F19C
                                                                                                                                                                                                                                • Return buffer allocation NULL, xrefs: 0131F22D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString_wcslen
                                                                                                                                                                                                                                • String ID: Failed to get GChrome HPR value. Win32 error code %d$Invalid argument$Return buffer allocation NULL
                                                                                                                                                                                                                                • API String ID: 1837159753-1011807906
                                                                                                                                                                                                                                • Opcode ID: 6f77604746ee5e13855ecf3c3ac4710ec85526e0c1df821df54e492417b5aaf3
                                                                                                                                                                                                                                • Instruction ID: 818d541e1d7a0fc291a5cf3543b5becb9984bfda792a46430f04bae513c3d61b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f77604746ee5e13855ecf3c3ac4710ec85526e0c1df821df54e492417b5aaf3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68217C76A0021DABDB04EFA9C885CDDB7BCFF6D318B54002AE502B7244DA75A9098B60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131F08B, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01326209: _wcslen.LIBCMT ref: 01326216
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 0131F13F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Failed to get GChrome DS value. Win32 error code %d, xrefs: 0131F114
                                                                                                                                                                                                                                • Invalid argument, xrefs: 0131F0BA
                                                                                                                                                                                                                                • Return buffer allocation NULL, xrefs: 0131F14B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString_wcslen
                                                                                                                                                                                                                                • String ID: Failed to get GChrome DS value. Win32 error code %d$Invalid argument$Return buffer allocation NULL
                                                                                                                                                                                                                                • API String ID: 1837159753-878758417
                                                                                                                                                                                                                                • Opcode ID: bdd0bb67c213886591d7718ee5209df9d3fe87523cb5c995d38f105f9a0808b7
                                                                                                                                                                                                                                • Instruction ID: 7e90e241a11f62db8c6e8be8338287c0d6d5fd5e5f2d36ad7e7db2e7a099b574
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bdd0bb67c213886591d7718ee5209df9d3fe87523cb5c995d38f105f9a0808b7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE216D72A002199BCB04EFA9C884CDDB7BCFF1D318B50002AE501B7244DA75AD09CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131ED04, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01326209: _wcslen.LIBCMT ref: 01326216
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 0131EDB8
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Failed to get IE default Search provider. Win32 error code %d, xrefs: 0131ED8D
                                                                                                                                                                                                                                • Invalid argument, xrefs: 0131ED33
                                                                                                                                                                                                                                • Return buffer allocation NULL, xrefs: 0131EDC4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString_wcslen
                                                                                                                                                                                                                                • String ID: Failed to get IE default Search provider. Win32 error code %d$Invalid argument$Return buffer allocation NULL
                                                                                                                                                                                                                                • API String ID: 1837159753-3531589439
                                                                                                                                                                                                                                • Opcode ID: b395e92d4bd31d2ead9e35cfdb60b5556670c1ee85211ea7bb02bc20bfacc1fe
                                                                                                                                                                                                                                • Instruction ID: b3b82a0471d6fc1777abbad3a72324ff36dfc1a3abb648756301ae447244ae57
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b395e92d4bd31d2ead9e35cfdb60b5556670c1ee85211ea7bb02bc20bfacc1fe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D217F76A0021D9FCB05EFA9C8858DDB7B8FF68318B95043AE502B7140DA35A9058B60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131EB3A, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01326209: _wcslen.LIBCMT ref: 01326216
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 0131EBF0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Invalid argument, xrefs: 0131EB6A
                                                                                                                                                                                                                                • Return buffer allocation NULL, xrefs: 0131EBFF
                                                                                                                                                                                                                                • Failed to get IE version. Win32 error code %d, xrefs: 0131EBC5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString_wcslen
                                                                                                                                                                                                                                • String ID: Failed to get IE version. Win32 error code %d$Invalid argument$Return buffer allocation NULL
                                                                                                                                                                                                                                • API String ID: 1837159753-2934273037
                                                                                                                                                                                                                                • Opcode ID: b3a5cc449b1725abd9b24bef519cf3a821bbb382cdbe4a0cb81cf4a5b7848d5e
                                                                                                                                                                                                                                • Instruction ID: aebb4b58747de26014fb2bd08c7bbd98ed9a2111b9baf3a991362781f0b13e5f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3a5cc449b1725abd9b24bef519cf3a821bbb382cdbe4a0cb81cf4a5b7848d5e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA21A332A0021DDBCF05EB99CC84DDDB7B8FF99319F504029E902B7244DA76AA05CB70
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131EDE6, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01326209: _wcslen.LIBCMT ref: 01326216
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 0131EE9C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Failed to get IE Hpr value. Win32 error code %d, xrefs: 0131EE71
                                                                                                                                                                                                                                • Invalid argument, xrefs: 0131EE16
                                                                                                                                                                                                                                • Return buffer allocation NULL, xrefs: 0131EEAB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString_wcslen
                                                                                                                                                                                                                                • String ID: Failed to get IE Hpr value. Win32 error code %d$Invalid argument$Return buffer allocation NULL
                                                                                                                                                                                                                                • API String ID: 1837159753-2766416306
                                                                                                                                                                                                                                • Opcode ID: dff550ae8f6802bbf60a34b938c84a7573d6c9d1f428d6b990096bd079baf949
                                                                                                                                                                                                                                • Instruction ID: b2dd4236b51889dce10a049dcaad42cf86a40cc5c5e9f84d42aa518e6213ab32
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dff550ae8f6802bbf60a34b938c84a7573d6c9d1f428d6b990096bd079baf949
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4521913290021DDBCF15EBA9C884DEDB7B8FF58718F500029D905B7244D636A905CB70
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131EC1F, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01326209: _wcslen.LIBCMT ref: 01326216
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 0131ECD5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Failed to get Firefox version. Win32 error code %d, xrefs: 0131ECAA
                                                                                                                                                                                                                                • Invalid argument, xrefs: 0131EC4F
                                                                                                                                                                                                                                • Return buffer allocation NULL, xrefs: 0131ECE4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString_wcslen
                                                                                                                                                                                                                                • String ID: Failed to get Firefox version. Win32 error code %d$Invalid argument$Return buffer allocation NULL
                                                                                                                                                                                                                                • API String ID: 1837159753-3307631268
                                                                                                                                                                                                                                • Opcode ID: 3f5cbe4ae285ae92757a612a0ef5b35d7d5afda261a07661d33625e6dabd125c
                                                                                                                                                                                                                                • Instruction ID: 0a46352c2ffbd16e216f8d3f60f9a185fdfeb3abf7f2446146ae2d84ca8a8d67
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f5cbe4ae285ae92757a612a0ef5b35d7d5afda261a07661d33625e6dabd125c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE219F7290021D9BCF15EBA9CD84DDDF7B9FF98719F50002AE901B7244DA36AA09CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131EFAB, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01326209: _wcslen.LIBCMT ref: 01326216
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 0131F05D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Failed to get FF Hpr value. Win32 error code %d, xrefs: 0131F032
                                                                                                                                                                                                                                • Invalid argument, xrefs: 0131EFDA
                                                                                                                                                                                                                                • Return buffer allocation NULL, xrefs: 0131F069
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString_wcslen
                                                                                                                                                                                                                                • String ID: Failed to get FF Hpr value. Win32 error code %d$Invalid argument$Return buffer allocation NULL
                                                                                                                                                                                                                                • API String ID: 1837159753-3441801346
                                                                                                                                                                                                                                • Opcode ID: 87ba3e38db1f69d07c023334684623a498173741693d964ed80a3ecf08b5c205
                                                                                                                                                                                                                                • Instruction ID: dcd5e6acb6814b30409c80cfb2dfcd87e5ffc84b88a734e42d3a98b67bc6b3ba
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87ba3e38db1f69d07c023334684623a498173741693d964ed80a3ecf08b5c205
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78219072A0021D9BDF14EFA9C884DEDB7B9FF6C31CB51002AE502B7144DA75AD09CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131EECB, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01326209: _wcslen.LIBCMT ref: 01326216
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 0131EF7D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Failed to get FF DS value. Win32 error code %d, xrefs: 0131EF52
                                                                                                                                                                                                                                • Invalid argument, xrefs: 0131EEFA
                                                                                                                                                                                                                                • Return buffer allocation NULL, xrefs: 0131EF89
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString_wcslen
                                                                                                                                                                                                                                • String ID: Failed to get FF DS value. Win32 error code %d$Invalid argument$Return buffer allocation NULL
                                                                                                                                                                                                                                • API String ID: 1837159753-1594522754
                                                                                                                                                                                                                                • Opcode ID: 0651a5bf6d3f895d48bace07126abee4a70daab0b1a0154ed6cdc7d4979467fc
                                                                                                                                                                                                                                • Instruction ID: 1f7eacd2c12f6cc7e0290cfd9d176e57fc93305f82eed194a2f88f75c31444bd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0651a5bf6d3f895d48bace07126abee4a70daab0b1a0154ed6cdc7d4979467fc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2121A172A0021D9BCB05EF98C884CDDF7B9FF6C319B51002AE902B7144D676A909CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131DE63, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                                                                • API String ID: 1771113911-2556327735
                                                                                                                                                                                                                                • Opcode ID: b8dae24724e66b95c2f9ce203268134bc5306a70a3340eb1df726981ddc75499
                                                                                                                                                                                                                                • Instruction ID: c01bca0994545ceaef18e7159c2176c32df386c75236a7c5b6fea725555e6ba6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8dae24724e66b95c2f9ce203268134bc5306a70a3340eb1df726981ddc75499
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C321EB31300604DBD63C9E9CD88C91AFBFAEF136197440918F58ACB689DB61A944C7A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01353CAD, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Reply from %s: bytes=%d time=%.0fms TTL=%d icmp_seq=%u, xrefs: 01353D12
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CountTick_wprintfinet_ntoa
                                                                                                                                                                                                                                • String ID: Reply from %s: bytes=%d time=%.0fms TTL=%d icmp_seq=%u
                                                                                                                                                                                                                                • API String ID: 628893565-1845108348
                                                                                                                                                                                                                                • Opcode ID: ca1afac3d93262301f6d3334e2e88c7522d1b4f990fc9090c286006454e46c35
                                                                                                                                                                                                                                • Instruction ID: e3da7fc661c5a2e1d10eb254992cd4c8337e178936e42a0f91b700a11974bf60
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca1afac3d93262301f6d3334e2e88c7522d1b4f990fc9090c286006454e46c35
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1012FB2914125BFCB129FA9C948DBABBF8FB09304F008560FC88CA042D371AA10C7B0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132332E, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01323335
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: __EH_prolog3_GS.LIBCMT ref: 0135CB34
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: _wcslen.LIBCMT ref: 0135CC26
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: RegCloseKey.ADVAPI32(00000000,?,?,?,013A0D00), ref: 0135CC68
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3__wcslen$Close_memmove
                                                                                                                                                                                                                                • String ID: CurrentVersion$HKEY_LOCAL_MACHINE$SOFTWARE\Mozilla\Mozilla Firefox
                                                                                                                                                                                                                                • API String ID: 4252202261-2812246979
                                                                                                                                                                                                                                • Opcode ID: 135e3d7d3cfe3e23bc3d767d82f3c7af9242bcfda520a0e01aeb60d1af9d9e50
                                                                                                                                                                                                                                • Instruction ID: c42fe34b8a5c946210c3a76552e8dc61afcb644a1d389f6ffe035900d9e8e1a1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 135e3d7d3cfe3e23bc3d767d82f3c7af9242bcfda520a0e01aeb60d1af9d9e50
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37014F71941359AADB18EBE8C961FEEBF74EF34709F904008E40577284DBA41B09C7A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013232AE, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 013232B5
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: __EH_prolog3_GS.LIBCMT ref: 0135CB34
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: _wcslen.LIBCMT ref: 0135CC26
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: RegCloseKey.ADVAPI32(00000000,?,?,?,013A0D00), ref: 0135CC68
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3__wcslen$Close_memmove
                                                                                                                                                                                                                                • String ID: HKEY_LOCAL_MACHINE$SOFTWARE\Microsoft\Internet Explorer$Version
                                                                                                                                                                                                                                • API String ID: 4252202261-2675485649
                                                                                                                                                                                                                                • Opcode ID: db86a1f89a88e64fc4daf81f4aafb89d3dbdc9913dcd2d7b2ac7a1f70752e159
                                                                                                                                                                                                                                • Instruction ID: 0f26c92a1b83765f9b2d808d7ed677882d2373420dc37710addd37296d5702e2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db86a1f89a88e64fc4daf81f4aafb89d3dbdc9913dcd2d7b2ac7a1f70752e159
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7014F71941359AADB18EBE9C961FEEBF74EF34709F904008E40577284DBA41B08C7A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132342E, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01323435
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: __EH_prolog3_GS.LIBCMT ref: 0135CB34
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: _wcslen.LIBCMT ref: 0135CC26
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: RegCloseKey.ADVAPI32(00000000,?,?,?,013A0D00), ref: 0135CC68
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3__wcslen$Close_memmove
                                                                                                                                                                                                                                • String ID: HKEY_CURRENT_USER$SOFTWARE\Microsoft\Internet Explorer\Main$Start Page
                                                                                                                                                                                                                                • API String ID: 4252202261-449987324
                                                                                                                                                                                                                                • Opcode ID: 5ab0df19a09f79ebe89792747c03ee5b2d5bd791da5b4a43946eb14385cb5ebb
                                                                                                                                                                                                                                • Instruction ID: ad915a02d04d9ee3979225fe720c1f0e86840f3975bd48ee011a650b827b55f3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ab0df19a09f79ebe89792747c03ee5b2d5bd791da5b4a43946eb14385cb5ebb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1014F75901359AADB18E7E8C961FEEBF74EF34709F904008E40577284DBA45B49C7A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01311D42, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 01311D51
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 01311D61
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                • String ID: Advapi32.dll$RegDeleteKeyTransactedW
                                                                                                                                                                                                                                • API String ID: 1646373207-2168864297
                                                                                                                                                                                                                                • Opcode ID: 3392b7ccd40c2c69fcc881e60feec02efb4b7e7c1e33710105fccb7781f3e6f1
                                                                                                                                                                                                                                • Instruction ID: eca0e717df8b5d3c9a8fc6c066ecd3639db526c547a6920b1c4329e1202208ea
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3392b7ccd40c2c69fcc881e60feec02efb4b7e7c1e33710105fccb7781f3e6f1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60F06532100984FBD7352EAADC08D77BF6DFBC2B1ABD44529F295D0028D27345A1DB21
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013478AD, Relevance: 6.3, APIs: 5, Instructions: 68stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,-00000008,73FB4880,00001234,00001234,?,01345C80,?,-00000008), ref: 013478C9
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(-00000008,00000000,00000000,00000001,?,00000001,?,01345C80,?,-00000008), ref: 013478F4
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,01345C80,?,-00000008), ref: 013478FF
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(-00000008,00000000,00000000,?,00000000,00000000,?,01345C80,?,-00000008), ref: 01347918
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(-00000008,00000000,00000000,?,?,?,?,01345C80,?,-00000008), ref: 01347939
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3322701435-0
                                                                                                                                                                                                                                • Opcode ID: 43e78b3bc26ccfbc7d40d27bd9024638187784d671b6fcf4c64802d00886214c
                                                                                                                                                                                                                                • Instruction ID: 3fe8f0e1d497532038447d072fb32f596a2b50fd8753198f71c8a6cdd02c2b50
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43e78b3bc26ccfbc7d40d27bd9024638187784d671b6fcf4c64802d00886214c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA114936500229BFDF215FA9CC40FAE7BA9EF04768F119554FD05AA260C731AE509BA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01378451, Relevance: 6.1, APIs: 4, Instructions: 130COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2782032738-0
                                                                                                                                                                                                                                • Opcode ID: 1c814b3efd2d3c8f555b01db5c469c381c652ed82ee297ea78f5a017ec6483a1
                                                                                                                                                                                                                                • Instruction ID: 5b12275eafdf9f14c4663b2072bb2467be68d66e5e8ac66144a38bbcfa5f6c14
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c814b3efd2d3c8f555b01db5c469c381c652ed82ee297ea78f5a017ec6483a1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E41C431A00709DFDB349FADC84C6AEBBB5AF80338F2885ADD515A7644D778D941CB40
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01316F5A, Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ClientRect$AcceleratorCreateParentTable
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2716292469-0
                                                                                                                                                                                                                                • Opcode ID: 53d05294f8257ae1c08cd34cf26edd1e8a049a3b244a865515a4c550e36c5c0d
                                                                                                                                                                                                                                • Instruction ID: 34c65b059096ff8363da3a88c1be3c6ec7c23f9128e44dce43727ce795e4746a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53d05294f8257ae1c08cd34cf26edd1e8a049a3b244a865515a4c550e36c5c0d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1418E75600705EFDB15CFA8C884AAABBF5FF49318F148429FA09CB214E731E995CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01328FCC, Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01362D4A: EnterCriticalSection.KERNEL32(013C1738,?,00000000,?,01328FE2,00000000,?,?,?,?,?,01328F7C,?,-00000010,?,76D26490), ref: 01362D57
                                                                                                                                                                                                                                  • Part of subcall function 01362D4A: LeaveCriticalSection.KERNEL32(013C1738,?,01328FE2,00000000,?,?,?,?,?,01328F7C,?,-00000010,?,76D26490), ref: 01362D73
                                                                                                                                                                                                                                • FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,?,?,?,?,?,01328F7C,?,-00000010,?,76D26490), ref: 01328FFE
                                                                                                                                                                                                                                • FindResourceW.KERNEL32(00000000,?,00000006,00000000,?,?,?,?,?,01328F7C,?,-00000010,?,76D26490), ref: 0132904A
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01329080
                                                                                                                                                                                                                                • _wmemcpy_s.LIBCMT ref: 0132908B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalFindResourceSection$EnterLeave_wcslen_wmemcpy_s
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3957542536-0
                                                                                                                                                                                                                                • Opcode ID: a1f206595fbe776377fa8d6e9d848bcafbd909672b1f780d097ac779aee74632
                                                                                                                                                                                                                                • Instruction ID: d470cdbbcc6e860bcf69504b667325831c3643b9bcd0f033a50ea1e3f452e9a4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1f206595fbe776377fa8d6e9d848bcafbd909672b1f780d097ac779aee74632
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F212532600239ABEB21AA2C9880F3F33ECEF856ACF108059F915DB241DA39DC019360
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01317972, Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$CallItemMessageProcSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3375755978-0
                                                                                                                                                                                                                                • Opcode ID: 182ed7effe794c68af39d17b80ad1092434fe7df42fe7ba80cf6dce97a318385
                                                                                                                                                                                                                                • Instruction ID: e0e38e90332814d6f3f7b9ec2131985d224847b739cb3196474d529fdf9411e8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 182ed7effe794c68af39d17b80ad1092434fe7df42fe7ba80cf6dce97a318385
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62317432500205EBFB3D4F98C8C8B797BBAEB05349F1C9015E95686659C332EA90CB91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01385DF9, Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 01385E2D
                                                                                                                                                                                                                                • __isleadbyte_l.LIBCMT ref: 01385E60
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,00000001,00000000,?,00000000,?,?,?,?,00000001,?), ref: 01385E91
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000080,00000009,00000001,00000001,?,00000000,?,?,?,?,00000001,?), ref: 01385EFF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3058430110-0
                                                                                                                                                                                                                                • Opcode ID: e09152bdbf01a6abbc591b1efe86633c495621746b13a8eb88c953e6696e4a24
                                                                                                                                                                                                                                • Instruction ID: 382577ac9a20b8e2a49e32d2998ace815e73079140b2f5120f11d806e2a1140c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e09152bdbf01a6abbc591b1efe86633c495621746b13a8eb88c953e6696e4a24
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B531CE31A10346EFEB21EF68CC809FE3BA5AF01218F1585A9F5698B1D5D330EA40DB51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132999E, Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • AlphaBlend.MSIMG32(?,?,?,?,?,?,00000000,00000000,?,?,01FF0000), ref: 013299EF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AlphaBlend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1400541316-0
                                                                                                                                                                                                                                • Opcode ID: 0864950f080095c9916644cae5a01ad69c6e5604793d0dcaba87834a2baf3727
                                                                                                                                                                                                                                • Instruction ID: 96f0c608bb1666150074083c8d62bd9cc0189cfb92066c51395d27091a368816
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0864950f080095c9916644cae5a01ad69c6e5604793d0dcaba87834a2baf3727
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07215C72100229FFDF229F95CC84DAF7FBAEF49368F004518FA5681060D236DA61EB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013206D4, Relevance: 6.1, APIs: 4, Instructions: 54stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 013206F8
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00000000), ref: 01320716
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00000000), ref: 01320723
                                                                                                                                                                                                                                • lstrcpynW.KERNEL32(?,00000000,00000001), ref: 0132072C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$_memsetlstrcpyn
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 940696854-0
                                                                                                                                                                                                                                • Opcode ID: 4a24be335eef66de4b31300ddc8507d745d42efe811a7f56f06f4151de0a2d15
                                                                                                                                                                                                                                • Instruction ID: d6843a82734876d191369fc82ba357e6db2eaa77942b8a198df125e92a5e2611
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a24be335eef66de4b31300ddc8507d745d42efe811a7f56f06f4151de0a2d15
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2118C7190025CAFEB21EFACC885BDE7BB8AF15308F100019F505AB181D7749A49CB91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131DDB6, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0131DDBD
                                                                                                                                                                                                                                  • Part of subcall function 013753A6: _malloc.LIBCMT ref: 013753C0
                                                                                                                                                                                                                                • std::_Locinfo::_Locinfo.LIBCPMT ref: 0131DDFA
                                                                                                                                                                                                                                • numpunct.LIBCPMT ref: 0131DE1A
                                                                                                                                                                                                                                • std::_Locinfo::~_Locinfo.LIBCPMT ref: 0131DE32
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Locinfostd::_$H_prolog3Locinfo::_Locinfo::~__mallocnumpunct
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 12629399-0
                                                                                                                                                                                                                                • Opcode ID: b21dcfea82056ebd03570891b7bbf1fc5f1ea856bbca6fb1058aa36a86b1ca7b
                                                                                                                                                                                                                                • Instruction ID: 796c325f145602bc4de80a55f99b2621d6b20a839415c9ab68b2380d1c5a03ff
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b21dcfea82056ebd03570891b7bbf1fc5f1ea856bbca6fb1058aa36a86b1ca7b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 161104309002169BEF2CDFD8D454BBD77B0AF2571DF00511DE9096B184CBB05A04CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01317365, Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 0131738E
                                                                                                                                                                                                                                • BitBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00CC0020), ref: 013173B5
                                                                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 013173BC
                                                                                                                                                                                                                                • ReleaseDC.USER32 ref: 013173C9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ClientDeleteRectRelease
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2015589292-0
                                                                                                                                                                                                                                • Opcode ID: 976dd45a68728445fd84ca4b340c424a5977f66731c5ab30df880490394bb0ed
                                                                                                                                                                                                                                • Instruction ID: 8d195cd72b31621c8d264780dfb9db56f8188b0f1a1939f3439a61fc97b6e12a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 976dd45a68728445fd84ca4b340c424a5977f66731c5ab30df880490394bb0ed
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90012532600208EFDB21DFA8CD48FAEBBB9FF48314F604419E901A2254C771B905CB64
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01362D4A, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(013C1738,?,00000000,?,01328FE2,00000000,?,?,?,?,?,01328F7C,?,-00000010,?,76D26490), ref: 01362D57
                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(013C1738,?,01328FE2,00000000,?,?,?,?,?,01328F7C,?,-00000010,?,76D26490), ref: 01362D73
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,01328FE2,00000000,?,?,?,?,?,01328F7C,?,-00000010), ref: 01362D92
                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(013C1738,?,01328FE2,00000000,?,?,?,?,?,01328F7C,?,-00000010,?,76D26490), ref: 01362D99
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalSection$Leave$EnterExceptionRaise
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 799838862-0
                                                                                                                                                                                                                                • Opcode ID: 396d258e55a0467cbc6b6a9a54fb96dd75ef9f6058322385fb061ce4430a0a49
                                                                                                                                                                                                                                • Instruction ID: b39f2828547d1fc4685af90c98b2b01300e57fb09a53a2d4423eeda641a443b5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 396d258e55a0467cbc6b6a9a54fb96dd75ef9f6058322385fb061ce4430a0a49
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52F0BB36300601A7D7314A55DC48F6B77BCEB98B69F028419FA16D7944C775F8018791
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01311DB3, Relevance: 6.0, APIs: 4, Instructions: 24threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 01311DBE
                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(013C1788,?,01315163,00000000,00000000,AXWIN Frame Window,00CF0000,00000000,00000000,?), ref: 01311DCD
                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(013C1788,?,01315163,00000000,00000000,AXWIN Frame Window,00CF0000,00000000,00000000,?), ref: 01311DE2
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C0000005,00000001,00000000,00000000,01347E3B,00000000,?,?,01315163,00000000,00000000,AXWIN Frame Window,00CF0000,00000000,00000000,?), ref: 01311DF5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalSection$CurrentEnterExceptionLeaveRaiseThread
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2662421713-0
                                                                                                                                                                                                                                • Opcode ID: 036bc07f4289de173cf54819a08319b19b2d7b26ae4ecafa63d85450f43a01e4
                                                                                                                                                                                                                                • Instruction ID: c375859d87b9a4f63abc2c7f75ed65742b90f5d016fbe76a8cf1c21fe70a9408
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 036bc07f4289de173cf54819a08319b19b2d7b26ae4ecafa63d85450f43a01e4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BE09A30901301EFEB305F78A848B56BBECFB64B02F80990EFA45E3248C7B1D0008B00
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134032A, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 01340331
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,00000018,01320484,?), ref: 01340501
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentExceptionH_prolog3H_prolog3_LocalProcessRaiseTime_memset_strlenswprintf
                                                                                                                                                                                                                                • String ID: GetOfferUIControl()...
                                                                                                                                                                                                                                • API String ID: 2467488664-3969660796
                                                                                                                                                                                                                                • Opcode ID: af8c134c444f89cbc7d22c071a506ce1b8d0c5cb9344e59c48fc2d44ea158f71
                                                                                                                                                                                                                                • Instruction ID: 4c9ae0ab2cd11aa62c2b743d6c6d4aa0d4ddd59dbcdfa01a5b7c204c128be54e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af8c134c444f89cbc7d22c071a506ce1b8d0c5cb9344e59c48fc2d44ea158f71
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A516A31A0020ACFDB59CF58C5C0AEEB7F5FB58308F5580A9EA05AB242DB30B9458F90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01327116, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Xinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                                                                • API String ID: 256744135-2556327735
                                                                                                                                                                                                                                • Opcode ID: 53e6b7d5404f931d9164e24d28f4ec5075898a748793656435729ca1e2924445
                                                                                                                                                                                                                                • Instruction ID: 890114e5e0b31f70de2c9626176b156ab918d89e9f74fded69342cf2ca121ad6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53e6b7d5404f931d9164e24d28f4ec5075898a748793656435729ca1e2924445
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E11C4313002249BEB34BE6D9C40D6ABBFAFF62618B24051DF9428B240CB71B804C795
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131A995, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0131A9AF
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 01363236
                                                                                                                                                                                                                                  • Part of subcall function 01363221: __CxxThrowException@8.LIBCMT ref: 0136324B
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 0136325C
                                                                                                                                                                                                                                  • Part of subcall function 0131B8E0: std::_Xinvalid_argument.LIBCPMT ref: 0131B8F4
                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0131AA0A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • invalid string position, xrefs: 0131A9AA
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                                                                                                                                                                • String ID: invalid string position
                                                                                                                                                                                                                                • API String ID: 3404309857-1799206989
                                                                                                                                                                                                                                • Opcode ID: 274e0e9873ef4dc99ec15cc1b7c7a77142d893532c163a1c7a4c073cd6d5a36f
                                                                                                                                                                                                                                • Instruction ID: a1d9753adf02c4aaab600fa358dd4f4619c9bcae5a26a3aaeb76d5d4ae404695
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 274e0e9873ef4dc99ec15cc1b7c7a77142d893532c163a1c7a4c073cd6d5a36f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0311083231529DDBCB289E5CCC8096ABBBAFB4472EB01051AE94147249E730E9A4C7A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131B74B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Xinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                                                                • API String ID: 256744135-2556327735
                                                                                                                                                                                                                                • Opcode ID: 33c3860a31b7c0ffc0b7de5bf514c4a7a6429cc0f44c4d50175cb79084163a3b
                                                                                                                                                                                                                                • Instruction ID: a8be73274be328af7d7224e5f2ef061423ac4db4ab1dbe222d5e887579194397
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33c3860a31b7c0ffc0b7de5bf514c4a7a6429cc0f44c4d50175cb79084163a3b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF11E731300704DBCA38AF6CDD40929F7F9EF55B587080A2DE542CBA5CDB60A505C795
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131E62C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 0131E633
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0131E64A
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: std::exception::exception.LIBCMT ref: 013631E9
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: __CxxThrowException@8.LIBCMT ref: 013631FE
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: std::exception::exception.LIBCMT ref: 0136320F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::exception::exception$Exception@8H_prolog3_catchThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: vector<T> too long
                                                                                                                                                                                                                                • API String ID: 1877048013-3788999226
                                                                                                                                                                                                                                • Opcode ID: 6050c96cd816d02c330ca631d122b701923f1c43686ced39c42742e9e78039c8
                                                                                                                                                                                                                                • Instruction ID: 6d3302e2631ef495b8f0d04790994925c24e7e8fa4d8b10ff58f4ef4fffed303
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6050c96cd816d02c330ca631d122b701923f1c43686ced39c42742e9e78039c8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0119076A002078BDB2DDF9CC981A6DBBB1AFA4314F60043DE985A7244CA32E940CB55
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013286A1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60sleepfilenetworkCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0135E083: GetSystemTimeAsFileTime.KERNEL32(00000000,?,0134C916,013182B3), ref: 0135E09C
                                                                                                                                                                                                                                  • Part of subcall function 0135E083: __aulldiv.LIBCMT ref: 0135E0B1
                                                                                                                                                                                                                                • Sleep.KERNEL32(000001F4), ref: 013286CC
                                                                                                                                                                                                                                • URLDownloadToFileW.URLMON(00000000,?,?,00000000,013BF044), ref: 013286DD
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileTime$DownloadSleepSystem__aulldiv
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1708702394-3916222277
                                                                                                                                                                                                                                • Opcode ID: 3e779bd22d8f8393e72801fba977bb0e33fd0b73243b92e91630a3cf1eef8b69
                                                                                                                                                                                                                                • Instruction ID: b26f2e28d8b79180616c3ff67c08593018b48708524fd768182b23b9d71e2967
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e779bd22d8f8393e72801fba977bb0e33fd0b73243b92e91630a3cf1eef8b69
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D011083624032B6BEB317EBD9D44B677AD8BF0476CF0402B9FE4585292EBB1D820C651
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131B861, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0131B877
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 01363236
                                                                                                                                                                                                                                  • Part of subcall function 01363221: __CxxThrowException@8.LIBCMT ref: 0136324B
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 0136325C
                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0131B8B5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • invalid string position, xrefs: 0131B872
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                • String ID: invalid string position
                                                                                                                                                                                                                                • API String ID: 1785806476-1799206989
                                                                                                                                                                                                                                • Opcode ID: 6ebea19fe8d51032cb6abd82ea9a7aa24e56170b4428b5a1b7e216b791abef79
                                                                                                                                                                                                                                • Instruction ID: f981ba1ed840dbb608737f3fc57c5a50c0ad1dc0485264a9b6e109f556a67f1b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ebea19fe8d51032cb6abd82ea9a7aa24e56170b4428b5a1b7e216b791abef79
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D201A5327142599FC729CE6CDC8085AFBBAEBC4B583244929D941C760DDA70E8458794
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131184E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 01311864
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 01363236
                                                                                                                                                                                                                                  • Part of subcall function 01363221: __CxxThrowException@8.LIBCMT ref: 0136324B
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 0136325C
                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0131189D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • invalid string position, xrefs: 0131185F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                • String ID: invalid string position
                                                                                                                                                                                                                                • API String ID: 1785806476-1799206989
                                                                                                                                                                                                                                • Opcode ID: 423c42d59d49e5459f1df0b6574dfb24635b53c2f73c815535ab712a1023d80a
                                                                                                                                                                                                                                • Instruction ID: 036de499cee9630fbd2cf989c6ec8338d8cadfa2db5fea83824613554421a8c9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 423c42d59d49e5459f1df0b6574dfb24635b53c2f73c815535ab712a1023d80a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1601B5317102158BD32C8D7CDC808ABBBAAEB81618724CA3CDA9187749DB70EC4587E4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01357C06, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45synchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(000006B0,00000000,?,?,?,01356020,0133AD5F), ref: 01357C23
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentH_prolog3_LocalObjectProcessSingleTimeWait_memset_strlenswprintf
                                                                                                                                                                                                                                • String ID: CanPublish returning false$CanPublish returning true
                                                                                                                                                                                                                                • API String ID: 240135894-1009002006
                                                                                                                                                                                                                                • Opcode ID: 1eda68f7d2a8716b439c555aa9384a51891de9dd5ef3b3ef1a4b4deed7e5e901
                                                                                                                                                                                                                                • Instruction ID: 8cf4c1074c362da3e4cca4a269995be4dd82016c9846378d11a34d6a4f6743ae
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1eda68f7d2a8716b439c555aa9384a51891de9dd5ef3b3ef1a4b4deed7e5e901
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F801F9D1A083805FEF30BF7D6895C677F8CB50299CF88015DED9557649EE02AC0497EA
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01346C57, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 01346C6A
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: std::exception::exception.LIBCMT ref: 013631E9
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: __CxxThrowException@8.LIBCMT ref: 013631FE
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: std::exception::exception.LIBCMT ref: 0136320F
                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 01346C91
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.1672311090.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672294745.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672565657.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672638913.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.1672670498.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                • String ID: vector<T> too long
                                                                                                                                                                                                                                • API String ID: 1785806476-3788999226
                                                                                                                                                                                                                                • Opcode ID: cc4c124fd873fff2f9a700bf5f14601dbe69bde67def081d3ee5015deaafa690
                                                                                                                                                                                                                                • Instruction ID: a363ef7e4e7e7a60d97ac830fb90ecde9d9d0823d9c49db2f0df868f4f71178b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc4c124fd873fff2f9a700bf5f14601dbe69bde67def081d3ee5015deaafa690
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C501867160020A9FCB24DFBDDDC186AB7E9EF552187144A2DE5A6C3741DB34F840CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Analysis Process: AskInstaller.exe PID: 6904 Parent PID: 6772 AskInstaller.exeCOMMON

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:7.8%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                Total number of Nodes:1547
                                                                                                                                                                                                                                Total number of Limit Nodes:42

                                                                                                                                                                                                                                Graph

                                                                                                                                                                                                                                execution_graph 25393 1316531 70 API calls 25395 131eb3a 117 API calls 3 library calls 25396 1386f33 70 API calls 6 library calls 25480 132983e 6 API calls Mailbox 25481 1317220 SetCapture ReleaseCapture 25110 134b822 25135 137c242 25110->25135 25112 134b82e InternetOpenW 25113 134b846 25112->25113 25122 134b870 _wcslen 25112->25122 25114 134b911 25113->25114 25115 134b852 25113->25115 25117 137c2c5 Mailbox 5 API calls 25114->25117 25118 1319638 numpunct 77 API calls 25115->25118 25116 134b8a1 InternetConnectW 25116->25114 25123 134b8cd 25116->25123 25119 134b916 25117->25119 25121 134b864 25118->25121 25136 134ba76 147 API calls 6 library calls 25121->25136 25122->25116 25125 131b7e3 numpunct 77 API calls 25122->25125 25123->25114 25127 134b8d5 GetLastError 25123->25127 25126 134b88b _wcslen 25125->25126 25131 131b7e3 numpunct 77 API calls 25126->25131 25137 135bfb1 118 API calls 3 library calls 25127->25137 25128 134b86b Mailbox 25128->25114 25130 134b8e5 25138 131d888 77 API calls _strlen 25130->25138 25131->25116 25133 134b8fc 25139 134ba76 147 API calls 6 library calls 25133->25139 25135->25112 25136->25128 25137->25130 25138->25133 25139->25128 25140 1324a24 25141 1324a33 __EH_prolog3_GS 25140->25141 25142 1324a6b 25141->25142 25143 1324a4c 25141->25143 25145 1319b30 numpunct 77 API calls 25142->25145 25144 1319638 numpunct 77 API calls 25143->25144 25146 1324a61 25144->25146 25147 1324a79 GetVersion 25145->25147 25252 134ba76 147 API calls 6 library calls 25146->25252 25148 1324a8a 25147->25148 25213 1324b8d numpunct 25147->25213 25150 1319b30 numpunct 77 API calls 25148->25150 25151 1324a9a 25150->25151 25153 1319b30 numpunct 77 API calls 25151->25153 25152 1319b30 numpunct 77 API calls 25154 1324bdd 25152->25154 25155 1324aae 25153->25155 25156 1319b30 numpunct 77 API calls 25154->25156 25158 1319b30 numpunct 77 API calls 25155->25158 25159 1324bf1 25156->25159 25157 1324ccf _wcslen 25162 1324cfa numpunct 25157->25162 25163 1324ceb 25157->25163 25160 1324abf 25158->25160 25161 1319b30 numpunct 77 API calls 25159->25161 25217 135cb2a 25160->25217 25166 1324c05 25161->25166 25256 1324909 115 API calls 2 library calls 25162->25256 25167 1319c49 77 API calls 25163->25167 25168 135cb2a 84 API calls 25166->25168 25167->25162 25172 1324c23 numpunct 25168->25172 25169 1324d23 _wcslen 25171 1324d7e 25169->25171 25184 1324dce _wcslen 25169->25184 25170 1324add numpunct 25174 1324b48 25170->25174 25175 1324b29 25170->25175 25173 131a995 numpunct 77 API calls 25171->25173 25178 1324c6c 25172->25178 25179 1324cad 25172->25179 25176 1324d9d 25173->25176 25174->25213 25233 131d937 77 API calls 3 library calls 25174->25233 25177 1319638 numpunct 77 API calls 25175->25177 25257 1327772 77 API calls _wcslen 25176->25257 25181 1324b3e 25177->25181 25183 135be26 117 API calls 25178->25183 25180 1327839 67 API calls 25179->25180 25185 1324cb6 25180->25185 25253 134ba76 147 API calls 6 library calls 25181->25253 25189 1324c78 25183->25189 25190 1324dea 25184->25190 25201 1324e18 _wcslen 25184->25201 25185->25157 25191 1324cba 25185->25191 25188 1324b65 25234 132761b 77 API calls _wcslen 25188->25234 25254 131d888 77 API calls _strlen 25189->25254 25194 131a995 numpunct 77 API calls 25190->25194 25195 1319b30 numpunct 77 API calls 25191->25195 25194->25176 25205 1324cca numpunct 25195->25205 25196 1324b7c 25235 135c990 25196->25235 25197 1324c93 25255 134ba76 147 API calls 6 library calls 25197->25255 25200 1324ca0 Mailbox 25200->25179 25203 1324e34 25201->25203 25204 1324e65 25201->25204 25202 1324db5 numpunct 25202->25205 25206 131a995 numpunct 77 API calls 25203->25206 25208 1324ea1 Mailbox 25204->25208 25211 135be26 117 API calls 25204->25211 25207 137c2c5 Mailbox 5 API calls 25205->25207 25206->25176 25210 1324ede 25207->25210 25209 1319b30 numpunct 77 API calls 25208->25209 25209->25202 25212 1324e79 25211->25212 25258 131d888 77 API calls _strlen 25212->25258 25213->25152 25213->25157 25215 1324e94 25259 134ba76 147 API calls 6 library calls 25215->25259 25218 135cb39 __EH_prolog3_GS 25217->25218 25219 1319b30 numpunct 77 API calls 25218->25219 25220 135cb7f 25219->25220 25223 135cc70 numpunct 25220->25223 25260 135c6cb 25220->25260 25224 137c2c5 Mailbox 5 API calls 25223->25224 25225 135cc9c 25224->25225 25225->25170 25229 135cc3b 25229->25223 25230 135cc62 RegCloseKey 25229->25230 25230->25223 25231 135cc1d _wcslen 25231->25229 25232 131b7e3 numpunct 77 API calls 25231->25232 25232->25229 25233->25188 25234->25196 25236 135c99f __EH_prolog3_GS 25235->25236 25237 135c9c7 25236->25237 25238 135c9b6 25236->25238 25240 1319c49 77 API calls 25237->25240 25239 1319b30 numpunct 77 API calls 25238->25239 25251 135c9c0 numpunct 25239->25251 25243 135ca1c numpunct 25240->25243 25241 137c2c5 Mailbox 5 API calls 25242 135cb29 25241->25242 25242->25213 25244 1319c49 77 API calls 25243->25244 25245 135ca51 numpunct 25244->25245 25246 1319c49 77 API calls 25245->25246 25247 135ca85 numpunct 25246->25247 25248 1319c49 77 API calls 25247->25248 25249 135caba numpunct 25248->25249 25250 135cb2a 84 API calls 25249->25250 25250->25251 25251->25241 25252->25142 25253->25174 25254->25197 25255->25200 25256->25169 25257->25202 25258->25215 25259->25208 25261 135c6d7 __EH_prolog3_GS 25260->25261 25262 1319c49 77 API calls 25261->25262 25263 135c6f5 25262->25263 25264 1327839 67 API calls 25263->25264 25265 135c705 25264->25265 25266 1327839 67 API calls 25265->25266 25285 135c78f numpunct 25265->25285 25267 135c717 25266->25267 25268 1327839 67 API calls 25267->25268 25267->25285 25271 135c729 25268->25271 25269 137c2c5 Mailbox 5 API calls 25270 135c7d3 25269->25270 25270->25223 25286 1312452 25270->25286 25272 1327839 67 API calls 25271->25272 25271->25285 25273 135c73b 25272->25273 25274 1327839 67 API calls 25273->25274 25273->25285 25275 135c749 25274->25275 25276 1327839 67 API calls 25275->25276 25275->25285 25277 135c757 25276->25277 25278 1327839 67 API calls 25277->25278 25277->25285 25279 135c765 25278->25279 25280 1327839 67 API calls 25279->25280 25279->25285 25281 135c773 25280->25281 25282 1327839 67 API calls 25281->25282 25281->25285 25283 135c781 25282->25283 25284 1327839 67 API calls 25283->25284 25283->25285 25284->25285 25285->25269 25287 1312477 RegOpenKeyExW 25286->25287 25288 131246a 25286->25288 25289 1312485 25287->25289 25296 1311c74 GetModuleHandleW GetProcAddress RegOpenKeyExW 25288->25296 25293 1312490 25289->25293 25297 13123e4 RegCloseKey 25289->25297 25291 1312475 25291->25289 25293->25229 25294 13291b1 RegQueryValueExW 25293->25294 25295 13291dc 25294->25295 25295->25231 25296->25291 25297->25293 25399 134c922 78 API calls 25400 1326925 99 API calls _setvbuf 25483 132ae28 390 API calls Mailbox 25401 132972d GetProcessHeap HeapFree InterlockedPushEntrySList Mailbox 25402 1328513 OutputDebugStringW GetSystemTimeAsFileTime 25403 137bd14 5 API calls ___security_init_cookie 25404 1316f16 OleLockRunning 25486 131481a LCMapStringW __Towlower 25406 1340918 369 API calls 25408 132a91f 90 API calls 4 library calls 25487 131741c CallWindowProcW 25489 131681f 87 API calls 25490 135601b 150 API calls 25492 132461d 151 API calls 3 library calls 25411 134c903 GetSystemTimeAsFileTime 25412 138330f 102 API calls 10 library calls 25413 1315109 132 API calls 25298 135c50c 25299 135c518 __EH_prolog3_GS 25298->25299 25300 135c6cb 77 API calls 25299->25300 25301 135c542 25300->25301 25302 135c546 numpunct 25301->25302 25303 1319c49 77 API calls 25301->25303 25304 137c2c5 Mailbox 5 API calls 25302->25304 25306 135c576 numpunct 25303->25306 25305 135c55b 25304->25305 25308 135c7d4 25306->25308 25309 135c7e3 __EH_prolog3_GS 25308->25309 25310 135c80b 25309->25310 25316 135c8a8 25309->25316 25311 135be26 117 API calls 25310->25311 25313 135c814 25311->25313 25312 135c984 25314 137c2c5 Mailbox 5 API calls 25312->25314 25315 135be26 117 API calls 25313->25315 25317 135c98f 25314->25317 25318 135c825 25315->25318 25316->25312 25321 13123fb 5 API calls 25316->25321 25317->25302 25339 131d888 77 API calls _strlen 25318->25339 25320 135c839 25340 1347f01 77 API calls _strlen 25320->25340 25325 135c8f3 25321->25325 25323 135c84f 25341 1347fce 77 API calls 25323->25341 25328 13123fb 5 API calls 25325->25328 25326 135c867 25342 134ba76 147 API calls 6 library calls 25326->25342 25329 135c947 25328->25329 25331 135c95e 25329->25331 25336 13124a4 25329->25336 25330 135c871 Mailbox 25330->25316 25333 135c974 25331->25333 25334 135c96c RegCloseKey 25331->25334 25333->25312 25335 135c97c RegCloseKey 25333->25335 25334->25333 25335->25312 25337 13124b2 lstrlenW RegSetValueExW 25336->25337 25338 13124ad 25336->25338 25337->25338 25338->25331 25339->25320 25340->25323 25341->25326 25342->25330 25414 1319d08 88 API calls 25415 1333f08 155 API calls 4 library calls 25416 1315f0f 133 API calls 2 library calls 25494 131d473 78 API calls 25417 1326571 68 API calls 25418 1328375 LocalFree Mailbox 25419 133a97a 149 API calls 2 library calls 25497 1325478 84 API calls 4 library calls 25498 1337a7d 148 API calls 3 library calls 25420 135cd7a 152 API calls 3 library calls 25100 131d061 25106 1311dfc EnterCriticalSection 25100->25106 25102 131d0a1 25103 131d06a 25103->25102 25104 1314f3a 15 API calls 25103->25104 25105 131d088 SetWindowLongW 25104->25105 25105->25102 25107 1311e42 LeaveCriticalSection 25106->25107 25108 1311e17 GetCurrentThreadId 25106->25108 25107->25103 25109 1311e1f 25108->25109 25109->25107 25422 1317365 9 API calls __strtod_l 25423 1316d66 SysFreeString SysFreeString SysAllocString RaiseException 25500 131c46a SysFreeString GetProcessHeap HeapFree InterlockedPushEntrySList Mailbox 25426 133756e 161 API calls 5 library calls 25427 131b155 125 API calls 3 library calls 24756 1329659 24757 132966f 24756->24757 24770 1329695 24756->24770 24758 132967e 24757->24758 24759 132969c 24757->24759 24833 134a2f3 216 API calls 3 library calls 24758->24833 24760 13296a2 EndDialog 24759->24760 24761 13296b5 24759->24761 24760->24770 24763 132968c 24761->24763 24764 13296e3 24761->24764 24765 13296c8 24761->24765 24763->24770 24834 134495f 83 API calls 24763->24834 24764->24763 24768 13296f7 24764->24768 24765->24763 24767 13296d2 EndDialog 24765->24767 24767->24770 24771 1349dd0 24768->24771 24772 1349ddf __EH_prolog3_GS 24771->24772 24773 1349e42 SuspendThread 24772->24773 24774 1349e49 24772->24774 24773->24774 24775 1319b30 numpunct 77 API calls 24774->24775 24776 1349e61 24775->24776 24777 131fd87 67 API calls 24776->24777 24778 1349e76 24777->24778 24779 1349eb1 24778->24779 24780 1349e7b 24778->24780 24781 1319b30 numpunct 77 API calls 24779->24781 24782 1319b30 numpunct 77 API calls 24780->24782 24785 1349ead numpunct 24781->24785 24783 1349e87 24782->24783 24784 131fd37 78 API calls 24783->24784 24784->24785 24786 1349fa6 24785->24786 24787 134a101 24785->24787 24788 1319b30 numpunct 77 API calls 24786->24788 24789 1327839 67 API calls 24787->24789 24790 1349fb7 24788->24790 24791 134a111 24789->24791 24792 131fd87 67 API calls 24790->24792 24793 134a115 GetActiveWindow 24791->24793 24826 134a0ff numpunct 24791->24826 24794 1349fcc 24792->24794 24795 1311db3 4 API calls 24793->24795 24798 134a017 24794->24798 24799 1349fd1 24794->24799 24800 134a12e 24795->24800 24796 134a17a 24802 134a18f ResumeThread 24796->24802 24814 134a2b5 numpunct 24796->24814 24797 134a19b 24803 134a2a4 24797->24803 24804 134a1a4 GetTempPathW 24797->24804 24801 1319b30 numpunct 77 API calls 24798->24801 24805 1319b30 numpunct 77 API calls 24799->24805 24835 131d656 24800->24835 24820 134a000 numpunct 24801->24820 24802->24814 24808 134a2ae ResumeThread 24803->24808 24803->24814 24807 1319b30 numpunct 77 API calls 24804->24807 24809 1349fdd 24805->24809 24811 134a1d6 24807->24811 24808->24814 24812 131fd37 78 API calls 24809->24812 24853 1319c49 24811->24853 24812->24820 24813 134a15c SetLastError 24813->24826 24815 134a2eb 24814->24815 24857 1362c58 GetProcessHeap HeapFree InterlockedPushEntrySList Mailbox 24814->24857 24817 137c2c5 Mailbox 5 API calls 24815->24817 24819 134a2f2 24817->24819 24819->24770 24822 134a0af LoadStringW 24820->24822 24821 134a1fc numpunct 24825 1319b30 numpunct 77 API calls 24821->24825 24823 134a0de MessageBoxW 24822->24823 24824 134a0d8 24822->24824 24823->24826 24824->24823 24827 134a22b 24825->24827 24826->24796 24826->24797 24828 1319b08 77 API calls 24827->24828 24829 134a242 24828->24829 24856 135c298 87 API calls 5 library calls 24829->24856 24831 134a24b SendMessageW Sleep EndDialog 24832 134a28a numpunct 24831->24832 24832->24814 24833->24763 24834->24770 24858 131800e EnterCriticalSection RegisterWindowMessageW RegisterWindowMessageW GetClassInfoExW 24835->24858 24837 131d663 FindResourceW 24838 131d680 FindResourceW 24837->24838 24839 131d713 24837->24839 24840 131d6a2 LoadResource 24838->24840 24841 131d69b LoadResource LockResource 24838->24841 24839->24813 24839->24826 24842 131d6b0 LockResource 24840->24842 24843 131d6fb GetLastError 24840->24843 24841->24840 24842->24843 24844 131d6b9 24842->24844 24845 131d704 24843->24845 24869 1314c30 24844->24869 24845->24839 24847 131d70a SetLastError 24845->24847 24847->24839 24849 131d6d9 24850 131d6de GetLastError 24849->24850 24851 131d6e7 24849->24851 24850->24851 24851->24845 24852 131d6eb GlobalHandle GlobalFree 24851->24852 24852->24845 24854 131a995 numpunct 77 API calls 24853->24854 24855 1319c71 24854->24855 24855->24821 24856->24831 24857->24815 24859 1318067 LoadCursorW RegisterClassExW 24858->24859 24860 13180dd _memset 24858->24860 24861 1318188 24859->24861 24862 13180cf 24859->24862 24863 13180ec GetClassInfoExW 24860->24863 24864 1318196 LeaveCriticalSection 24861->24864 24878 131950f 72 API calls __recalloc 24862->24878 24863->24864 24866 1318116 LoadCursorW RegisterClassExW 24863->24866 24864->24837 24866->24861 24867 131817a 24866->24867 24879 131950f 72 API calls __recalloc 24867->24879 24871 1314c42 24869->24871 24870 1314cbb DialogBoxIndirectParamW 24870->24849 24870->24850 24871->24870 24872 1314cc2 GlobalAlloc 24871->24872 24880 1311b94 68 API calls _memcpy_s 24872->24880 24875 1314cdd 24877 1314d7c 24875->24877 24881 1311000 SysFreeString RaiseException __CxxThrowException@8 24875->24881 24882 1311b94 68 API calls _memcpy_s 24875->24882 24877->24870 24878->24860 24879->24861 24880->24875 24881->24875 24882->24875 25430 1316f5a 81 API calls 25432 132975c GdipCloneImage GdipAlloc 25504 132a643 5 API calls 2 library calls 25434 131ff46 DeleteObject GetProcessHeap HeapFree InterlockedPushEntrySList Mailbox 25435 1317f48 91 API calls 25436 131234a RaiseException DeleteCriticalSection Mailbox 25438 1316db0 SysAllocString 25507 132a4b5 218 API calls 25508 1322cba 79 API calls 3 library calls 25442 1388fb1 86 API calls 4 library calls 25443 13267bb 111 API calls 2 library calls 24706 13188bb 24707 13188da __ftelli64_nolock 24706->24707 24720 1353ad8 WSAStartup 24707->24720 24710 1318934 24749 135bfb1 118 API calls 3 library calls 24710->24749 24711 1318999 numpunct 24715 13748c1 __strtod_l 5 API calls 24711->24715 24713 1318957 24750 131d888 77 API calls _strlen 24713->24750 24717 13189c8 24715->24717 24716 1318974 24751 134ba76 147 API calls 6 library calls 24716->24751 24719 1318981 Mailbox 24719->24711 24721 1353b3e getprotobyname 24720->24721 24724 1353b1a _wcslen 24720->24724 24722 1353b54 socket 24721->24722 24721->24724 24723 1353b74 setsockopt 24722->24723 24722->24724 24725 1353b95 WSAGetLastError 24723->24725 24726 1353bb2 setsockopt 24723->24726 24727 131b7e3 numpunct 77 API calls 24724->24727 24728 1353ba6 __stbuf 24725->24728 24729 1353bcd WSAGetLastError 24726->24729 24740 1353be7 _memset 24726->24740 24730 1353b33 WSAGetLastError 24727->24730 24752 1379ebb 104 API calls 6 library calls 24728->24752 24731 1353bde __stbuf 24729->24731 24732 1353c6d 24730->24732 24753 1379ebb 104 API calls 6 library calls 24731->24753 24738 13748c1 __strtod_l 5 API calls 24732->24738 24733 1353bfa gethostbyname 24736 1353c15 _memmove 24733->24736 24737 1353c3f inet_addr 24733->24737 24745 1353c2b gethostbyaddr 24736->24745 24742 1353c54 _wcslen 24737->24742 24743 1353c72 GetCurrentProcessId 24737->24743 24741 131892c 24738->24741 24739 1353baf 24739->24726 24740->24733 24741->24710 24741->24711 24747 131b7e3 numpunct 77 API calls 24742->24747 24744 1353c7d 24743->24744 24744->24732 24754 1353d2c GetTickCount sendto 24744->24754 24755 1353d9c 108 API calls 24744->24755 24745->24732 24747->24732 24749->24713 24750->24716 24751->24719 24752->24739 24753->24740 24754->24744 24755->24744 25509 13890b3 89 API calls 7 library calls 25444 13145be 109 API calls __Wcrtomb 25510 13386a2 453 API calls 4 library calls 25446 13297a0 GdipDisposeImage GdipFree 25449 131b5a5 5 API calls Mailbox 25450 1311fa4 161 API calls 2 library calls 25511 131a6a4 DeleteCriticalSection EnterCriticalSection LeaveCriticalSection Mailbox 25343 131d0a8 25344 131d0c8 25343->25344 25352 132a369 25344->25352 25346 131d114 GetWindowLongW CallWindowProcW 25348 131d161 25346->25348 25349 131d146 GetWindowLongW 25346->25349 25347 131d0fc CallWindowProcW 25347->25348 25349->25348 25350 131d153 SetWindowLongW 25349->25350 25350->25348 25353 132a395 25352->25353 25358 132a37c 25352->25358 25354 132a39b 25353->25354 25355 132a3ae 25353->25355 25372 1320e3d 109 API calls 3 library calls 25354->25372 25356 132a3cc 25355->25356 25355->25358 25361 131d0ee 25356->25361 25362 1321082 25356->25362 25358->25361 25373 132111a 162 API calls 3 library calls 25358->25373 25361->25346 25361->25347 25361->25348 25363 13210a0 25362->25363 25371 1321104 25362->25371 25365 1320dec CreateWindowExW 25363->25365 25364 13748c1 __strtod_l 5 API calls 25366 1321118 25364->25366 25367 13210d6 25365->25367 25366->25361 25368 1314f3a 15 API calls 25367->25368 25367->25371 25369 13210f0 25368->25369 25370 13210f4 SetWindowLongW 25369->25370 25369->25371 25370->25371 25371->25364 25372->25361 25373->25361 25451 1315da8 39 API calls Mailbox 25512 132a6a8 67 API calls 3 library calls 25390 13823a5 25391 137c60c __malloc_crt 66 API calls 25390->25391 25392 13823ba 25391->25392 25453 1326baf 116 API calls Mailbox 25454 13153ae 40 API calls Mailbox 25513 1312894 68 API calls Mailbox 24656 135cc9d UuidCreate 24657 135ccc2 UuidToStringW 24656->24657 24661 135cce8 24656->24661 24658 135ccd4 24657->24658 24657->24661 24664 1319b90 77 API calls 2 library calls 24658->24664 24660 135ccdd RpcStringFreeW 24660->24661 24662 13748c1 __strtod_l 5 API calls 24661->24662 24663 135cd31 24662->24663 24664->24660 25458 132699a 114 API calls Mailbox 25459 132a59a 7 API calls 25460 135d59c 161 API calls 4 library calls 25514 131649a 10 API calls __strtod_l 24883 137919b 24886 1379045 24883->24886 24885 13791ac 24887 1379051 _fprintf 24886->24887 24888 1382372 __lock 61 API calls 24887->24888 24889 1379058 24888->24889 24891 1379083 RtlDecodePointer 24889->24891 24895 1379102 24889->24895 24893 137909a DecodePointer 24891->24893 24891->24895 24900 13790ad 24893->24900 24894 137917f _fprintf 24894->24885 24907 1379170 24895->24907 24898 1379167 24899 1378f2d __mtinitlocknum 3 API calls 24898->24899 24901 1379170 24898->24901 24899->24901 24900->24895 24904 13790c4 DecodePointer 24900->24904 24906 13790d3 DecodePointer DecodePointer 24900->24906 24912 1381227 RtlEncodePointer 24900->24912 24902 137917d 24901->24902 24914 1382299 LeaveCriticalSection 24901->24914 24902->24885 24913 1381227 RtlEncodePointer 24904->24913 24906->24900 24908 1379176 24907->24908 24910 1379150 24907->24910 24915 1382299 LeaveCriticalSection 24908->24915 24910->24894 24911 1382299 LeaveCriticalSection 24910->24911 24911->24898 24912->24900 24913->24900 24914->24902 24915->24910 25515 1317280 14 API calls __strtod_l 25461 1314783 GetStringTypeW __Getwctype 25516 1311a86 66 API calls std::exception::exception 25463 131d389 SysFreeString RaiseException 25517 131f08b 158 API calls 3 library calls 25518 131668b 75 API calls 25374 1389284 25375 13813d7 __getptd 66 API calls 25374->25375 25376 13892a0 _LcidFromHexString 25375->25376 25377 13892ad GetLocaleInfoA 25376->25377 25378 13892d8 25377->25378 25382 13892d2 25377->25382 25387 138af25 85 API calls 2 library calls 25378->25387 25380 13748c1 __strtod_l 5 API calls 25381 1389340 25380->25381 25382->25380 25383 13892e3 25383->25382 25386 13892e9 25383->25386 25388 138af25 85 API calls 2 library calls 25383->25388 25386->25382 25389 1389058 GetLocaleInfoW _GetPrimaryLen _strlen 25386->25389 25387->25383 25388->25386 25389->25382 25519 1316a8d 17 API calls __strtod_l 25520 1316e8f GetDC ReleaseDC 25521 13926fc 5 API calls __strtod_l 25523 1314af6 EnterCriticalSection LeaveCriticalSection std::ios_base::_Ios_base_dtor Mailbox 25465 13173fc InvalidateRgn 25466 13173e1 InvalidateRect 25468 131fde4 221 API calls 25469 13113e7 77 API calls 2 library calls 25471 137efe0 6 API calls 3 library calls 25473 13453ee 78 API calls numpunct 25474 133f7ee 29 API calls __strtod_l 25528 1311ed5 CoCreateInstance 23591 132b1d7 23592 132b31a 23591->23592 23610 132b21d 23591->23610 23628 132b388 numpunct 23592->23628 23932 1319b08 23592->23932 23595 132b3b0 RaiseException 23599 132b3cf __EH_prolog3_GS 23595->23599 23596 132b393 23938 13748c1 23596->23938 23597 132b32f _wcslen 23935 131b74b 77 API calls 3 library calls 23597->23935 23603 132b3e3 23599->23603 23604 132b449 23599->23604 23601 132b3ac 23602 132b2b1 GetFileAttributesW 23602->23610 23946 1319638 23603->23946 23686 13570b1 23604->23686 23606 132b34f _wcslen 23936 131b74b 77 API calls 3 library calls 23606->23936 23609 132b2da RemoveDirectoryW 23609->23610 23610->23592 23610->23595 23610->23602 23610->23609 23612 132b301 DeleteFileW 23610->23612 23613 132b23d Mailbox 23610->23613 23612->23610 23613->23610 23914 135be26 23613->23914 23930 131d888 77 API calls _strlen 23613->23930 23931 134ba76 147 API calls 6 library calls 23613->23931 23620 132b404 23622 135be26 117 API calls 23620->23622 23626 132b412 23622->23626 23624 132b367 RemoveDirectoryW 23624->23628 23951 131d888 77 API calls _strlen 23626->23951 23937 1345350 66 API calls 2 library calls 23628->23937 23630 132b4c0 23635 132b55d GetDlgItem 23630->23635 23636 132b4cd SetTimer 23630->23636 23631 132b479 23953 135bfb1 118 API calls 3 library calls 23631->23953 23632 132b42d 23952 134ba76 147 API calls 6 library calls 23632->23952 23724 13446cb 23635->23724 23636->23635 23640 132b4f2 23636->23640 23637 132b488 23954 131d888 77 API calls _strlen 23637->23954 23638 132b437 Mailbox 23638->23604 23956 135bfb1 118 API calls 3 library calls 23640->23956 23643 132b574 _wcslen 23732 131b7e3 23643->23732 23644 132b504 23957 131d888 77 API calls _strlen 23644->23957 23645 132b4a6 23955 134ba76 147 API calls 6 library calls 23645->23955 23649 132b51a 23958 1347f01 77 API calls _strlen 23649->23958 23650 132b4b0 Mailbox 23650->23630 23651 132b590 GetDlgItem 23653 13446cb 36 API calls 23651->23653 23655 132b5a4 GetDlgItem 23653->23655 23654 132b534 23959 134ba76 147 API calls 6 library calls 23654->23959 23657 13446cb 36 API calls 23655->23657 23658 132b5b8 GetDlgItem GetDlgItem GetDlgItem GetDlgItem SendMessageW 23657->23658 23659 131f26e 18 API calls 23658->23659 23660 132b60f 23659->23660 23739 1330720 23660->23739 23661 132b53e Mailbox 23661->23635 23667 132b707 numpunct 23670 132b724 PostMessageW 23667->23670 23672 132b738 23667->23672 23668 132b647 numpunct 23668->23667 23669 1319b30 numpunct 77 API calls 23668->23669 23671 132b67a 23669->23671 23670->23672 23900 131fd37 23671->23900 23961 137c2c5 23672->23961 23677 1319b30 numpunct 77 API calls 23678 132b6a2 numpunct 23677->23678 23910 1327839 23678->23910 23681 132b6cf ShowWindow 23681->23667 23682 132b6e8 23681->23682 23683 1319638 numpunct 77 API calls 23682->23683 23684 132b6fd 23683->23684 23960 134ba76 147 API calls 6 library calls 23684->23960 23964 131a995 23686->23964 23688 13570cb CreateThread 23689 132b458 23688->23689 23690 13570fa 23688->23690 24084 1357125 23688->24084 23695 1345b51 FindResourceW 23689->23695 23690->23689 23691 1357102 23690->23691 23692 1319638 numpunct 77 API calls 23691->23692 23693 1357114 23692->23693 23975 134ba76 147 API calls 6 library calls 23693->23975 23696 1345b97 LoadResource 23695->23696 23697 1345cd6 23695->23697 23696->23697 23699 1345ba7 LockResource 23696->23699 23698 13748c1 __strtod_l 5 API calls 23697->23698 23700 132b460 23698->23700 23699->23697 23701 1345bb8 23699->23701 23707 131f26e GetWindowLongW 23700->23707 23701->23697 23705 1345c9d SendDlgItemMessageW 23701->23705 23706 1375111 66 API calls _free 23701->23706 24089 13478ad 78 API calls 23701->24089 24090 13478ad 78 API calls 23701->24090 23704 1345c05 SendDlgItemMessageW 23704->23701 23705->23701 23706->23701 23708 131f2a4 GetParent 23707->23708 23709 131f2aa GetWindow 23707->23709 23710 131f2b4 GetWindowRect 23708->23710 23709->23710 23711 131f2cd 23710->23711 23712 131f34f GetParent GetClientRect GetClientRect MapWindowPoints 23710->23712 23713 131f2d3 GetWindowLongW 23711->23713 23714 131f2e1 MonitorFromWindow 23711->23714 23719 131f334 SetWindowPos 23712->23719 23713->23714 23716 131f307 23714->23716 23717 131f30e GetMonitorInfoW 23714->23717 23720 13748c1 __strtod_l 5 API calls 23716->23720 23717->23716 23718 131f324 23717->23718 23718->23719 23721 131f340 GetWindowRect 23718->23721 23719->23716 23723 131f401 23720->23723 23721->23719 23723->23630 23723->23631 23725 13446d8 23724->23725 24091 1314f3a 23725->24091 23728 13446e4 23728->23643 23729 13446e8 SetWindowLongW 23729->23728 23730 13446f8 23729->23730 24097 1345d86 GetWindowLongW 23730->24097 23733 131b7f3 numpunct 23732->23733 23734 131b815 23733->23734 23735 131b7f7 23733->23735 23736 131b8e0 numpunct 77 API calls 23734->23736 23737 131a995 numpunct 77 API calls 23735->23737 23738 131b813 _memmove 23736->23738 23737->23738 23738->23651 23740 133072f __EH_prolog3_GS 23739->23740 23741 133074f 23740->23741 23742 133076e GetWindowLongW SetWindowLongW 23740->23742 23743 1319638 numpunct 77 API calls 23741->23743 23744 133079d SetLayeredWindowAttributes 23742->23744 23786 133135b numpunct 23742->23786 23745 1330764 23743->23745 23746 1319b30 numpunct 77 API calls 23744->23746 24208 134ba76 147 API calls 6 library calls 23745->24208 23748 13307c8 23746->23748 23749 131fd87 67 API calls 23748->23749 23750 13307de 23749->23750 23751 1319b30 numpunct 77 API calls 23750->23751 23757 1330834 Mailbox numpunct 23750->23757 23753 13307ef 23751->23753 23752 13315d9 SetWindowPos 23754 1331603 SetWindowPos SetWindowPos 23752->23754 23752->23786 23755 131fd37 78 API calls 23753->23755 23754->23786 23756 1330815 23755->23756 23759 135be26 117 API calls 23756->23759 23761 1319b30 numpunct 77 API calls 23757->23761 23758 13116f0 77 API calls 23758->23786 23759->23757 23762 13308cf 23761->23762 23763 131fd87 67 API calls 23762->23763 23764 13308e8 23763->23764 23765 1319b30 numpunct 77 API calls 23764->23765 23770 1330938 Mailbox numpunct 23764->23770 23767 13308f9 23765->23767 23768 131fd37 78 API calls 23767->23768 23769 133091c 23768->23769 23772 135be26 117 API calls 23769->23772 23773 1319b30 numpunct 77 API calls 23770->23773 23771 1331372 RaiseException 23771->23786 23772->23770 23776 13309d0 23773->23776 23774 1331806 23775 13116f0 77 API calls 23774->23775 23778 133181d 23775->23778 23779 131fd87 67 API calls 23776->23779 23777 1319b30 numpunct 77 API calls 23777->23786 23781 1331842 23778->23781 23782 1331834 23778->23782 23783 13309e9 23779->23783 23780 1319c49 77 API calls 23780->23786 23785 1319638 numpunct 77 API calls 23781->23785 23784 13116f0 77 API calls 23782->23784 23788 1319b30 numpunct 77 API calls 23783->23788 23797 1330a3c Mailbox numpunct 23783->23797 23787 1331840 23784->23787 23785->23787 23786->23752 23786->23754 23786->23758 23786->23771 23786->23774 23786->23777 23786->23780 23793 1331730 23786->23793 23798 1331782 23786->23798 23800 133143e SetWindowTextW 23786->23800 23830 13314f6 EnableWindow 23786->23830 23836 133156f EnableWindow 23786->23836 24131 1311716 23786->24131 24142 13318df 23786->24142 24188 135bed6 23786->24188 24200 1347f2c 23786->24200 24221 1333172 147 API calls 5 library calls 23787->24221 23789 13309fa 23788->23789 23791 131fd37 78 API calls 23789->23791 23792 1330a1d 23791->23792 23794 135be26 117 API calls 23792->23794 23796 133174d 23793->23796 24215 132996f DeleteObject 23793->24215 23794->23797 23795 1331865 RedrawWindow KiUserCallbackDispatcher 23821 1331898 numpunct 23795->23821 24216 1329abe 100 API calls 2 library calls 23796->24216 23801 1319b30 numpunct 77 API calls 23797->23801 24217 13116f0 23798->24217 23800->23786 23805 1330af2 23801->23805 23809 131fd87 67 API calls 23805->23809 23806 13317b0 23811 13116f0 77 API calls 23806->23811 23807 13317be 23812 1319638 numpunct 77 API calls 23807->23812 23810 1330b0b 23809->23810 23814 1319b30 numpunct 77 API calls 23810->23814 23823 1330b61 Mailbox numpunct 23810->23823 23813 13317bc 23811->23813 23812->23813 24220 1333172 147 API calls 5 library calls 23813->24220 23817 1330b1c 23814->23817 23816 133176e Mailbox numpunct 23816->23795 23818 131fd37 78 API calls 23817->23818 23820 1330b42 23818->23820 23822 135be26 117 API calls 23820->23822 23824 137c2c5 Mailbox 5 API calls 23821->23824 23822->23823 23825 1319b30 numpunct 77 API calls 23823->23825 23826 132b61d 23824->23826 23827 1330c20 23825->23827 23892 1319b30 23826->23892 23828 131fd87 67 API calls 23827->23828 23829 1330c39 23828->23829 23831 1319b30 numpunct 77 API calls 23829->23831 23838 1330c8f Mailbox numpunct 23829->23838 23830->23786 23832 1331518 ShowWindow 23830->23832 23833 1330c4a 23831->23833 23832->23786 23834 131fd37 78 API calls 23833->23834 23835 1330c70 23834->23835 23837 135be26 117 API calls 23835->23837 23836->23786 23839 133158d ShowWindow 23836->23839 23837->23838 23840 1319b30 numpunct 77 API calls 23838->23840 23839->23786 23841 1330d4e 23840->23841 23842 131fd87 67 API calls 23841->23842 23843 1330d67 23842->23843 23844 1319b30 numpunct 77 API calls 23843->23844 23848 1330dbd Mailbox numpunct 23843->23848 23845 1330d78 23844->23845 23846 131fd37 78 API calls 23845->23846 23847 1330d9e 23846->23847 23849 135be26 117 API calls 23847->23849 23850 1330e69 GetWindowRect MoveWindow MoveWindow 23848->23850 23849->23848 23851 1319b30 numpunct 77 API calls 23850->23851 23852 1330f08 23851->23852 23853 131fd87 67 API calls 23852->23853 23854 1330f1b 23853->23854 23855 1330f20 23854->23855 23856 1330f6b 23854->23856 23857 1319b30 numpunct 77 API calls 23855->23857 23858 1319b30 numpunct 77 API calls 23856->23858 23859 1330f30 23857->23859 23861 1330f56 numpunct 23858->23861 23860 131fd37 78 API calls 23859->23860 23860->23861 23862 1331032 SetWindowTextW 23861->23862 23863 1319b30 numpunct 77 API calls 23862->23863 23864 133104f 23863->23864 23865 131fd87 67 API calls 23864->23865 23866 1331065 23865->23866 23867 13310b5 23866->23867 23868 133106a 23866->23868 23870 1319b30 numpunct 77 API calls 23867->23870 23869 1319b30 numpunct 77 API calls 23868->23869 23871 133107a 23869->23871 23873 13310a0 numpunct 23870->23873 23872 131fd37 78 API calls 23871->23872 23872->23873 23874 133117c 12 API calls 23873->23874 23875 133129a 23874->23875 23876 133122a 23874->23876 23877 13312aa 23875->23877 24209 1375111 23875->24209 23876->23786 23876->23875 23882 133124d IsWindow 23876->23882 23879 13312d4 LoadStringW 23877->23879 23880 1375111 _free 66 API calls 23877->23880 23881 1319b30 numpunct 77 API calls 23879->23881 23883 13312cd 23880->23883 23884 133130a 23881->23884 23882->23876 23888 1331259 23882->23888 23883->23879 23885 131fd87 67 API calls 23884->23885 23886 1331320 23885->23886 23886->23786 23889 1319b30 numpunct 77 API calls 23886->23889 23887 1331277 DestroyWindow 23887->23876 23887->23888 23888->23876 23888->23887 23890 1331335 23889->23890 23891 131fd37 78 API calls 23890->23891 23891->23786 23893 1319b4e _wcslen 23892->23893 23894 131b7e3 numpunct 77 API calls 23893->23894 23895 1319b5a 23894->23895 23896 131fd87 23895->23896 23897 131fdd6 23896->23897 23898 131fd9b 23896->23898 23897->23668 23898->23897 24323 131aa30 23898->24323 23901 131fd87 67 API calls 23900->23901 23902 131fd45 23901->23902 23903 131fd5b 23902->23903 23904 131fd4a 23902->23904 23906 131fd75 RaiseException 23903->23906 23908 131fd64 23903->23908 23905 1319b30 numpunct 77 API calls 23904->23905 23907 131fd54 23905->23907 23907->23677 23909 1319b08 77 API calls 23908->23909 23909->23907 23911 1327846 _wcslen 23910->23911 23912 131aa30 67 API calls 23911->23912 23913 1327858 23912->23913 23913->23667 23913->23681 23915 135be32 __EH_prolog3_GS 23914->23915 24328 137ba0a 23915->24328 23917 135be46 23918 1319638 numpunct 77 API calls 23917->23918 23919 135be51 23918->23919 23920 137ba0a _setlocale 101 API calls 23919->23920 23921 135be5f _memset numpunct 23920->23921 24364 137abd7 23921->24364 23924 1319638 numpunct 77 API calls 23925 135bea6 numpunct 23924->23925 23926 137ba0a _setlocale 101 API calls 23925->23926 23927 135bec0 Mailbox 23926->23927 23928 137c2c5 Mailbox 5 API calls 23927->23928 23929 135bed5 23928->23929 23929->23613 23930->23613 23931->23613 23933 131a995 numpunct 77 API calls 23932->23933 23934 1319b29 23933->23934 23934->23597 23935->23606 23936->23624 23937->23596 23939 13748cb IsDebuggerPresent 23938->23939 23940 13748c9 23938->23940 24655 138af6c 23939->24655 23940->23601 23943 137ec91 SetUnhandledExceptionFilter UnhandledExceptionFilter 23944 137ecb6 GetCurrentProcess TerminateProcess 23943->23944 23945 137ecae __call_reportfault 23943->23945 23944->23601 23945->23944 23947 1319654 _strlen 23946->23947 23948 1311568 numpunct 77 API calls 23947->23948 23949 1319660 23948->23949 23950 134ba76 147 API calls 6 library calls 23949->23950 23950->23620 23951->23632 23952->23638 23953->23637 23954->23645 23955->23650 23956->23644 23957->23649 23958->23654 23959->23661 23960->23667 23962 13748c1 __strtod_l 5 API calls 23961->23962 23963 132b740 23962->23963 23965 131a9aa 23964->23965 23967 131a9b4 23964->23967 23976 1363221 67 API calls 2 library calls 23965->23976 23968 131a9c2 23967->23968 23969 131a9da 23967->23969 23977 131b861 67 API calls 2 library calls 23968->23977 23979 131b8e0 23969->23979 23972 131a9cc 23978 131b861 67 API calls 2 library calls 23972->23978 23974 131a9d8 _memmove 23974->23688 23975->23689 23976->23967 23977->23972 23978->23974 23980 131b8f9 23979->23980 23981 131b8ef 23979->23981 23984 131b909 numpunct 23980->23984 23985 131c601 23980->23985 23989 13631d4 67 API calls 2 library calls 23981->23989 23984->23974 23986 131c60d __EH_prolog3_catch 23985->23986 23990 131da60 23986->23990 23988 131c65d std::locale::_Init _memmove numpunct 23988->23984 23989->23980 23991 131daaa 23990->23991 23992 131da6f 23990->23992 23991->23988 23993 131da80 23992->23993 23998 13753a6 23992->23998 23993->23991 24010 1374cb9 66 API calls std::exception::_Copy_str 23993->24010 23996 131da95 24011 137bd1e RaiseException 23996->24011 24000 13753b0 23998->24000 24001 13753ca 24000->24001 24005 13753cc std::exception::exception 24000->24005 24012 137f2ce DecodePointer 24000->24012 24013 1376c17 24000->24013 24001->23993 24003 137540a 24033 1374d3e 66 API calls std::exception::operator= 24003->24033 24005->24003 24030 1376ec1 24005->24030 24006 1375414 24034 137bd1e RaiseException 24006->24034 24009 1375425 24010->23996 24011->23991 24012->24000 24014 1376c94 24013->24014 24019 1376c25 24013->24019 24043 137f2ce DecodePointer 24014->24043 24016 1376c9a 24044 137bdac 66 API calls __getptd_noexit 24016->24044 24017 1376c30 24017->24019 24035 1380eb5 66 API calls __NMSG_WRITE 24017->24035 24036 1380d06 66 API calls 6 library calls 24017->24036 24037 1378f2d 24017->24037 24019->24017 24021 1376c53 RtlAllocateHeap 24019->24021 24024 1376c80 24019->24024 24028 1376c7e 24019->24028 24040 137f2ce DecodePointer 24019->24040 24021->24019 24022 1376c8c 24021->24022 24022->24000 24041 137bdac 66 API calls __getptd_noexit 24024->24041 24042 137bdac 66 API calls __getptd_noexit 24028->24042 24049 1376e85 24030->24049 24032 1376ece 24032->24003 24033->24006 24034->24009 24035->24017 24036->24017 24045 1378f02 GetModuleHandleW 24037->24045 24040->24019 24041->24028 24042->24022 24043->24016 24044->24022 24046 1378f16 GetProcAddress 24045->24046 24047 1378f2b ExitProcess 24045->24047 24046->24047 24048 1378f26 24046->24048 24048->24047 24050 1376e91 _fprintf 24049->24050 24057 1378f45 24050->24057 24056 1376eb2 _fprintf 24056->24032 24074 1382372 24057->24074 24059 1376e96 24060 1376d9e RtlDecodePointer DecodePointer 24059->24060 24061 1376e4d 24060->24061 24062 1376dcc 24060->24062 24073 1376ebb LeaveCriticalSection std::_Mutex::_Mutex 24061->24073 24062->24061 24081 137f21c 67 API calls __strtod_l 24062->24081 24064 1376e30 EncodePointer EncodePointer 24064->24061 24065 1376dde 24065->24064 24066 1376df9 24065->24066 24067 1376e08 24065->24067 24082 137c69d 70 API calls __realloc_crt 24066->24082 24067->24061 24069 1376e02 24067->24069 24069->24067 24072 1376e1e EncodePointer 24069->24072 24083 137c69d 70 API calls __realloc_crt 24069->24083 24071 1376e18 24071->24061 24071->24072 24072->24064 24073->24056 24075 138239a EnterCriticalSection 24074->24075 24076 1382387 24074->24076 24075->24059 24077 13822b0 __mtinitlocknum 65 API calls 24076->24077 24078 138238d 24077->24078 24078->24075 24079 13791cf __amsg_exit 65 API calls 24078->24079 24080 1382399 24079->24080 24080->24075 24081->24065 24082->24069 24083->24071 24085 1357135 24084->24085 24086 1357130 24084->24086 24088 135713d 166 API calls 3 library calls 24085->24088 24088->24086 24089->23704 24090->23701 24092 1314f52 GetCurrentProcess FlushInstructionCache 24091->24092 24093 1314f46 24091->24093 24095 1314f80 24092->24095 24110 1362d08 24093->24110 24095->23728 24095->23729 24098 1345da3 SetWindowLongW 24097->24098 24099 1345dae 24097->24099 24098->24099 24126 1320dec 24099->24126 24101 1345dce IsWindow 24102 1345e05 24101->24102 24103 1345dda 24101->24103 24104 1345e38 24102->24104 24106 1345e12 ImageList_GetIconSize 24102->24106 24103->24102 24105 1345de0 SendMessageW 24103->24105 24104->23728 24129 1345ced 7 API calls 2 library calls 24105->24129 24106->24104 24108 1345e2d 24106->24108 24130 1329254 12 API calls __strtod_l 24108->24130 24111 1362c6a 24110->24111 24112 1362c75 24111->24112 24113 1362c7e 24111->24113 24125 1362bea 6 API calls 24112->24125 24115 1362c9f InterlockedPopEntrySList 24113->24115 24116 1362c88 GetProcessHeap HeapAlloc 24113->24116 24117 1314f4b 24115->24117 24119 1362cac VirtualAlloc 24115->24119 24116->24117 24118 1362c9d 24116->24118 24117->24092 24117->24095 24118->24117 24119->24117 24121 1362cc7 InterlockedPopEntrySList 24119->24121 24120 1362c7a 24120->24113 24120->24117 24122 1362cd7 VirtualFree 24121->24122 24123 1362ce9 24121->24123 24122->24117 24124 1362cef InterlockedPushEntrySList 24123->24124 24124->24117 24124->24124 24125->24120 24127 1320df6 24126->24127 24128 1320dfe CreateWindowExW 24126->24128 24127->24128 24128->24101 24129->24102 24130->24104 24132 1311735 24131->24132 24133 131172b 24131->24133 24135 1311745 24132->24135 24136 131175f 24132->24136 24222 1363221 67 API calls 2 library calls 24133->24222 24223 131184e 67 API calls 2 library calls 24135->24223 24225 13117af 24136->24225 24139 1311751 24224 131184e 67 API calls 2 library calls 24139->24224 24141 131175d _memmove 24141->23786 24143 13318ee __EH_prolog3_GS 24142->24143 24144 133191a 24143->24144 24183 1331939 Mailbox numpunct _strlen 24143->24183 24145 1319638 numpunct 77 API calls 24144->24145 24147 133192f 24145->24147 24146 133314a Mailbox 24151 137c2c5 Mailbox 5 API calls 24146->24151 24256 134ba76 147 API calls 6 library calls 24147->24256 24148 133315d RaiseException 24152 133315a 24151->24152 24152->23786 24158 1319b08 77 API calls 24158->24183 24159 131fd87 67 API calls 24159->24183 24160 13753a6 77 API calls std::_Mutex::_Mutex 24160->24183 24161 131fd37 78 API calls 24161->24183 24162 131a995 77 API calls numpunct 24162->24183 24165 13318df 227 API calls 24165->24183 24166 131d71a 111 API calls 24166->24183 24167 1347e09 21 API calls 24167->24183 24168 134470c 77 API calls 24168->24183 24169 1333172 147 API calls 24169->24183 24170 135bed6 79 API calls 24170->24183 24172 13116f0 77 API calls 24172->24183 24173 1311568 77 API calls numpunct 24173->24183 24174 1311716 77 API calls numpunct 24174->24183 24175 13318df 227 API calls 24186 1331f44 numpunct _strlen 24175->24186 24176 13116f0 77 API calls 24176->24186 24179 1333172 147 API calls 24179->24186 24180 13454b5 72 API calls 24180->24186 24183->24146 24183->24148 24183->24158 24183->24159 24183->24160 24183->24161 24183->24162 24183->24165 24183->24166 24183->24167 24183->24168 24183->24169 24183->24170 24183->24172 24183->24173 24183->24174 24184 13454b5 72 API calls 24183->24184 24183->24186 24246 13275e2 24183->24246 24250 13449ed 24183->24250 24257 132a1f9 77 API calls 4 library calls 24183->24257 24259 131fe5b 77 API calls 3 library calls 24183->24259 24260 1320401 153 API calls 24183->24260 24261 132a411 78 API calls 4 library calls 24183->24261 24270 132a510 78 API calls 3 library calls 24183->24270 24273 132a15a 77 API calls 5 library calls 24183->24273 24184->24183 24185 1311716 numpunct 77 API calls 24185->24186 24186->24148 24186->24175 24186->24176 24186->24179 24186->24180 24186->24183 24186->24185 24258 1321318 157 API calls 24186->24258 24262 1344a79 29 API calls 3 library calls 24186->24262 24263 1311568 24186->24263 24271 1344e56 132 API calls 24186->24271 24272 13209bc 85 API calls 4 library calls 24186->24272 24189 135bee2 __EH_prolog3_GS 24188->24189 24190 135befc MultiByteToWideChar 24189->24190 24191 135bf17 numpunct 24190->24191 24192 135bf39 24191->24192 24195 135bf48 _memset 24191->24195 24193 1319b30 numpunct 77 API calls 24192->24193 24199 135bf46 Mailbox numpunct 24193->24199 24194 135bf64 MultiByteToWideChar 24196 1319b30 numpunct 77 API calls 24194->24196 24195->24194 24196->24199 24197 137c2c5 Mailbox 5 API calls 24198 135bfb0 24197->24198 24198->23786 24199->24197 24201 1347f38 __EH_prolog3 24200->24201 24308 131dcbf 24201->24308 24205 1347f76 24206 131b6a8 77 API calls 24205->24206 24207 1347f81 std::locale::_Init 24206->24207 24207->23786 24208->23742 24210 137511c RtlFreeHeap 24209->24210 24214 1375145 __dosmaperr 24209->24214 24211 1375131 24210->24211 24210->24214 24322 137bdac 66 API calls __getptd_noexit 24211->24322 24213 1375137 GetLastError 24213->24214 24214->23877 24215->23796 24216->23816 24218 1311716 numpunct 77 API calls 24217->24218 24219 131170f 24218->24219 24219->23806 24219->23807 24220->23816 24221->23816 24222->24132 24223->24139 24224->24141 24226 13117c5 24225->24226 24227 13117bb 24225->24227 24230 13117d5 Mailbox 24226->24230 24231 13118c6 24226->24231 24235 13631d4 67 API calls 2 library calls 24227->24235 24230->24141 24232 13118d2 __EH_prolog3_catch 24231->24232 24236 1311a3f 24232->24236 24234 131191d Mailbox std::locale::_Init _memmove 24234->24230 24235->24226 24237 1311a84 24236->24237 24238 1311a4c 24236->24238 24237->24234 24239 1311a5a 24238->24239 24240 13753a6 std::_Mutex::_Mutex 77 API calls 24238->24240 24239->24237 24244 1374cb9 66 API calls std::exception::_Copy_str 24239->24244 24240->24239 24242 1311a6f 24245 137bd1e RaiseException 24242->24245 24244->24242 24245->24237 24247 1327607 24246->24247 24248 13275f1 24246->24248 24247->24183 24248->24247 24274 137814a 85 API calls __tolower_l 24248->24274 24251 13449fe 24250->24251 24275 131d71a 24251->24275 24256->24183 24257->24183 24258->24186 24259->24183 24260->24183 24261->24183 24262->24186 24264 1311578 numpunct 24263->24264 24265 1311598 24264->24265 24267 131157c 24264->24267 24266 13117af numpunct 77 API calls 24265->24266 24269 1311596 _memmove 24266->24269 24268 1311716 numpunct 77 API calls 24267->24268 24268->24269 24269->24186 24270->24183 24271->24186 24272->24186 24273->24183 24274->24248 24276 131d72f 24275->24276 24277 131d7a0 24275->24277 24276->24277 24278 131d73e EnterCriticalSection 24276->24278 24293 1347e09 24277->24293 24279 131d865 LeaveCriticalSection 24278->24279 24280 131d754 24278->24280 24279->24277 24281 131d75b GetClassInfoExW 24280->24281 24282 131d7ca LoadCursorW 24280->24282 24283 131d784 GetClassInfoExW 24281->24283 24284 131d7a9 24281->24284 24282->24284 24283->24284 24286 131d799 LeaveCriticalSection 24283->24286 24285 131d812 GetClassInfoExW 24284->24285 24302 1375426 97 API calls swprintf 24284->24302 24285->24279 24288 131d839 RegisterClassExW 24285->24288 24286->24277 24290 131d85a 24288->24290 24291 131d84c 24288->24291 24289 131d80c 24289->24285 24290->24279 24303 131950f 72 API calls __recalloc 24291->24303 24294 1314f3a 15 API calls 24293->24294 24295 1347e1c 24294->24295 24296 1347e20 SetLastError 24295->24296 24297 1347e2c 24295->24297 24299 1344a3b 24296->24299 24297->24299 24304 1311db3 24297->24304 24299->24183 24300 1347e3b CreateWindowExW 24300->24299 24302->24289 24303->24290 24305 1311db7 24304->24305 24306 1311dea RaiseException 24304->24306 24305->24306 24307 1311dbb GetCurrentThreadId EnterCriticalSection LeaveCriticalSection 24305->24307 24307->24300 24309 131dcca 24308->24309 24310 131dcd7 24308->24310 24309->24310 24311 131b8e0 numpunct 77 API calls 24309->24311 24312 131b6a8 24310->24312 24311->24310 24313 131b6c4 24312->24313 24314 131b6ba 24312->24314 24316 131b6e6 24313->24316 24321 13631d4 67 API calls 2 library calls 24313->24321 24320 1363221 67 API calls 2 library calls 24314->24320 24318 131b8e0 numpunct 77 API calls 24316->24318 24319 131b6f8 _memmove 24316->24319 24318->24319 24319->24205 24320->24313 24321->24316 24322->24213 24324 131aa3d 24323->24324 24326 131aa47 24323->24326 24327 1363221 67 API calls 2 library calls 24324->24327 24326->23898 24327->24326 24329 137ba16 _fprintf 24328->24329 24330 137ba37 24329->24330 24331 137ba20 24329->24331 24369 13813d7 24330->24369 24367 137bdac 66 API calls __getptd_noexit 24331->24367 24334 137ba25 24368 1380221 11 API calls __strtod_l 24334->24368 24338 137ba46 24389 137c651 24338->24389 24341 137ba30 _setlocale _fprintf 24341->23917 24342 1382372 __lock 66 API calls 24343 137ba72 24342->24343 24395 137ad86 24343->24395 24350 137bb53 24424 1380f7d 8 API calls 24350->24424 24351 137baa2 _setlocale 24353 1382372 __lock 66 API calls 24351->24353 24356 137bac8 24353->24356 24354 137bb59 24425 1381016 66 API calls 4 library calls 24354->24425 24420 1381161 74 API calls 3 library calls 24356->24420 24358 137bada 24421 1380f7d 8 API calls 24358->24421 24360 137bae0 24361 137bafe 24360->24361 24422 1381161 74 API calls 3 library calls 24360->24422 24423 137bb48 LeaveCriticalSection _doexit 24361->24423 24636 137ab25 24364->24636 24367->24334 24368->24341 24426 138135e GetLastError 24369->24426 24371 13813df 24372 137ba3c 24371->24372 24440 13791cf 66 API calls 3 library calls 24371->24440 24374 13811ae 24372->24374 24375 13811ba _fprintf 24374->24375 24376 13813d7 __getptd 66 API calls 24375->24376 24377 13811bf 24376->24377 24378 13811ed 24377->24378 24379 13811d1 24377->24379 24380 1382372 __lock 66 API calls 24378->24380 24382 13813d7 __getptd 66 API calls 24379->24382 24381 13811f4 24380->24381 24446 1381161 74 API calls 3 library calls 24381->24446 24384 13811d6 24382->24384 24387 13811e4 _fprintf 24384->24387 24445 13791cf 66 API calls 3 library calls 24384->24445 24385 1381208 24447 138121b LeaveCriticalSection _doexit 24385->24447 24387->24338 24392 137c65a 24389->24392 24391 137ba5c 24391->24341 24391->24342 24392->24391 24393 137c678 Sleep 24392->24393 24448 137ee5a 24392->24448 24394 137c68d 24393->24394 24394->24391 24394->24392 24396 137ad8f 24395->24396 24397 137ada8 24395->24397 24396->24397 24459 1380eee 8 API calls 24396->24459 24399 137bb3c 24397->24399 24460 1382299 LeaveCriticalSection 24399->24460 24401 137ba89 24402 137b6f9 24401->24402 24403 137b722 24402->24403 24410 137b73d 24402->24410 24405 137b72c 24403->24405 24461 137b3bf 24403->24461 24404 137b867 24404->24405 24521 137b039 24404->24521 24409 13748c1 __strtod_l 5 API calls 24405->24409 24406 137b88e 24507 137b19e 24406->24507 24412 137b913 24409->24412 24410->24404 24410->24406 24416 137b772 _strpbrk _strncmp _strlen _strcspn 24410->24416 24412->24350 24412->24351 24413 137b8a3 _setlocale 24413->24404 24413->24405 24414 137b3bf __setlocale_set_cat 101 API calls 24413->24414 24414->24413 24416->24404 24416->24405 24417 137b880 24416->24417 24419 137b3bf __setlocale_set_cat 101 API calls 24416->24419 24503 1388da5 66 API calls __strtod_l 24416->24503 24504 13801cf 24417->24504 24419->24416 24420->24358 24421->24360 24422->24361 24423->24341 24424->24354 24425->24341 24441 1381239 TlsGetValue 24426->24441 24429 13813cb SetLastError 24429->24371 24430 137c651 __calloc_crt 62 API calls 24431 1381389 24430->24431 24431->24429 24432 1381391 DecodePointer 24431->24432 24433 13813a6 24432->24433 24434 13813aa 24433->24434 24435 13813c2 24433->24435 24444 13812aa 66 API calls 4 library calls 24434->24444 24436 1375111 _free 62 API calls 24435->24436 24438 13813c8 24436->24438 24438->24429 24439 13813b2 GetCurrentThreadId 24439->24429 24442 1381269 24441->24442 24443 138124e DecodePointer TlsSetValue 24441->24443 24442->24429 24442->24430 24443->24442 24444->24439 24446->24385 24447->24384 24449 137ee66 24448->24449 24450 137ee81 24448->24450 24449->24450 24451 137ee72 24449->24451 24453 137ee94 RtlAllocateHeap 24450->24453 24455 137eebb 24450->24455 24458 137f2ce DecodePointer 24450->24458 24457 137bdac 66 API calls __getptd_noexit 24451->24457 24453->24450 24453->24455 24454 137ee77 24454->24392 24455->24392 24457->24454 24458->24450 24459->24397 24460->24401 24462 13813d7 __getptd 66 API calls 24461->24462 24463 137b3ec 24462->24463 24464 137b19e __expandlocale 96 API calls 24463->24464 24468 137b414 _setlocale _strlen 24464->24468 24465 137b41b 24466 13748c1 __strtod_l 5 API calls 24465->24466 24467 137b429 24466->24467 24467->24405 24468->24465 24550 137c60c 24468->24550 24470 137b465 _memmove 24470->24465 24556 137eddd 24470->24556 24472 137b6c7 24473 13801cf __invoke_watson 10 API calls 24472->24473 24474 137b6f8 24473->24474 24475 137b722 24474->24475 24483 137b73d 24474->24483 24478 137b72c 24475->24478 24481 137b3bf __setlocale_set_cat 100 API calls 24475->24481 24476 137b867 24476->24478 24480 137b039 __setlocale_get_all 70 API calls 24476->24480 24477 137b4d8 _memmove 24477->24472 24494 137b5dc _memcmp 24477->24494 24565 1385c89 79 API calls 2 library calls 24477->24565 24482 13748c1 __strtod_l 5 API calls 24478->24482 24479 137b88e 24484 137b19e __expandlocale 96 API calls 24479->24484 24480->24478 24481->24478 24487 137b913 24482->24487 24483->24476 24483->24479 24499 137b772 _strpbrk _strncmp _strlen _strcspn 24483->24499 24496 137b8a3 _setlocale 24484->24496 24485 137b693 24485->24472 24490 137b69f InterlockedDecrement 24485->24490 24486 137b662 24489 1375111 _free 66 API calls 24486->24489 24487->24405 24489->24465 24490->24472 24491 137b6b7 24490->24491 24492 1375111 _free 66 API calls 24491->24492 24493 137b6bf 24492->24493 24495 1375111 _free 66 API calls 24493->24495 24494->24485 24494->24486 24495->24472 24496->24476 24496->24478 24497 137b3bf __setlocale_set_cat 100 API calls 24496->24497 24497->24496 24499->24476 24499->24478 24500 137b880 24499->24500 24502 137b3bf __setlocale_set_cat 100 API calls 24499->24502 24566 1388da5 66 API calls __strtod_l 24499->24566 24501 13801cf __invoke_watson 10 API calls 24500->24501 24501->24478 24502->24499 24503->24416 24570 13800a6 24504->24570 24508 13813d7 __getptd 66 API calls 24507->24508 24509 137b1d9 24508->24509 24512 137eddd _strcpy_s 66 API calls 24509->24512 24513 137b246 24509->24513 24519 137b23f _memmove _setlocale _strlen 24509->24519 24510 13748c1 __strtod_l 5 API calls 24511 137b3bd 24510->24511 24511->24413 24512->24519 24513->24510 24515 13801cf __invoke_watson 10 API calls 24515->24519 24517 137eddd _strcpy_s 66 API calls 24517->24519 24519->24513 24519->24515 24519->24517 24576 137aeaf 24519->24576 24583 13893e7 24519->24583 24619 137afce 66 API calls 3 library calls 24519->24619 24620 1388da5 66 API calls __strtod_l 24519->24620 24522 137c60c __malloc_crt 66 API calls 24521->24522 24523 137b052 24522->24523 24543 137b12a 24523->24543 24633 137ae6e 66 API calls 2 library calls 24523->24633 24526 137b140 24527 13801cf __invoke_watson 10 API calls 24526->24527 24529 137b14c 24527->24529 24528 137b083 _setlocale 24528->24526 24535 137b0f1 24528->24535 24634 1388d38 66 API calls __strtod_l 24528->24634 24635 137ae6e 66 API calls 2 library calls 24528->24635 24530 1375111 _free 66 API calls 24529->24530 24532 137b154 24530->24532 24533 137b173 24532->24533 24534 137b164 InterlockedDecrement 24532->24534 24537 137b17b InterlockedDecrement 24533->24537 24533->24543 24534->24533 24536 137b16b 24534->24536 24535->24529 24538 137b0f7 24535->24538 24539 1375111 _free 66 API calls 24536->24539 24540 137b182 24537->24540 24537->24543 24541 137b104 InterlockedDecrement 24538->24541 24549 137b113 24538->24549 24539->24533 24542 1375111 _free 66 API calls 24540->24542 24544 137b10b 24541->24544 24541->24549 24542->24543 24543->24405 24546 1375111 _free 66 API calls 24544->24546 24545 137b11b InterlockedDecrement 24545->24543 24547 137b122 24545->24547 24546->24549 24548 1375111 _free 66 API calls 24547->24548 24548->24543 24549->24543 24549->24545 24552 137c615 24550->24552 24551 1376c17 _malloc 65 API calls 24551->24552 24552->24551 24553 137c64b 24552->24553 24554 137c62c Sleep 24552->24554 24553->24470 24555 137c641 24554->24555 24555->24552 24555->24553 24557 137edf2 24556->24557 24558 137edeb 24556->24558 24567 137bdac 66 API calls __getptd_noexit 24557->24567 24558->24557 24562 137ee10 24558->24562 24561 137ee01 24561->24477 24562->24561 24569 137bdac 66 API calls __getptd_noexit 24562->24569 24564 137edf7 24568 1380221 11 API calls __strtod_l 24564->24568 24565->24494 24566->24499 24567->24564 24568->24561 24569->24564 24571 13800c5 _memset __call_reportfault 24570->24571 24572 13800e3 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 24571->24572 24573 13801b1 __call_reportfault 24572->24573 24574 13748c1 __strtod_l 5 API calls 24573->24574 24575 13801cd GetCurrentProcess TerminateProcess 24574->24575 24575->24405 24577 137aec8 _memset 24576->24577 24579 137aed4 24577->24579 24581 137aef7 _strcspn 24577->24581 24621 1388da5 66 API calls __strtod_l 24577->24621 24579->24519 24580 13801cf __invoke_watson 10 API calls 24580->24581 24581->24579 24581->24580 24622 1388da5 66 API calls __strtod_l 24581->24622 24584 13813d7 __getptd 66 API calls 24583->24584 24589 13893f4 24584->24589 24585 1389401 GetUserDefaultLCID 24610 1389488 24585->24610 24587 138942b 24588 1389493 24587->24588 24591 138943d 24587->24591 24588->24585 24594 138949e _strlen 24588->24594 24589->24585 24589->24587 24623 1388e5a 85 API calls _CountryEnumProc@4 24589->24623 24593 1389451 24591->24593 24596 1389448 24591->24596 24625 13893ab 24593->24625 24600 13894a4 EnumSystemLocalesA 24594->24600 24595 13894f9 24601 138951e IsValidCodePage 24595->24601 24608 13895c9 24595->24608 24624 1389344 EnumSystemLocalesA _GetPrimaryLen _strlen 24596->24624 24599 138944f 24599->24610 24629 1388e5a 85 API calls _CountryEnumProc@4 24599->24629 24600->24610 24603 1389530 IsValidLocale 24601->24603 24601->24608 24603->24608 24612 1389543 24603->24612 24604 138948a 24607 13893ab _GetLcidFromLanguage EnumSystemLocalesA 24604->24607 24605 138946f 24605->24604 24606 1389481 24605->24606 24605->24610 24630 1389344 EnumSystemLocalesA _GetPrimaryLen _strlen 24606->24630 24607->24610 24608->24519 24610->24608 24631 1388ebc 82 API calls 2 library calls 24610->24631 24611 1389594 GetLocaleInfoA 24611->24608 24613 13895a5 GetLocaleInfoA 24611->24613 24612->24608 24612->24611 24614 137eddd _strcpy_s 66 API calls 24612->24614 24613->24608 24615 13895b9 24613->24615 24616 1389581 24614->24616 24632 137c4d7 66 API calls _xtoa_s@20 24615->24632 24616->24613 24618 13801cf __invoke_watson 10 API calls 24616->24618 24618->24611 24619->24519 24620->24519 24621->24581 24622->24581 24623->24587 24624->24599 24626 13893b2 _GetPrimaryLen _strlen 24625->24626 24627 13893cc EnumSystemLocalesA 24626->24627 24628 13893e2 24627->24628 24628->24599 24629->24605 24630->24610 24631->24595 24632->24608 24633->24528 24634->24528 24635->24528 24639 137ab3d 24636->24639 24637 137ab88 24652 137bdac 66 API calls __getptd_noexit 24637->24652 24639->24637 24642 137ab60 24639->24642 24640 137ab8d 24653 1380221 11 API calls __strtod_l 24640->24653 24650 137a8be 81 API calls 2 library calls 24642->24650 24644 137ab6d 24645 137ab75 24644->24645 24648 137ab9b 24644->24648 24651 137bdac 66 API calls __getptd_noexit 24645->24651 24646 135be9a 24646->23924 24648->24646 24654 137bdac 66 API calls __getptd_noexit 24648->24654 24650->24644 24651->24646 24652->24640 24653->24646 24654->24640 24655->23943 24665 13567dc 24666 13567e8 __EH_prolog3_GS 24665->24666 24667 131a995 numpunct 77 API calls 24666->24667 24668 13567fd 24667->24668 24669 1319b30 numpunct 77 API calls 24668->24669 24670 135680b _wcslen 24669->24670 24671 131b7e3 numpunct 77 API calls 24670->24671 24672 1356823 24671->24672 24673 1319b08 77 API calls 24672->24673 24692 13568c2 24672->24692 24675 135683e 24673->24675 24677 1319b30 numpunct 77 API calls 24675->24677 24676 13568e0 24678 1356906 numpunct 24676->24678 24681 13568ed RegDeleteValueW 24676->24681 24679 1356854 24677->24679 24683 137c2c5 Mailbox 5 API calls 24678->24683 24680 1319b30 numpunct 77 API calls 24679->24680 24682 135686a 24680->24682 24681->24676 24701 135c1e5 77 API calls 3 library calls 24682->24701 24685 1356916 24683->24685 24686 1356875 _wcslen numpunct 24686->24678 24702 131b74b 77 API calls 3 library calls 24686->24702 24688 13568ac 24689 131b6a8 77 API calls 24688->24689 24690 13568b8 24689->24690 24703 13123e4 RegCloseKey 24690->24703 24693 13123fb 24692->24693 24694 1312425 RegCreateKeyExW 24693->24694 24695 1312418 24693->24695 24697 131243a 24694->24697 24704 1311cd3 GetModuleHandleW GetProcAddress RegCreateKeyExW 24695->24704 24699 1312443 24697->24699 24705 13123e4 RegCloseKey 24697->24705 24698 1312423 24698->24697 24699->24676 24701->24686 24702->24688 24703->24692 24704->24698 24705->24699 25529 13218de 85 API calls __Tolower 25530 1324edf 153 API calls 6 library calls 25531 13148df 111 API calls 24916 13189de 24917 13189ed __EH_prolog3_GS 24916->24917 24918 1319b30 numpunct 77 API calls 24917->24918 24919 13189fc 24918->24919 24920 1318a0d LoadStringW 24919->24920 24945 131942e numpunct 24919->24945 24921 1319b30 numpunct 77 API calls 24920->24921 24922 1318a39 24921->24922 24972 1319f97 24922->24972 24924 137c2c5 Mailbox 5 API calls 24926 1319451 24924->24926 24925 1318a4f 24980 131e279 114 API calls 4 library calls 24925->24980 24928 1318a8b 24929 1319b08 77 API calls 24928->24929 24930 1318adf 24929->24930 24931 1319b08 77 API calls 24930->24931 24932 1318b05 24931->24932 24981 131d8b6 114 API calls 3 library calls 24932->24981 24934 131aa30 67 API calls 24969 1318b14 numpunct 24934->24969 24935 13193f6 numpunct 24987 13194b6 EnterCriticalSection LeaveCriticalSection std::ios_base::_Ios_base_dtor 24935->24987 24936 131b6a8 77 API calls 24936->24969 24938 1319b08 77 API calls 24938->24969 24939 1319b30 77 API calls numpunct 24971 1318e83 numpunct 24939->24971 24940 131d937 77 API calls 24940->24969 24941 1318ce0 numpunct 24988 13194b6 EnterCriticalSection LeaveCriticalSection std::ios_base::_Ios_base_dtor 24941->24988 24944 1319b30 numpunct 77 API calls 24944->24969 24945->24924 24946 1319f97 118 API calls 24946->24969 24947 13196ae 114 API calls 24947->24969 24948 13194ab 24989 1363221 67 API calls 2 library calls 24948->24989 24949 13194b6 EnterCriticalSection LeaveCriticalSection 24949->24969 24950 1318c6d 24950->24941 24952 1318c76 24950->24952 24954 1319b30 numpunct 77 API calls 24952->24954 24953 13194b5 24955 1318c86 24954->24955 24956 131b6a8 77 API calls 24955->24956 24957 1318c9d _wcslen 24956->24957 24982 131b74b 77 API calls 3 library calls 24957->24982 24959 1318cb7 24960 135be26 117 API calls 24959->24960 24961 1318cca 24960->24961 24983 134ba76 147 API calls 6 library calls 24961->24983 24963 1318cd5 numpunct 24963->24941 24964 131a995 numpunct 77 API calls 24964->24971 24965 131b6a8 77 API calls 24965->24971 24966 135be26 117 API calls 24966->24971 24968 131a995 77 API calls numpunct 24968->24969 24969->24934 24969->24935 24969->24936 24969->24938 24969->24940 24969->24941 24969->24944 24969->24946 24969->24947 24969->24948 24969->24949 24969->24950 24969->24968 24969->24971 24971->24939 24971->24964 24971->24965 24971->24966 24971->24969 24984 135c5a9 159 API calls 3 library calls 24971->24984 24985 135dae1 78 API calls 4 library calls 24971->24985 24986 134ba76 147 API calls 6 library calls 24971->24986 24973 1319fa3 __EH_prolog3 24972->24973 24990 131aad0 24973->24990 24975 1319fd4 24994 131b65c 83 API calls 5 library calls 24975->24994 24977 1319fef 24978 131a016 std::locale::_Init 24977->24978 24995 131b949 77 API calls 2 library calls 24977->24995 24978->24925 24980->24928 24981->24969 24982->24959 24983->24963 24984->24971 24985->24971 24986->24971 24987->24945 24988->24945 24989->24953 24991 131aadc __EH_prolog3 24990->24991 24996 131b5ec 24991->24996 24993 131aaec std::locale::_Init 24993->24975 24994->24977 24995->24978 24997 131b5f8 __EH_prolog3 24996->24997 25004 1314a45 24997->25004 25001 131b630 25002 131b652 std::locale::_Init 25001->25002 25017 13149b3 67 API calls 2 library calls 25001->25017 25002->24993 25005 13753a6 std::_Mutex::_Mutex 77 API calls 25004->25005 25006 1314a78 25005->25006 25008 1314a84 25006->25008 25018 1314532 82 API calls 3 library calls 25006->25018 25009 131ce84 25008->25009 25010 131ce90 __EH_prolog3 25009->25010 25019 1314a2b 25010->25019 25014 131cea3 25040 131454c EnterCriticalSection LeaveCriticalSection __Deletegloballocale 25014->25040 25016 131ceb2 std::locale::_Init 25016->25001 25018->25008 25041 13144c8 25019->25041 25022 131cfc4 25023 131cfd0 __EH_prolog3 25022->25023 25024 1363841 std::_Lockit::_Lockit EnterCriticalSection 25023->25024 25025 131cfda 25024->25025 25056 1314493 25025->25056 25027 131cff1 25039 131d004 25027->25039 25062 13146ac 25027->25062 25028 1363869 int LeaveCriticalSection 25029 131d059 std::locale::_Init 25028->25029 25029->25014 25031 131d036 25034 13144c8 std::locale::facet::_Incref 2 API calls 25031->25034 25032 131d014 25032->25031 25072 1374d20 66 API calls std::exception::exception 25032->25072 25036 131d046 25034->25036 25035 131d028 25073 137bd1e RaiseException 25035->25073 25074 136355c 77 API calls std::_Mutex::_Mutex 25036->25074 25039->25028 25040->25016 25046 1363841 25041->25046 25047 13144d9 25046->25047 25048 1363853 25046->25048 25050 1363869 25047->25050 25054 13665a0 EnterCriticalSection 25048->25054 25051 1363870 25050->25051 25052 13144ed 25050->25052 25055 13665b0 LeaveCriticalSection 25051->25055 25052->25022 25054->25047 25055->25052 25057 13144c3 25056->25057 25058 131449f 25056->25058 25057->25027 25059 1363841 std::_Lockit::_Lockit EnterCriticalSection 25058->25059 25060 13144a9 25059->25060 25061 1363869 int LeaveCriticalSection 25060->25061 25061->25057 25064 13146b8 __EH_prolog3 25062->25064 25063 131472a std::locale::_Init 25063->25032 25064->25063 25065 13753a6 std::_Mutex::_Mutex 77 API calls 25064->25065 25067 13146cf 25065->25067 25066 1314712 25066->25063 25086 1314400 102 API calls 5 library calls 25066->25086 25067->25066 25075 1314386 25067->25075 25070 13146f9 25085 1314753 74 API calls 2 library calls 25070->25085 25072->25035 25073->25031 25074->25039 25076 1314392 __EH_prolog3 25075->25076 25077 1363841 std::_Lockit::_Lockit EnterCriticalSection 25076->25077 25078 131439f 25077->25078 25079 13143eb 25078->25079 25096 1374cb9 66 API calls std::exception::_Copy_str 25078->25096 25087 13636cc 25079->25087 25082 13143d6 25097 137bd1e RaiseException 25082->25097 25083 13143f4 std::locale::_Init 25083->25070 25085->25066 25086->25063 25088 137ba0a _setlocale 101 API calls 25087->25088 25089 13636da 25088->25089 25098 134d6a9 66 API calls 3 library calls 25089->25098 25091 13636f2 25092 1363702 25091->25092 25093 137ba0a _setlocale 101 API calls 25091->25093 25099 134d6a9 66 API calls 3 library calls 25092->25099 25093->25092 25095 1363716 25095->25083 25096->25082 25097->25079 25098->25091 25099->25095 25532 131a6c3 DestroyWindow GetProcessHeap HeapFree InterlockedPushEntrySList Mailbox 25533 131eecb 154 API calls 3 library calls 25534 13170cc 11 API calls __strtod_l 25477 1327bcc 79 API calls 25536 1320acc 110 API calls

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 01330720, Relevance: 99.1, APIs: 36, Strings: 20, Instructions: 1068COMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E01330720(void* __ebx, RECT* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t550;
				WCHAR* _t553;
				void* _t562;
				signed int _t564;
				void* _t573;
				void* _t597;
				intOrPtr _t601;
				void* _t602;
				void* _t641;
				void* _t645;
				void* _t649;
				void* _t653;
				void* _t657;
				void* _t661;
				void* _t678;
				WCHAR* _t681;
				void* _t686;
				WCHAR* _t689;
				void* _t737;
				intOrPtr* _t738;
				void* _t745;
				intOrPtr* _t746;
				void* _t753;
				intOrPtr* _t754;
				void* _t761;
				intOrPtr* _t762;
				void* _t769;
				intOrPtr* _t770;
				void* _t777;
				intOrPtr* _t778;
				RECT* _t783;
				void* _t795;
				intOrPtr _t797;
				intOrPtr _t805;
				intOrPtr _t807;
				intOrPtr _t810;
				signed int _t843;
				intOrPtr _t909;
				int _t911;
				struct HWND__** _t912;
				intOrPtr _t913;
				struct HWND__** _t927;
				int _t937;
				struct HWND__** _t942;
				intOrPtr _t945;
				void* _t961;
				struct HWND__* _t962;
				struct HWND__* _t963;
				intOrPtr _t964;
				intOrPtr _t965;

				_t908 = __edx;
				_push(0x2fc);
				E0137C242(0x13977e1, __ebx, __edi, __esi);
				_t911 = 0;
				_t783 = __ecx;
				 *(_t961 - 0x2f0) = 0;
				_t967 =  *0x13c2a33;
				 *((intOrPtr*)(_t961 - 0x2f8)) = __ecx;
				 *((char*)(__ecx + 0x258)) = 1;
				if( *0x13c2a33 != 0) {
					_t962 = _t962 - 0x1c;
					 *(_t961 - 0x2f4) = _t962;
					E01319638(_t962, "DisplayEulaOffer()...");
					E0134BA76(_t783, 0x13c2b18, __edx, 0, __esi, _t967);
				}
				_t937 =  &(_t783->top);
				 *(_t961 - 0x304) = _t937;
				SetWindowLongW( *_t937, 0xffffffec, GetWindowLongW( *_t937, 0xffffffec) | 0x00080000); // executed
				if( *((intOrPtr*)(_t783 + 0x628)) <= _t911) {
					L133:
					_push(_t911);
					goto L134;
				} else {
					__imp__SetLayeredWindowAttributes( *_t937, 0xff,  *( *((intOrPtr*)(_t783 + 0x624)) + 0x70) & 0x000000ff, 2);
					E01319B30(_t961 - 0x18c, L"PreviousX");
					 *(_t961 - 4) =  *(_t961 - 4) & 0x00000000;
					_t641 = E0131FD87(_t961 - 0x18c, _t961 - 0x18c, _t783 + 0x128);
					_t969 = _t641 - 0xffffffff;
					if(_t641 > 0xffffffff) {
						E01319B30(_t961 - 0x170, L"PreviousX");
						 *(_t961 - 4) = 1;
						 *(_t961 - 0x2f0) = 1;
						_t777 = E0131FD37(_t961 - 0x1a8, _t961 - 0x170, _t908, _t961 - 0x170, _t961 - 0x1a8);
						_push(_t961 - 0x1d4);
						 *(_t961 - 4) = 2;
						 *(_t961 - 0x2f0) = 3;
						_t778 = E0135BE26(_t783, _t777, _t961 - 0x170, _t783 + 0x128, _t969);
						 *(_t961 - 0x2f0) = 7;
						if( *((intOrPtr*)(_t778 + 0x14)) >= 0x10) {
							_t778 =  *_t778;
						}
						_push(_t778);
						E01377DAA();
					}
					if(( *(_t961 - 0x2f0) & 0x00000004) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffffffb;
						E01311524(_t961 - 0x1d4, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000002) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffffffd;
						E0131AA87(_t961 - 0x1a8, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000001) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffffffe;
						E0131AA87(_t961 - 0x170, 1, 0);
					}
					 *(_t961 - 4) =  *(_t961 - 4) | 0xffffffff;
					E0131AA87(_t961 - 0x18c, 1, 0);
					E01319B30(_t961 - 0x170, L"PreviousY");
					 *(_t961 - 4) = 3;
					_t645 = E0131FD87(_t961 - 0x170, _t961 - 0x170, _t783 + 0x128);
					_t977 = _t645 - 0xffffffff;
					if(_t645 > 0xffffffff) {
						E01319B30(_t961 - 0x18c, L"PreviousY");
						 *(_t961 - 4) = 4;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000008;
						_t769 = E0131FD37(_t961 - 0x1d4, _t961 - 0x18c, _t908, _t961 - 0x18c, _t961 - 0x1d4);
						_push(_t961 - 0x1a8);
						 *(_t961 - 4) = 5;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000010;
						_t770 = E0135BE26(_t783, _t769, _t961 - 0x18c, _t783 + 0x128, _t977);
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000020;
						if( *((intOrPtr*)(_t770 + 0x14)) >= 0x10) {
							_t770 =  *_t770;
						}
						_push(_t770);
						E01377DAA();
					}
					if(( *(_t961 - 0x2f0) & 0x00000020) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffffffdf;
						E01311524(_t961 - 0x1a8, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000010) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffffffef;
						E0131AA87(_t961 - 0x1d4, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000008) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffffff7;
						E0131AA87(_t961 - 0x18c, 1, 0);
					}
					 *(_t961 - 4) =  *(_t961 - 4) | 0xffffffff;
					E0131AA87(_t961 - 0x170, 1, 0);
					E01319B30(_t961 - 0x170, L"NextX");
					 *(_t961 - 4) = 6;
					_t649 = E0131FD87(_t961 - 0x170, _t961 - 0x170, _t783 + 0x128);
					_t985 = _t649 - 0xffffffff;
					if(_t649 <= 0xffffffff) {
						 *((intOrPtr*)(_t961 - 0x308)) = 0xa9;
					} else {
						E01319B30(_t961 - 0x18c, L"NextX");
						 *(_t961 - 4) = 7;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000040;
						_t761 = E0131FD37(_t961 - 0x1d4, _t961 - 0x18c, _t908, _t961 - 0x18c, _t961 - 0x1d4);
						_push(_t961 - 0x1a8);
						 *(_t961 - 4) = 8;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000080;
						_t762 = E0135BE26(_t783, _t761, _t961 - 0x18c, _t783 + 0x128, _t985);
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000100;
						if( *((intOrPtr*)(_t762 + 0x14)) >= 0x10) {
							_t762 =  *_t762;
						}
						_push(_t762);
						 *((intOrPtr*)(_t961 - 0x308)) = E01377DAA();
					}
					if(( *(_t961 - 0x2f0) & 0x00000100) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffffeff;
						E01311524(_t961 - 0x1a8, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000080) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffffff7f;
						E0131AA87(_t961 - 0x1d4, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000040) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffffffbf;
						E0131AA87(_t961 - 0x18c, 1, 0);
					}
					 *(_t961 - 4) =  *(_t961 - 4) | 0xffffffff;
					E0131AA87(_t961 - 0x170, 1, 0);
					E01319B30(_t961 - 0x170, L"NextY");
					 *(_t961 - 4) = 9;
					_t653 = E0131FD87(_t961 - 0x170, _t961 - 0x170, _t783 + 0x128);
					_t993 = _t653 - 0xffffffff;
					if(_t653 <= 0xffffffff) {
						 *(_t961 - 0x2fc) = 0x25;
					} else {
						E01319B30(_t961 - 0x18c, L"NextY");
						 *(_t961 - 4) = 0xa;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000200;
						_t753 = E0131FD37(_t961 - 0x1d4, _t961 - 0x18c, _t908, _t961 - 0x18c, _t961 - 0x1d4);
						_push(_t961 - 0x1a8);
						 *(_t961 - 4) = 0xb;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000400;
						_t754 = E0135BE26(_t783, _t753, _t961 - 0x18c, _t783 + 0x128, _t993);
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00000800;
						if( *((intOrPtr*)(_t754 + 0x14)) >= 0x10) {
							_t754 =  *_t754;
						}
						_push(_t754);
						 *(_t961 - 0x2fc) = E01377DAA();
					}
					if(( *(_t961 - 0x2f0) & 0x00000800) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffff7ff;
						E01311524(_t961 - 0x1a8, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000400) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffffbff;
						E0131AA87(_t961 - 0x1d4, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00000200) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffffdff;
						E0131AA87(_t961 - 0x18c, 1, 0);
					}
					 *(_t961 - 4) =  *(_t961 - 4) | 0xffffffff;
					E0131AA87(_t961 - 0x170, 1, 0);
					E01319B30(_t961 - 0x170, L"CancelX");
					 *(_t961 - 4) = 0xc;
					_t657 = E0131FD87(_t961 - 0x170, _t961 - 0x170, _t783 + 0x128);
					_t1001 = _t657 - 0xffffffff;
					if(_t657 <= 0xffffffff) {
						 *(_t961 - 0x2f4) = 0x58;
					} else {
						E01319B30(_t961 - 0x18c, L"CancelX");
						 *(_t961 - 4) = 0xd;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00001000;
						_t745 = E0131FD37(_t961 - 0x1d4, _t961 - 0x18c, _t908, _t961 - 0x18c, _t961 - 0x1d4);
						_push(_t961 - 0x1a8);
						 *(_t961 - 4) = 0xe;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00002000;
						_t746 = E0135BE26(_t783, _t745, _t961 - 0x18c, _t783 + 0x128, _t1001);
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00004000;
						if( *((intOrPtr*)(_t746 + 0x14)) >= 0x10) {
							_t746 =  *_t746;
						}
						_push(_t746);
						 *(_t961 - 0x2f4) = E01377DAA();
					}
					if(( *(_t961 - 0x2f0) & 0x00004000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffffbfff;
						E01311524(_t961 - 0x1a8, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00002000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffffdfff;
						E0131AA87(_t961 - 0x1d4, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00001000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffffefff;
						E0131AA87(_t961 - 0x18c, 1, 0);
					}
					 *(_t961 - 4) =  *(_t961 - 4) | 0xffffffff;
					E0131AA87(_t961 - 0x170, 1, 0);
					E01319B30(_t961 - 0x170, L"CancelY");
					 *(_t961 - 4) = 0xf;
					_t661 = E0131FD87(_t961 - 0x170, _t961 - 0x170, _t783 + 0x128);
					_t1009 = _t661 - 0xffffffff;
					if(_t661 <= 0xffffffff) {
						 *(_t961 - 0x300) = 0x25;
					} else {
						E01319B30(_t961 - 0x18c, L"CancelY");
						 *(_t961 - 4) = 0x10;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00008000;
						_t737 = E0131FD37(_t961 - 0x1d4, _t961 - 0x18c, _t908, _t961 - 0x18c, _t961 - 0x1d4);
						_push(_t961 - 0x1a8);
						 *(_t961 - 4) = 0x11;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00010000;
						_t738 = E0135BE26(_t783, _t737, _t961 - 0x18c, _t783 + 0x128, _t1009);
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00020000;
						if( *((intOrPtr*)(_t738 + 0x14)) >= 0x10) {
							_t738 =  *_t738;
						}
						_push(_t738);
						 *(_t961 - 0x300) = E01377DAA();
					}
					_t937 = 0;
					if(( *(_t961 - 0x2f0) & 0x00020000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffdffff;
						E01311524(_t961 - 0x1a8, 1, 0);
					}
					if(( *(_t961 - 0x2f0) & 0x00010000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffeffff;
						E0131AA87(_t961 - 0x1d4, 1, _t937);
					}
					if(( *(_t961 - 0x2f0) & 0x00008000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffff7fff;
						E0131AA87(_t961 - 0x18c, 1, _t937);
					}
					 *(_t961 - 4) =  *(_t961 - 4) | 0xffffffff;
					E0131AA87(_t961 - 0x170, 1, _t937);
					GetWindowRect( *( *(_t961 - 0x304)), _t961 - 0x1b8);
					MoveWindow( *(_t783 + 0x404),  *((intOrPtr*)(_t961 - 0x1b0)) -  *(_t961 - 0x1b8) -  *((intOrPtr*)(_t961 - 0x308)),  *((intOrPtr*)(_t961 - 0x1ac)) -  *((intOrPtr*)(_t961 - 0x1b4)) -  *(_t961 - 0x2fc) - 0x17, 0x4b, 0x17, 1);
					MoveWindow( *(_t783 + 0x40c),  *((intOrPtr*)(_t961 - 0x1b0)) -  *(_t961 - 0x1b8) -  *(_t961 - 0x2f4),  *((intOrPtr*)(_t961 - 0x1ac)) -  *((intOrPtr*)(_t961 - 0x1b4)) -  *(_t961 - 0x300) - 0x17, 0x4b, 0x17, 1);
					E01319B30(_t961 - 0x170, L"STRID_NEXT");
					 *(_t961 - 4) = 0x12;
					if(E0131FD87(_t961 - 0x170, _t961 - 0x170, _t783 + 0x2a0) <= 0xffffffff) {
						_t678 = E01319B30(_t961 - 0x1a8, L"Next");
						 *(_t961 - 4) = 0x15;
						_t282 = _t961 - 0x2f0;
						 *_t282 =  *(_t961 - 0x2f0) | 0x00100000;
						__eflags =  *_t282;
					} else {
						E01319B30(_t961 - 0x18c, L"STRID_NEXT");
						 *(_t961 - 4) = 0x13;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00040000;
						_t678 = E0131FD37(_t961 - 0x2b4, _t961 - 0x18c, _t908, _t961 - 0x18c, _t961 - 0x2b4);
						 *(_t961 - 4) = 0x14;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00080000;
						_t937 = 0;
					}
					E01319B61(_t961 - 0x260, _t678);
					 *(_t961 - 4) = 0x16;
					if(( *(_t961 - 0x2f0) & 0x00100000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffefffff;
						E0131AA87(_t961 - 0x1a8, 1, _t937);
					}
					if(( *(_t961 - 0x2f0) & 0x00080000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfff7ffff;
						E0131AA87(_t961 - 0x2b4, 1, _t937);
					}
					if(( *(_t961 - 0x2f0) & 0x00040000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfffbffff;
						E0131AA87(_t961 - 0x18c, 1, _t937);
					}
					 *(_t961 - 4) = 0x1a;
					E0131AA87(_t961 - 0x170, 1, _t937);
					_t681 =  *(_t961 - 0x260);
					if( *((intOrPtr*)(_t961 - 0x24c)) < 8) {
						_t681 = _t961 - 0x260;
					}
					SetWindowTextW( *(_t783 + 0x404), _t681); // executed
					E01319B30(_t961 - 0x1d4, L"STRID_CANCEL");
					 *(_t961 - 4) = 0x1b;
					if(E0131FD87(_t961 - 0x1d4, _t961 - 0x1d4, _t783 + 0x2a0) <= 0xffffffff) {
						_t686 = E01319B30(_t961 - 0x2ec, L"Cancel");
						 *(_t961 - 4) = 0x1e;
						_t326 = _t961 - 0x2f0;
						 *_t326 =  *(_t961 - 0x2f0) | 0x00800000;
						__eflags =  *_t326;
					} else {
						E01319B30(_t961 - 0x1f0, L"STRID_CANCEL");
						 *(_t961 - 4) = 0x1c;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00200000;
						_t686 = E0131FD37(_t961 - 0x2d0, _t961 - 0x1f0, _t908, _t961 - 0x1f0, _t961 - 0x2d0);
						 *(_t961 - 4) = 0x1d;
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x00400000;
						_t937 = 0;
					}
					E01319B61(_t961 - 0x27c, _t686);
					 *(_t961 - 4) = 0x1f;
					if(( *(_t961 - 0x2f0) & 0x00800000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xff7fffff;
						E0131AA87(_t961 - 0x2ec, 1, _t937);
					}
					if(( *(_t961 - 0x2f0) & 0x00400000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffbfffff;
						E0131AA87(_t961 - 0x2d0, 1, _t937);
					}
					if(( *(_t961 - 0x2f0) & 0x00200000) != 0) {
						 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xffdfffff;
						E0131AA87(_t961 - 0x1f0, 1, _t937);
					}
					 *(_t961 - 4) = 0x23;
					E0131AA87(_t961 - 0x1d4, 1, _t937);
					_t689 =  *(_t961 - 0x27c);
					if( *((intOrPtr*)(_t961 - 0x268)) < 8) {
						_t689 = _t961 - 0x27c;
					}
					SetWindowTextW( *(_t783 + 0x40c), _t689); // executed
					ShowWindow( *(_t783 + 0x408), _t937); // executed
					ShowWindow( *(_t783 + 0x320), _t937); // executed
					ShowWindow( *(_t783 + 0x2b0), _t937); // executed
					ShowWindow( *(_t783 + 0x390), _t937); // executed
					ShowWindow( *(_t783 + 0x25c), _t937); // executed
					 *(_t961 - 0x2f4) = GetDlgItem( *( *(_t961 - 0x304)), 0xce);
					 *(_t961 - 0x300) = GetDlgItem( *( *(_t961 - 0x304)), 0xcd);
					EnableWindow( *(_t961 - 0x2f4), _t937); // executed
					EnableWindow( *(_t961 - 0x300), _t937); // executed
					ShowWindow( *(_t961 - 0x2f4), _t937); // executed
					ShowWindow( *(_t961 - 0x300), _t937); // executed
					_t843 = 0;
					 *(_t961 - 0x2fc) = 0;
					if( *(_t783 + 0x604) <= _t937) {
						L97:
						_t704 =  *(_t783 + 0x600);
						if( *(_t783 + 0x600) != _t937) {
							E01375111(_t704);
							 *(_t783 + 0x600) = _t937;
						}
						 *(_t783 + 0x604) = _t937;
						 *(_t783 + 0x608) = _t937;
						_t705 =  *(_t783 + 0x134);
						if( *(_t783 + 0x134) != _t937) {
							E01375111(_t705);
							 *(_t783 + 0x134) = _t937;
						}
						 *(_t783 + 0x138) = _t937;
						 *(_t783 + 0x13c) = _t937;
						LoadStringW( *0x13c1728, 0x65, _t961 - 0x154, 0x140);
						E01319B30(_t961 - 0x170, L"STRID_TITLE");
						 *(_t961 - 4) = 0x24;
						if(E0131FD87(_t961 - 0x170, _t961 - 0x170, _t783 + 0x2a0) <= 0xffffffff) {
							goto L105;
						} else {
							E01319B30(_t961 - 0x18c, L"STRID_TITLE");
							 *(_t961 - 4) = 0x25;
							 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x01000000;
							_t550 = E0131FD37(_t961 - 0x1a8, _t961 - 0x18c, _t908, _t961 - 0x18c, _t961 - 0x1a8);
							 *(_t961 - 4) = 0x26;
							 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) | 0x02000000;
							_t937 = 0;
							goto L106;
						}
					} else {
						while(_t843 >= _t937 && _t843 <  *(_t783 + 0x604)) {
							_t927 =  *( *(_t783 + 0x600) + _t843 * 4);
							if(_t927 != _t937 && IsWindow( *_t927) != 0) {
								 *(_t961 - 0x2f4) = _t937;
								E0134548E( *(_t961 - 0x2fc), _t783 + 0x600, _t961 - 0x2f4);
								if(DestroyWindow( *_t927) != 0) {
									 *_t927 = _t937;
								}
							}
							_t843 =  &( *(_t961 - 0x2fc)->i);
							 *(_t961 - 0x2fc) = _t843;
							if(_t843 <  *(_t783 + 0x604)) {
								continue;
							} else {
								goto L97;
							}
						}
						L103:
						_push(_t937);
						_push(_t937);
						L104:
						RaiseException(0xc000008c, 1, ??, ??);
						L105:
						_t550 = E01319B30(_t961 - 0x2b4, _t961 - 0x154);
						 *(_t961 - 4) = 0x27;
						_t406 = _t961 - 0x2f0;
						 *_t406 =  *(_t961 - 0x2f0) | 0x04000000;
						__eflags =  *_t406;
						L106:
						E01319B61(_t961 - 0x228, _t550);
						 *(_t961 - 4) = 0x28;
						if(( *(_t961 - 0x2f0) & 0x04000000) != 0) {
							 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfbffffff;
							E0131AA87(_t961 - 0x2b4, 1, _t937);
						}
						if(( *(_t961 - 0x2f0) & 0x02000000) != 0) {
							 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) & 0xfdffffff;
							E0131AA87(_t961 - 0x1a8, 1, _t937);
						}
						if(( *(_t961 - 0x2f0) & 0x01000000) != 0) {
							E0131AA87(_t961 - 0x18c, 1, _t937);
						}
						 *(_t961 - 4) = 0x2c;
						E0131AA87(_t961 - 0x170, 1, _t937);
						_t553 =  *(_t961 - 0x228);
						if( *((intOrPtr*)(_t961 - 0x214)) < 8) {
							_t553 = _t961 - 0x228;
						}
						_t912 =  *(_t961 - 0x304);
						SetWindowTextW( *_t912, _t553); // executed
						if( *((intOrPtr*)(_t783 + 0x628)) <= _t937) {
							goto L103;
						} else {
							E01311716(0x13bf048,  *((intOrPtr*)(_t783 + 0x624)), _t937, 0xffffffff);
							if( *((intOrPtr*)(_t783 + 0x628)) <= _t937) {
								goto L103;
							}
							_t962 = _t962 - 0x1c;
							 *(_t961 - 0x2f4) = _t962;
							E013116F0(_t962,  *((intOrPtr*)(_t783 + 0x624)));
							_t1051 =  *((intOrPtr*)(_t783 + 0x628)) - _t937;
							if( *((intOrPtr*)(_t783 + 0x628)) <= _t937) {
								goto L103;
							}
							_push( *((intOrPtr*)(_t783 + 0x624)) + 0x328);
							_push(_t912);
							E013318DF(_t783, _t783, _t912, _t937, _t1051); // executed
							if( *((intOrPtr*)(_t783 + 0x628)) <= _t937) {
								goto L103;
							}
							_t937 =  *((intOrPtr*)(_t783 + 0x624)) + 0x1d0;
							_t562 = E0132061F(_t937, "checkbox");
							_t911 = 0;
							if(_t562 != 0) {
								L124:
								if( *((intOrPtr*)(_t783 + 0x628)) <= _t911) {
									goto L133;
								}
								if(E0132061F( *((intOrPtr*)(_t783 + 0x624)) + 0x1d0, "radio") != 0) {
									L131:
									_t937 = SetWindowPos;
									_t564 = 0;
									 *(_t961 - 0x2f0) = 0;
									if( *(_t783 + 0x604) <= _t911) {
										L139:
										SetWindowPos( *(_t783 + 0x404), _t911, _t911, _t911, _t911, _t911, 3);
										SetWindowPos( *(_t783 + 0x40c), _t911, _t911, _t911, _t911, _t911, 3);
										_push(0xffffffff);
										_push(0xfde9);
										_push(0xfde9);
										_t1070 =  *((intOrPtr*)(_t783 + 0x628)) - _t911;
										if( *((intOrPtr*)(_t783 + 0x628)) <= _t911) {
											goto L133;
										}
										_t963 = _t962 - 0x1c;
										 *(_t961 - 0x2f4) = _t963;
										E013116F0(_t963,  *((intOrPtr*)(_t783 + 0x624)) + 0x74);
										_push(_t961 - 0x298);
										E0135BED6(_t783, _t911, _t937, _t1070);
										_t962 = _t963 + 0x2c;
										 *(_t961 - 4) = 0x2d;
										_t573 = E01344597(_t963, _t961 - 0x298, 0x2f);
										_t937 = _t961 - 0x20c;
										E01319C49(_t963, _t937, _t961 - 0x298, _t573 + 1, 0xffffffff);
										_push(_t783 + 0x1d4);
										_push(_t961 - 0x244);
										 *(_t961 - 4) = 0x2e;
										E01347F2C(_t937, _t911, _t937, _t1070);
										_pop(_t795);
										 *(_t961 - 4) = 0x2f;
										_t913 =  *((intOrPtr*)(_t961 - 0x2f8));
										_t783 = 0;
										if( *(_t913 + 0x628) <= 0) {
											L159:
											_push(_t783);
											_push(_t783);
											goto L104;
										}
										if( *((intOrPtr*)( *((intOrPtr*)(_t913 + 0x624)) + 0x90)) == 0) {
											 *(_t913 + 0x21c) = 0;
											__eflags =  *(_t913 + 0x628);
											if( *(_t913 + 0x628) <= 0) {
												goto L159;
											}
											E013116F0(_t961 - 0x1f0,  *((intOrPtr*)(_t913 + 0x624)) + 0x94);
											_t964 = _t962 - 0x1c;
											 *(_t961 - 4) = 0x32;
											_t797 = _t964;
											 *((intOrPtr*)(_t961 - 0x2f8)) = _t964;
											__eflags =  *(_t961 - 0x1e0);
											if( *(_t961 - 0x1e0) <= 0) {
												E01319638(_t797, "#ffffff");
											} else {
												E013116F0(_t797, _t961 - 0x1f0);
											}
											 *((intOrPtr*)(_t913 + 0x20c)) = E01333172(_t783, _t913, _t937, __eflags);
											E01311524(_t961 - 0x1f0, 1, _t783);
											L165:
											_t942 =  *(_t961 - 0x304);
											 *(_t913 + 0x258) = _t783;
											RedrawWindow( *_t942, _t783, _t783, 0x105);
											UpdateWindow( *_t942); // executed
											E0131AA87(_t961 - 0x244, 1, _t783);
											E0131AA87(_t961 - 0x20c, 1, _t783);
											E0131AA87(_t961 - 0x298, 1, _t783);
											E0131AA87(_t961 - 0x228, 1, _t783);
											E0131AA87(_t961 - 0x27c, 1, _t783);
											E0131AA87(_t961 - 0x260, 1, _t783);
											return E0137C2C5(_t783, _t913, 1);
										}
										_t597 = E01344597(_t795, _t937, 0x2e);
										_t945 = _t961 - 0x170;
										E01319C49(_t795, _t945, _t937, _t597 + 1,  *((intOrPtr*)(_t961 - 0x1fc)));
										 *(_t961 - 4) = 0x30;
										_t805 =  *((intOrPtr*)(_t961 - 0x170));
										_t909 = _t805;
										if( *((intOrPtr*)(_t961 - 0x15c)) >= 8) {
											_t601 = _t805;
										} else {
											_t909 = _t945;
											_t601 = _t945;
										}
										_t937 =  *(_t961 - 0x160);
										_t602 = _t601 + _t937 * 2;
										if( *((intOrPtr*)(_t961 - 0x15c)) < 8) {
											_t805 = _t961 - 0x170;
										}
										E01327736(_t961 - 0x2f8, _t805, _t602, _t909, E0137814A);
										_t962 = _t962 + 0x14;
										if( *(_t961 - 0x160) <= _t783) {
											 *(_t913 + 0x21c) = _t783;
											__eflags =  *(_t913 + 0x628) - _t783;
											if( *(_t913 + 0x628) <= _t783) {
												goto L159;
											}
											E013116F0(_t961 - 0x1f0,  *((intOrPtr*)(_t913 + 0x624)) + 0x94);
											_t965 = _t962 - 0x1c;
											 *(_t961 - 4) = 0x31;
											_t807 = _t965;
											 *((intOrPtr*)(_t961 - 0x2f8)) = _t965;
											__eflags =  *(_t961 - 0x1e0) - _t783;
											if( *(_t961 - 0x1e0) <= _t783) {
												E01319638(_t807, "#ffffff");
											} else {
												E013116F0(_t807, _t961 - 0x1f0);
											}
											 *((intOrPtr*)(_t913 + 0x20c)) = E01333172(_t783, _t913, _t937, __eflags);
											E01311524(_t961 - 0x1f0, 1, _t783);
											goto L158;
										} else {
											 *(_t913 + 0x21c) = 2;
											if( *((intOrPtr*)(_t913 + 0x228)) != _t783) {
												E0132996F(_t913 + 0x224);
											}
											_t810 =  *((intOrPtr*)(_t961 - 0x244));
											if( *((intOrPtr*)(_t961 - 0x230)) < 8) {
												_t810 = _t961 - 0x244;
											}
											E01329ABE(_t810, _t909, _t913 + 0x224);
											L158:
											E0131AA87(_t961 - 0x170, 1, _t783);
											goto L165;
										}
									}
									while(_t564 >= _t911 && _t564 <  *(_t783 + 0x604)) {
										SetWindowPos( *( *( *(_t783 + 0x600) + _t564 * 4)), _t911, _t911, _t911, _t911, _t911, 3);
										 *(_t961 - 0x2f0) =  *(_t961 - 0x2f0) + 1;
										if( *(_t961 - 0x2f0) <  *(_t783 + 0x604)) {
											_t564 =  *(_t961 - 0x2f0);
											continue;
										}
										goto L139;
									}
									goto L133;
								}
								_t937 = 0;
								if( *((intOrPtr*)(_t783 + 0x610)) <= _t911) {
									goto L131;
								}
								while(_t937 >= _t911 && _t937 <  *((intOrPtr*)(_t783 + 0x610))) {
									EnableWindow( *( *((intOrPtr*)( *((intOrPtr*)(_t783 + 0x60c)) + _t937 * 4)) + 4), _t911);
									_push(_t911);
									if(_t937 >=  *((intOrPtr*)(_t783 + 0x610))) {
										L134:
										_push(_t911);
										goto L104;
									}
									ShowWindow( *( *((intOrPtr*)( *((intOrPtr*)(_t783 + 0x60c)) + _t937 * 4)) + 4), ??);
									_t937 = _t937 + 1;
									if(_t937 <  *((intOrPtr*)(_t783 + 0x610))) {
										continue;
									}
									goto L131;
								}
								goto L133;
							}
							_t937 = 0;
							if( *((intOrPtr*)(_t783 + 0x61c)) <= 0) {
								goto L124;
							}
							while(_t937 >= _t911 && _t937 <  *((intOrPtr*)(_t783 + 0x61c))) {
								EnableWindow( *( *((intOrPtr*)( *((intOrPtr*)(_t783 + 0x618)) + _t937 * 4)) + 4), _t911);
								_push(_t911);
								if(_t937 >=  *((intOrPtr*)(_t783 + 0x61c))) {
									goto L134;
								}
								ShowWindow( *( *((intOrPtr*)( *((intOrPtr*)(_t783 + 0x618)) + _t937 * 4)) + 4), ??);
								_t937 = _t937 + 1;
								if(_t937 <  *((intOrPtr*)(_t783 + 0x61c))) {
									continue;
								}
								goto L124;
							}
							goto L133;
						}
					}
				}
			}





















































                                                                                                                                                                                                                                0x01330720
                                                                                                                                                                                                                                0x01330720
                                                                                                                                                                                                                                0x0133072a
                                                                                                                                                                                                                                0x0133072f
                                                                                                                                                                                                                                0x01330731
                                                                                                                                                                                                                                0x01330733
                                                                                                                                                                                                                                0x01330739
                                                                                                                                                                                                                                0x01330740
                                                                                                                                                                                                                                0x01330746
                                                                                                                                                                                                                                0x0133074d
                                                                                                                                                                                                                                0x0133074f
                                                                                                                                                                                                                                0x01330754
                                                                                                                                                                                                                                0x0133075f
                                                                                                                                                                                                                                0x01330769
                                                                                                                                                                                                                                0x01330769
                                                                                                                                                                                                                                0x0133076e
                                                                                                                                                                                                                                0x01330775
                                                                                                                                                                                                                                0x0133078b
                                                                                                                                                                                                                                0x01330797
                                                                                                                                                                                                                                0x013315c0
                                                                                                                                                                                                                                0x013315c0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133079d
                                                                                                                                                                                                                                0x013307b1
                                                                                                                                                                                                                                0x013307c3
                                                                                                                                                                                                                                0x013307c8
                                                                                                                                                                                                                                0x013307d9
                                                                                                                                                                                                                                0x013307de
                                                                                                                                                                                                                                0x013307e1
                                                                                                                                                                                                                                0x013307ea
                                                                                                                                                                                                                                0x013307f5
                                                                                                                                                                                                                                0x01330806
                                                                                                                                                                                                                                0x01330810
                                                                                                                                                                                                                                0x0133081b
                                                                                                                                                                                                                                0x0133081c
                                                                                                                                                                                                                                0x01330825
                                                                                                                                                                                                                                0x0133082f
                                                                                                                                                                                                                                0x01330839
                                                                                                                                                                                                                                0x01330843
                                                                                                                                                                                                                                0x01330845
                                                                                                                                                                                                                                0x01330845
                                                                                                                                                                                                                                0x01330847
                                                                                                                                                                                                                                0x01330848
                                                                                                                                                                                                                                0x0133084d
                                                                                                                                                                                                                                0x01330855
                                                                                                                                                                                                                                0x01330857
                                                                                                                                                                                                                                0x01330868
                                                                                                                                                                                                                                0x01330868
                                                                                                                                                                                                                                0x01330874
                                                                                                                                                                                                                                0x01330876
                                                                                                                                                                                                                                0x01330887
                                                                                                                                                                                                                                0x01330887
                                                                                                                                                                                                                                0x01330893
                                                                                                                                                                                                                                0x01330895
                                                                                                                                                                                                                                0x013308a6
                                                                                                                                                                                                                                0x013308a6
                                                                                                                                                                                                                                0x013308ab
                                                                                                                                                                                                                                0x013308b9
                                                                                                                                                                                                                                0x013308ca
                                                                                                                                                                                                                                0x013308dc
                                                                                                                                                                                                                                0x013308e3
                                                                                                                                                                                                                                0x013308e8
                                                                                                                                                                                                                                0x013308eb
                                                                                                                                                                                                                                0x013308f4
                                                                                                                                                                                                                                0x013308ff
                                                                                                                                                                                                                                0x01330903
                                                                                                                                                                                                                                0x01330917
                                                                                                                                                                                                                                0x01330922
                                                                                                                                                                                                                                0x01330923
                                                                                                                                                                                                                                0x0133092a
                                                                                                                                                                                                                                0x01330933
                                                                                                                                                                                                                                0x01330938
                                                                                                                                                                                                                                0x01330944
                                                                                                                                                                                                                                0x01330946
                                                                                                                                                                                                                                0x01330946
                                                                                                                                                                                                                                0x01330948
                                                                                                                                                                                                                                0x01330949
                                                                                                                                                                                                                                0x0133094e
                                                                                                                                                                                                                                0x01330956
                                                                                                                                                                                                                                0x01330958
                                                                                                                                                                                                                                0x01330969
                                                                                                                                                                                                                                0x01330969
                                                                                                                                                                                                                                0x01330975
                                                                                                                                                                                                                                0x01330977
                                                                                                                                                                                                                                0x01330988
                                                                                                                                                                                                                                0x01330988
                                                                                                                                                                                                                                0x01330994
                                                                                                                                                                                                                                0x01330996
                                                                                                                                                                                                                                0x013309a7
                                                                                                                                                                                                                                0x013309a7
                                                                                                                                                                                                                                0x013309ac
                                                                                                                                                                                                                                0x013309ba
                                                                                                                                                                                                                                0x013309cb
                                                                                                                                                                                                                                0x013309dd
                                                                                                                                                                                                                                0x013309e4
                                                                                                                                                                                                                                0x013309e9
                                                                                                                                                                                                                                0x013309ec
                                                                                                                                                                                                                                0x01330a5e
                                                                                                                                                                                                                                0x013309ee
                                                                                                                                                                                                                                0x013309f5
                                                                                                                                                                                                                                0x01330a00
                                                                                                                                                                                                                                0x01330a04
                                                                                                                                                                                                                                0x01330a18
                                                                                                                                                                                                                                0x01330a23
                                                                                                                                                                                                                                0x01330a24
                                                                                                                                                                                                                                0x01330a2b
                                                                                                                                                                                                                                0x01330a37
                                                                                                                                                                                                                                0x01330a3c
                                                                                                                                                                                                                                0x01330a4b
                                                                                                                                                                                                                                0x01330a4d
                                                                                                                                                                                                                                0x01330a4d
                                                                                                                                                                                                                                0x01330a4f
                                                                                                                                                                                                                                0x01330a56
                                                                                                                                                                                                                                0x01330a56
                                                                                                                                                                                                                                0x01330a72
                                                                                                                                                                                                                                0x01330a74
                                                                                                                                                                                                                                0x01330a88
                                                                                                                                                                                                                                0x01330a88
                                                                                                                                                                                                                                0x01330a94
                                                                                                                                                                                                                                0x01330a96
                                                                                                                                                                                                                                0x01330aaa
                                                                                                                                                                                                                                0x01330aaa
                                                                                                                                                                                                                                0x01330ab6
                                                                                                                                                                                                                                0x01330ab8
                                                                                                                                                                                                                                0x01330ac9
                                                                                                                                                                                                                                0x01330ac9
                                                                                                                                                                                                                                0x01330ace
                                                                                                                                                                                                                                0x01330adc
                                                                                                                                                                                                                                0x01330aed
                                                                                                                                                                                                                                0x01330aff
                                                                                                                                                                                                                                0x01330b06
                                                                                                                                                                                                                                0x01330b0b
                                                                                                                                                                                                                                0x01330b0e
                                                                                                                                                                                                                                0x01330b83
                                                                                                                                                                                                                                0x01330b10
                                                                                                                                                                                                                                0x01330b17
                                                                                                                                                                                                                                0x01330b22
                                                                                                                                                                                                                                0x01330b26
                                                                                                                                                                                                                                0x01330b3d
                                                                                                                                                                                                                                0x01330b48
                                                                                                                                                                                                                                0x01330b49
                                                                                                                                                                                                                                0x01330b50
                                                                                                                                                                                                                                0x01330b5c
                                                                                                                                                                                                                                0x01330b61
                                                                                                                                                                                                                                0x01330b70
                                                                                                                                                                                                                                0x01330b72
                                                                                                                                                                                                                                0x01330b72
                                                                                                                                                                                                                                0x01330b74
                                                                                                                                                                                                                                0x01330b7b
                                                                                                                                                                                                                                0x01330b7b
                                                                                                                                                                                                                                0x01330b97
                                                                                                                                                                                                                                0x01330b99
                                                                                                                                                                                                                                0x01330bad
                                                                                                                                                                                                                                0x01330bad
                                                                                                                                                                                                                                0x01330bbc
                                                                                                                                                                                                                                0x01330bbe
                                                                                                                                                                                                                                0x01330bd2
                                                                                                                                                                                                                                0x01330bd2
                                                                                                                                                                                                                                0x01330be1
                                                                                                                                                                                                                                0x01330be3
                                                                                                                                                                                                                                0x01330bf7
                                                                                                                                                                                                                                0x01330bf7
                                                                                                                                                                                                                                0x01330bfc
                                                                                                                                                                                                                                0x01330c0a
                                                                                                                                                                                                                                0x01330c1b
                                                                                                                                                                                                                                0x01330c2d
                                                                                                                                                                                                                                0x01330c34
                                                                                                                                                                                                                                0x01330c39
                                                                                                                                                                                                                                0x01330c3c
                                                                                                                                                                                                                                0x01330cb1
                                                                                                                                                                                                                                0x01330c3e
                                                                                                                                                                                                                                0x01330c45
                                                                                                                                                                                                                                0x01330c50
                                                                                                                                                                                                                                0x01330c54
                                                                                                                                                                                                                                0x01330c6b
                                                                                                                                                                                                                                0x01330c76
                                                                                                                                                                                                                                0x01330c77
                                                                                                                                                                                                                                0x01330c7e
                                                                                                                                                                                                                                0x01330c8a
                                                                                                                                                                                                                                0x01330c8f
                                                                                                                                                                                                                                0x01330c9e
                                                                                                                                                                                                                                0x01330ca0
                                                                                                                                                                                                                                0x01330ca0
                                                                                                                                                                                                                                0x01330ca2
                                                                                                                                                                                                                                0x01330ca9
                                                                                                                                                                                                                                0x01330ca9
                                                                                                                                                                                                                                0x01330cc5
                                                                                                                                                                                                                                0x01330cc7
                                                                                                                                                                                                                                0x01330cdb
                                                                                                                                                                                                                                0x01330cdb
                                                                                                                                                                                                                                0x01330cea
                                                                                                                                                                                                                                0x01330cec
                                                                                                                                                                                                                                0x01330d00
                                                                                                                                                                                                                                0x01330d00
                                                                                                                                                                                                                                0x01330d0f
                                                                                                                                                                                                                                0x01330d11
                                                                                                                                                                                                                                0x01330d25
                                                                                                                                                                                                                                0x01330d25
                                                                                                                                                                                                                                0x01330d2a
                                                                                                                                                                                                                                0x01330d38
                                                                                                                                                                                                                                0x01330d49
                                                                                                                                                                                                                                0x01330d5b
                                                                                                                                                                                                                                0x01330d62
                                                                                                                                                                                                                                0x01330d67
                                                                                                                                                                                                                                0x01330d6a
                                                                                                                                                                                                                                0x01330ddf
                                                                                                                                                                                                                                0x01330d6c
                                                                                                                                                                                                                                0x01330d73
                                                                                                                                                                                                                                0x01330d7e
                                                                                                                                                                                                                                0x01330d82
                                                                                                                                                                                                                                0x01330d99
                                                                                                                                                                                                                                0x01330da4
                                                                                                                                                                                                                                0x01330da5
                                                                                                                                                                                                                                0x01330dac
                                                                                                                                                                                                                                0x01330db8
                                                                                                                                                                                                                                0x01330dbd
                                                                                                                                                                                                                                0x01330dcc
                                                                                                                                                                                                                                0x01330dce
                                                                                                                                                                                                                                0x01330dce
                                                                                                                                                                                                                                0x01330dd0
                                                                                                                                                                                                                                0x01330dd7
                                                                                                                                                                                                                                0x01330dd7
                                                                                                                                                                                                                                0x01330de9
                                                                                                                                                                                                                                0x01330df5
                                                                                                                                                                                                                                0x01330df7
                                                                                                                                                                                                                                0x01330e0a
                                                                                                                                                                                                                                0x01330e0a
                                                                                                                                                                                                                                0x01330e19
                                                                                                                                                                                                                                0x01330e1b
                                                                                                                                                                                                                                0x01330e2e
                                                                                                                                                                                                                                0x01330e2e
                                                                                                                                                                                                                                0x01330e3d
                                                                                                                                                                                                                                0x01330e3f
                                                                                                                                                                                                                                0x01330e52
                                                                                                                                                                                                                                0x01330e52
                                                                                                                                                                                                                                0x01330e57
                                                                                                                                                                                                                                0x01330e64
                                                                                                                                                                                                                                0x01330e78
                                                                                                                                                                                                                                0x01330eb9
                                                                                                                                                                                                                                0x01330ef0
                                                                                                                                                                                                                                0x01330f03
                                                                                                                                                                                                                                0x01330f0f
                                                                                                                                                                                                                                0x01330f1e
                                                                                                                                                                                                                                0x01330f76
                                                                                                                                                                                                                                0x01330f7b
                                                                                                                                                                                                                                0x01330f82
                                                                                                                                                                                                                                0x01330f82
                                                                                                                                                                                                                                0x01330f82
                                                                                                                                                                                                                                0x01330f20
                                                                                                                                                                                                                                0x01330f2b
                                                                                                                                                                                                                                0x01330f36
                                                                                                                                                                                                                                0x01330f3a
                                                                                                                                                                                                                                0x01330f51
                                                                                                                                                                                                                                0x01330f56
                                                                                                                                                                                                                                0x01330f5d
                                                                                                                                                                                                                                0x01330f67
                                                                                                                                                                                                                                0x01330f67
                                                                                                                                                                                                                                0x01330f93
                                                                                                                                                                                                                                0x01330f98
                                                                                                                                                                                                                                0x01330fa9
                                                                                                                                                                                                                                0x01330fab
                                                                                                                                                                                                                                0x01330fbe
                                                                                                                                                                                                                                0x01330fbe
                                                                                                                                                                                                                                0x01330fcd
                                                                                                                                                                                                                                0x01330fcf
                                                                                                                                                                                                                                0x01330fe2
                                                                                                                                                                                                                                0x01330fe2
                                                                                                                                                                                                                                0x01330ff1
                                                                                                                                                                                                                                0x01330ff3
                                                                                                                                                                                                                                0x01331006
                                                                                                                                                                                                                                0x01331006
                                                                                                                                                                                                                                0x01331014
                                                                                                                                                                                                                                0x01331018
                                                                                                                                                                                                                                0x01331024
                                                                                                                                                                                                                                0x0133102a
                                                                                                                                                                                                                                0x0133102c
                                                                                                                                                                                                                                0x0133102c
                                                                                                                                                                                                                                0x01331039
                                                                                                                                                                                                                                0x0133104a
                                                                                                                                                                                                                                0x0133105c
                                                                                                                                                                                                                                0x01331068
                                                                                                                                                                                                                                0x013310c0
                                                                                                                                                                                                                                0x013310c5
                                                                                                                                                                                                                                0x013310cc
                                                                                                                                                                                                                                0x013310cc
                                                                                                                                                                                                                                0x013310cc
                                                                                                                                                                                                                                0x0133106a
                                                                                                                                                                                                                                0x01331075
                                                                                                                                                                                                                                0x01331080
                                                                                                                                                                                                                                0x01331084
                                                                                                                                                                                                                                0x0133109b
                                                                                                                                                                                                                                0x013310a0
                                                                                                                                                                                                                                0x013310a7
                                                                                                                                                                                                                                0x013310b1
                                                                                                                                                                                                                                0x013310b1
                                                                                                                                                                                                                                0x013310dd
                                                                                                                                                                                                                                0x013310e2
                                                                                                                                                                                                                                0x013310f3
                                                                                                                                                                                                                                0x013310f5
                                                                                                                                                                                                                                0x01331108
                                                                                                                                                                                                                                0x01331108
                                                                                                                                                                                                                                0x01331117
                                                                                                                                                                                                                                0x01331119
                                                                                                                                                                                                                                0x0133112c
                                                                                                                                                                                                                                0x0133112c
                                                                                                                                                                                                                                0x0133113b
                                                                                                                                                                                                                                0x0133113d
                                                                                                                                                                                                                                0x01331150
                                                                                                                                                                                                                                0x01331150
                                                                                                                                                                                                                                0x0133115e
                                                                                                                                                                                                                                0x01331162
                                                                                                                                                                                                                                0x0133116e
                                                                                                                                                                                                                                0x01331174
                                                                                                                                                                                                                                0x01331176
                                                                                                                                                                                                                                0x01331176
                                                                                                                                                                                                                                0x01331183
                                                                                                                                                                                                                                0x01331196
                                                                                                                                                                                                                                0x0133119f
                                                                                                                                                                                                                                0x013311a8
                                                                                                                                                                                                                                0x013311b1
                                                                                                                                                                                                                                0x013311ba
                                                                                                                                                                                                                                0x013311cf
                                                                                                                                                                                                                                0x013311ef
                                                                                                                                                                                                                                0x013311f5
                                                                                                                                                                                                                                0x01331202
                                                                                                                                                                                                                                0x0133120f
                                                                                                                                                                                                                                0x01331218
                                                                                                                                                                                                                                0x0133121a
                                                                                                                                                                                                                                0x0133121c
                                                                                                                                                                                                                                0x01331228
                                                                                                                                                                                                                                0x0133129a
                                                                                                                                                                                                                                0x0133129a
                                                                                                                                                                                                                                0x013312a2
                                                                                                                                                                                                                                0x013312a5
                                                                                                                                                                                                                                0x013312ab
                                                                                                                                                                                                                                0x013312ab
                                                                                                                                                                                                                                0x013312b1
                                                                                                                                                                                                                                0x013312b7
                                                                                                                                                                                                                                0x013312bd
                                                                                                                                                                                                                                0x013312c5
                                                                                                                                                                                                                                0x013312c8
                                                                                                                                                                                                                                0x013312ce
                                                                                                                                                                                                                                0x013312ce
                                                                                                                                                                                                                                0x013312e2
                                                                                                                                                                                                                                0x013312e8
                                                                                                                                                                                                                                0x013312f4
                                                                                                                                                                                                                                0x01331305
                                                                                                                                                                                                                                0x01331317
                                                                                                                                                                                                                                0x01331323
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331325
                                                                                                                                                                                                                                0x01331330
                                                                                                                                                                                                                                0x0133133b
                                                                                                                                                                                                                                0x0133133f
                                                                                                                                                                                                                                0x01331356
                                                                                                                                                                                                                                0x0133135b
                                                                                                                                                                                                                                0x01331362
                                                                                                                                                                                                                                0x0133136c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133136c
                                                                                                                                                                                                                                0x0133122a
                                                                                                                                                                                                                                0x0133122a
                                                                                                                                                                                                                                0x01331247
                                                                                                                                                                                                                                0x0133124b
                                                                                                                                                                                                                                0x0133126c
                                                                                                                                                                                                                                0x01331272
                                                                                                                                                                                                                                0x01331281
                                                                                                                                                                                                                                0x01331283
                                                                                                                                                                                                                                0x01331283
                                                                                                                                                                                                                                0x01331281
                                                                                                                                                                                                                                0x0133128b
                                                                                                                                                                                                                                0x0133128c
                                                                                                                                                                                                                                0x01331298
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331298
                                                                                                                                                                                                                                0x01331370
                                                                                                                                                                                                                                0x01331370
                                                                                                                                                                                                                                0x01331371
                                                                                                                                                                                                                                0x01331372
                                                                                                                                                                                                                                0x01331379
                                                                                                                                                                                                                                0x0133137f
                                                                                                                                                                                                                                0x0133138c
                                                                                                                                                                                                                                0x01331391
                                                                                                                                                                                                                                0x01331398
                                                                                                                                                                                                                                0x01331398
                                                                                                                                                                                                                                0x01331398
                                                                                                                                                                                                                                0x013313a2
                                                                                                                                                                                                                                0x013313a9
                                                                                                                                                                                                                                0x013313ae
                                                                                                                                                                                                                                0x013313bf
                                                                                                                                                                                                                                0x013313c1
                                                                                                                                                                                                                                0x013313d4
                                                                                                                                                                                                                                0x013313d4
                                                                                                                                                                                                                                0x013313e3
                                                                                                                                                                                                                                0x013313e5
                                                                                                                                                                                                                                0x013313f8
                                                                                                                                                                                                                                0x013313f8
                                                                                                                                                                                                                                0x01331407
                                                                                                                                                                                                                                0x01331412
                                                                                                                                                                                                                                0x01331412
                                                                                                                                                                                                                                0x01331420
                                                                                                                                                                                                                                0x01331424
                                                                                                                                                                                                                                0x01331430
                                                                                                                                                                                                                                0x01331436
                                                                                                                                                                                                                                0x01331438
                                                                                                                                                                                                                                0x01331438
                                                                                                                                                                                                                                0x0133143e
                                                                                                                                                                                                                                0x01331447
                                                                                                                                                                                                                                0x01331453
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331459
                                                                                                                                                                                                                                0x01331468
                                                                                                                                                                                                                                0x01331473
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133147f
                                                                                                                                                                                                                                0x01331484
                                                                                                                                                                                                                                0x0133148b
                                                                                                                                                                                                                                0x01331490
                                                                                                                                                                                                                                0x01331496
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013314a7
                                                                                                                                                                                                                                0x013314a8
                                                                                                                                                                                                                                0x013314ab
                                                                                                                                                                                                                                0x013314b6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013314c7
                                                                                                                                                                                                                                0x013314cd
                                                                                                                                                                                                                                0x013314d2
                                                                                                                                                                                                                                0x013314d6
                                                                                                                                                                                                                                0x01331533
                                                                                                                                                                                                                                0x01331539
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331557
                                                                                                                                                                                                                                0x013315a8
                                                                                                                                                                                                                                0x013315a8
                                                                                                                                                                                                                                0x013315ae
                                                                                                                                                                                                                                0x013315b0
                                                                                                                                                                                                                                0x013315bc
                                                                                                                                                                                                                                0x01331603
                                                                                                                                                                                                                                0x01331610
                                                                                                                                                                                                                                0x0133161f
                                                                                                                                                                                                                                0x01331621
                                                                                                                                                                                                                                0x01331628
                                                                                                                                                                                                                                0x01331629
                                                                                                                                                                                                                                0x0133162a
                                                                                                                                                                                                                                0x01331630
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331638
                                                                                                                                                                                                                                0x01331640
                                                                                                                                                                                                                                0x01331647
                                                                                                                                                                                                                                0x01331652
                                                                                                                                                                                                                                0x01331653
                                                                                                                                                                                                                                0x01331658
                                                                                                                                                                                                                                0x01331665
                                                                                                                                                                                                                                0x01331669
                                                                                                                                                                                                                                0x01331673
                                                                                                                                                                                                                                0x01331679
                                                                                                                                                                                                                                0x01331684
                                                                                                                                                                                                                                0x0133168b
                                                                                                                                                                                                                                0x0133168e
                                                                                                                                                                                                                                0x01331692
                                                                                                                                                                                                                                0x01331698
                                                                                                                                                                                                                                0x01331699
                                                                                                                                                                                                                                0x0133169d
                                                                                                                                                                                                                                0x013316a3
                                                                                                                                                                                                                                0x013316ab
                                                                                                                                                                                                                                0x013317f1
                                                                                                                                                                                                                                0x013317f1
                                                                                                                                                                                                                                0x013317f2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013317f2
                                                                                                                                                                                                                                0x013316bd
                                                                                                                                                                                                                                0x013317f8
                                                                                                                                                                                                                                0x013317fe
                                                                                                                                                                                                                                0x01331804
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331818
                                                                                                                                                                                                                                0x0133181d
                                                                                                                                                                                                                                0x01331820
                                                                                                                                                                                                                                0x01331824
                                                                                                                                                                                                                                0x01331826
                                                                                                                                                                                                                                0x0133182c
                                                                                                                                                                                                                                0x01331832
                                                                                                                                                                                                                                0x01331847
                                                                                                                                                                                                                                0x01331834
                                                                                                                                                                                                                                0x0133183b
                                                                                                                                                                                                                                0x0133183b
                                                                                                                                                                                                                                0x0133185a
                                                                                                                                                                                                                                0x01331860
                                                                                                                                                                                                                                0x01331865
                                                                                                                                                                                                                                0x01331865
                                                                                                                                                                                                                                0x01331874
                                                                                                                                                                                                                                0x0133187a
                                                                                                                                                                                                                                0x01331882
                                                                                                                                                                                                                                0x01331893
                                                                                                                                                                                                                                0x013318a0
                                                                                                                                                                                                                                0x013318ad
                                                                                                                                                                                                                                0x013318ba
                                                                                                                                                                                                                                0x013318c7
                                                                                                                                                                                                                                0x013318d4
                                                                                                                                                                                                                                0x013318de
                                                                                                                                                                                                                                0x013318de
                                                                                                                                                                                                                                0x013316cb
                                                                                                                                                                                                                                0x013316d5
                                                                                                                                                                                                                                0x013316db
                                                                                                                                                                                                                                0x013316e0
                                                                                                                                                                                                                                0x013316eb
                                                                                                                                                                                                                                0x013316f1
                                                                                                                                                                                                                                0x013316f3
                                                                                                                                                                                                                                0x01331770
                                                                                                                                                                                                                                0x013316f5
                                                                                                                                                                                                                                0x013316f5
                                                                                                                                                                                                                                0x013316f7
                                                                                                                                                                                                                                0x013316f7
                                                                                                                                                                                                                                0x01331700
                                                                                                                                                                                                                                0x01331706
                                                                                                                                                                                                                                0x01331709
                                                                                                                                                                                                                                0x0133170b
                                                                                                                                                                                                                                0x0133170b
                                                                                                                                                                                                                                0x01331720
                                                                                                                                                                                                                                0x01331725
                                                                                                                                                                                                                                0x0133172e
                                                                                                                                                                                                                                0x01331774
                                                                                                                                                                                                                                0x0133177a
                                                                                                                                                                                                                                0x01331780
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331794
                                                                                                                                                                                                                                0x01331799
                                                                                                                                                                                                                                0x0133179c
                                                                                                                                                                                                                                0x013317a0
                                                                                                                                                                                                                                0x013317a2
                                                                                                                                                                                                                                0x013317a8
                                                                                                                                                                                                                                0x013317ae
                                                                                                                                                                                                                                0x013317c3
                                                                                                                                                                                                                                0x013317b0
                                                                                                                                                                                                                                0x013317b7
                                                                                                                                                                                                                                0x013317b7
                                                                                                                                                                                                                                0x013317d6
                                                                                                                                                                                                                                0x013317dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331730
                                                                                                                                                                                                                                0x01331730
                                                                                                                                                                                                                                0x01331740
                                                                                                                                                                                                                                0x01331748
                                                                                                                                                                                                                                0x01331748
                                                                                                                                                                                                                                0x01331754
                                                                                                                                                                                                                                0x0133175a
                                                                                                                                                                                                                                0x0133175c
                                                                                                                                                                                                                                0x0133175c
                                                                                                                                                                                                                                0x01331769
                                                                                                                                                                                                                                0x013317e1
                                                                                                                                                                                                                                0x013317ea
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013317ea
                                                                                                                                                                                                                                0x0133172e
                                                                                                                                                                                                                                0x013315cd
                                                                                                                                                                                                                                0x013315ed
                                                                                                                                                                                                                                0x013315ef
                                                                                                                                                                                                                                0x01331601
                                                                                                                                                                                                                                0x013315c7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013315c7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331601
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013315cd
                                                                                                                                                                                                                                0x01331559
                                                                                                                                                                                                                                0x01331561
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331563
                                                                                                                                                                                                                                0x0133157e
                                                                                                                                                                                                                                0x01331584
                                                                                                                                                                                                                                0x0133158b
                                                                                                                                                                                                                                0x013315c1
                                                                                                                                                                                                                                0x013315c1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013315c1
                                                                                                                                                                                                                                0x01331599
                                                                                                                                                                                                                                0x0133159f
                                                                                                                                                                                                                                0x013315a6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013315a6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331563
                                                                                                                                                                                                                                0x013314d8
                                                                                                                                                                                                                                0x013314e0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013314e2
                                                                                                                                                                                                                                0x01331505
                                                                                                                                                                                                                                0x0133150b
                                                                                                                                                                                                                                0x01331512
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331524
                                                                                                                                                                                                                                0x0133152a
                                                                                                                                                                                                                                0x01331531
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331531
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013314e2
                                                                                                                                                                                                                                0x01331453
                                                                                                                                                                                                                                0x01331228

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0133072A
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 0133077B
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 0133078B
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 01330E78
                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,0000004B,00000017,00000001), ref: 01330EB9
                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,0000004B,00000017,00000001), ref: 01330EF0
                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 01331039
                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 01331183
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 01331196
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 0133119F
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 013311A8
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 013311B1
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 013311BA
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 013311C9
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 013311E2
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 013311F5
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 01331202
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 0133120F
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 01331218
                                                                                                                                                                                                                                • IsWindow.USER32(73FDD360), ref: 0133124F
                                                                                                                                                                                                                                • DestroyWindow.USER32(73FDD360,?), ref: 01331279
                                                                                                                                                                                                                                • _free.LIBCMT ref: 013312A5
                                                                                                                                                                                                                                • _free.LIBCMT ref: 013312C8
                                                                                                                                                                                                                                • LoadStringW.USER32(00000065,?,00000140), ref: 013312F4
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 01331379
                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 01331447
                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 01331505
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000,?,?,0000006A,?,000000A0), ref: 01331524
                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 0133157E
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000,?,?,0000006A,?,000000A0), ref: 01331599
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000003,radio,checkbox,?,?,?,?,?,0000006A,?), ref: 013315ED
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000003,radio,checkbox,?,?,?,?,?,0000006A,?), ref: 01331610
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000003,?,?,0000006A,?,000000A0), ref: 0133161F
                                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,000000FF,?,00000002), ref: 013307B1
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0131FD37: RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 0131FD80
                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105,00000001,00000000,#ffffff), ref: 0133187A
                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?), ref: 01331882
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Show$CallbackDispatcherH_prolog3_TextUser_setlocale$EnableExceptionItemLongMoveRaise_free_memset$AttributesCurrentDestroyLayeredLoadLocalProcessRectRedrawStringTime__cftoe_strlen_wcslenswprintf
                                                                                                                                                                                                                                • String ID: #ffffff$%$%$2$@$Cancel$CancelX$CancelY$DisplayEulaOffer()...$Next$NextX$NextY$PreviousX$PreviousY$STRID_CANCEL$STRID_NEXT$STRID_TITLE$X$checkbox$radio
                                                                                                                                                                                                                                • API String ID: 166033501-1807799178
                                                                                                                                                                                                                                • Opcode ID: dba477473e036d4e048b879a2d5c391663288946d21a0a7f9701bc0cb13c4572
                                                                                                                                                                                                                                • Instruction ID: 17e8fff775d1d4451152f25716fcf32cf82490cfa9afc494de5ae3a37bb7d88f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dba477473e036d4e048b879a2d5c391663288946d21a0a7f9701bc0cb13c4572
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CA28D7194122ADFDB29DF28CD98BE9BB78BF54358F0402E8E519A7195CB701B84CF90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013318DF, Relevance: 45.3, APIs: 15, Strings: 10, Instructions: 1583COMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E013318DF(void* __ebx, intOrPtr __ecx, signed int __edi, void* __esi, void* __eflags) {
				intOrPtr _t770;
				intOrPtr _t777;
				void* _t778;
				void* _t783;
				void* _t784;
				void* _t806;
				void* _t810;
				signed int _t812;
				void* _t814;
				signed int _t825;
				signed int _t827;
				void* _t828;
				void* _t829;
				void* _t830;
				void* _t831;
				signed int _t832;
				void* _t833;
				void* _t866;
				signed int _t872;
				signed int _t876;
				void* _t885;
				void* _t889;
				signed int _t892;
				void* _t893;
				void* _t894;
				void* _t895;
				void* _t896;
				signed int _t897;
				signed int _t905;
				void* _t907;
				signed int _t916;
				intOrPtr _t933;
				signed int _t940;
				void* _t944;
				void* _t948;
				signed short _t953;
				signed int _t954;
				intOrPtr* _t964;
				signed int _t973;
				signed int _t975;
				void* _t976;
				void* _t977;
				void* _t978;
				void* _t979;
				signed int _t980;
				signed int _t1007;
				void* _t1017;
				void* _t1021;
				signed int _t1030;
				signed int _t1032;
				void* _t1033;
				void* _t1034;
				void* _t1035;
				void* _t1036;
				signed int _t1037;
				signed short _t1045;
				signed int _t1046;
				signed int _t1089;
				void* _t1103;
				signed short _t1113;
				signed int _t1114;
				void* _t1133;
				void* _t1134;
				void* _t1135;
				void* _t1136;
				signed int _t1176;
				signed int _t1181;
				signed int _t1183;
				signed int _t1189;
				void* _t1190;
				signed int _t1199;
				signed int _t1201;
				signed int _t1203;
				signed int _t1211;
				signed int _t1212;
				intOrPtr _t1217;
				void* _t1238;
				signed int _t1242;
				signed int _t1266;
				signed int _t1269;
				signed int _t1287;
				signed int _t1302;
				signed int _t1323;
				void* _t1332;
				signed int _t1335;
				signed int _t1336;
				signed int _t1352;
				signed int _t1353;
				signed int _t1355;
				signed int _t1359;
				signed int _t1360;
				signed int _t1362;
				signed int _t1364;
				signed int _t1370;
				signed int _t1373;
				signed int _t1380;
				signed int _t1388;
				signed int _t1393;
				signed int _t1398;
				signed int _t1399;
				signed int _t1402;
				signed int _t1409;
				signed int _t1424;
				signed int _t1429;
				signed int _t1430;
				signed int _t1436;
				signed int _t1447;
				void* _t1451;
				signed int _t1452;
				void* _t1453;
				signed int _t1454;
				void* _t1455;
				void* _t1482;

				_t1334 = __edi;
				_push(0x108);
				E0137C242(0x13973d9, __ebx, __edi, __esi);
				_t1176 =  *(_t1451 + 0xc);
				_t1370 = 0;
				 *((intOrPtr*)(_t1451 - 0x100)) = __ecx;
				 *(_t1451 - 0x110) =  *(_t1451 + 8);
				 *(_t1451 - 0x108) = _t1176;
				 *(_t1451 - 0xf4) = 0;
				 *((intOrPtr*)(_t1451 - 4)) = 0;
				_t1457 =  *0x13c2a33;
				if( *0x13c2a33 != 0) {
					_t1452 = _t1452 - 0x1c;
					 *(_t1451 - 0xfc) = _t1452;
					E01319638(_t1452, "DisplayDynamicUI()...");
					E0134BA76(_t1176, 0x13c2b18, _t1332, __edi, 0, _t1457);
				}
				_t770 =  *((intOrPtr*)(_t1176 + 4));
				 *(_t1451 - 0xf0) = _t1370;
				if(_t770 > _t1370) {
					while(1) {
						_t1335 =  *(_t1451 - 0xf0);
						if(_t1335 < _t1370 || _t1335 >= _t770) {
							break;
						}
						_t1336 = _t1335 * 0x198;
						 *(_t1451 - 0xec) = _t1336;
						E013116F0(_t1451 - 0x68,  *_t1176 + _t1336 + 0x28);
						 *((char*)(_t1451 - 4)) = 1;
						_t777 =  *((intOrPtr*)(_t1451 - 0x68));
						_t1333 = _t777;
						if( *((intOrPtr*)(_t1451 - 0x54)) < 0x10) {
							_t1333 = _t1451 - 0x68;
							_t777 = _t1451 - 0x68;
						}
						_t778 = _t777 +  *((intOrPtr*)(_t1451 - 0x58));
						_t1217 =  *((intOrPtr*)(_t1451 - 0x68));
						if( *((intOrPtr*)(_t1451 - 0x54)) < 0x10) {
							_t1217 = _t1451 - 0x68;
						}
						E013275E2(_t1451 - 0x114, _t1217, _t778, _t1333);
						_t1452 = _t1452 + 0x10;
						if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
							break;
						}
						_t783 =  *_t1176 + _t1336;
						 *((intOrPtr*)(_t1451 - 0x90)) =  *((intOrPtr*)(_t783 + 0xfc));
						_t784 = _t783 + 0xd0;
						 *((intOrPtr*)(_t1451 - 0x88)) =  *((intOrPtr*)(_t783 + 0xf4)) +  *((intOrPtr*)(_t783 + 0xfc));
						 *(_t1451 - 0x94) =  *((intOrPtr*)(_t784 + 0x28));
						 *((intOrPtr*)(_t1451 - 0x8c)) =  *((intOrPtr*)(_t784 + 0x20)) +  *((intOrPtr*)(_t784 + 0x28));
						E013116F0(_t1451 - 0xe8, _t784);
						 *((char*)(_t1451 - 4)) = 2;
						if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
							break;
						}
						E01319B08(_t1451 - 0xcc,  *_t1176 +  *(_t1451 - 0xec) + 0x44);
						 *((char*)(_t1451 - 4)) = 3;
						_t1334 = E01375190("bitmap");
						if(E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, _t791, "bitmap") != 0) {
							_t1334 = E01375190("png");
							if(E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, _t797, "png") != 0) {
								if(E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, E01375190("text"), "text") == 0) {
									L230:
									 *((intOrPtr*)(_t1451 - 0x1c)) = 7;
									 *(_t1451 - 0x20) = _t1370;
									 *(_t1451 - 0x30) = 0;
									 *((char*)(_t1451 - 4)) = 4;
									__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
									if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
										break;
									}
									_t1235 = _t1451 - 0x84;
									E01319B08(_t1451 - 0x84,  *_t1176 +  *(_t1451 - 0xec) + 0x44);
									_t1181 =  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70;
									_t1341 = _t1451 - 0x84;
									 *((char*)(_t1451 - 4)) = 5;
									_t806 = E0131FD87(_t1451 - 0x84, _t1451 - 0x84, _t1181);
									__eflags = _t806 - 0xffffffff;
									if(_t806 <= 0xffffffff) {
										_t1341 = 7;
										 *((short*)(_t1451 - 0x4c)) = 0;
										 *((intOrPtr*)(_t1451 - 0x38)) = _t1341;
										 *(_t1451 - 0x3c) = _t1370;
										E0131A995(_t1451 - 0x4c, _t1451 - 0x84, _t1370, 0xffffffff);
										 *((intOrPtr*)(_t1451 - 4)) = _t1341;
										_t651 = _t1451 - 0xf4;
										 *_t651 =  *(_t1451 - 0xf4) | 0x00000002;
										__eflags =  *_t651;
										_t810 = _t1451 - 0x4c;
									} else {
										_t1370 = _t1181;
										_t810 = E0131FD37(_t1451 - 0xb0, _t1235, _t1333, _t1341, _t1451 - 0xb0);
										 *((char*)(_t1451 - 4)) = 6;
										 *(_t1451 - 0xf4) =  *(_t1451 - 0xf4) | 0x00000001;
									}
									E0131A941(_t1451 - 0x30, _t810);
									__eflags =  *(_t1451 - 0xf4) & 0x00000002;
									if(( *(_t1451 - 0xf4) & 0x00000002) != 0) {
										_t658 = _t1451 - 0xf4;
										 *_t658 =  *(_t1451 - 0xf4) & 0xfffffffd;
										__eflags =  *_t658;
										E0131AA87(_t1451 - 0x4c, 1, 0);
									}
									 *((intOrPtr*)(_t1451 - 4)) = 5;
									__eflags =  *(_t1451 - 0xf4) & 0x00000001;
									if(__eflags != 0) {
										_t665 = _t1451 - 0xf4;
										 *_t665 =  *(_t1451 - 0xf4) & 0xfffffffe;
										__eflags =  *_t665;
										E0131AA87(_t1451 - 0xb0, 1, 0);
									}
									_t812 = E013753A6(_t1341, _t1370, __eflags);
									_t1238 = 0x74;
									 *(_t1451 - 0xfc) = _t812;
									 *((char*)(_t1451 - 4)) = 8;
									__eflags = _t812;
									if(__eflags == 0) {
										_t1334 = 0;
										__eflags = 0;
									} else {
										_push(_t812);
										_t1334 = E0132A15A(_t1181, _t1341, _t1370, __eflags);
									}
									_push(_t1238);
									 *((char*)(_t1451 - 4)) = 5;
									 *_t1452 =  *_t1452 & 0x00000000;
									__eflags =  *((intOrPtr*)(_t1451 - 0x1c)) - 8;
									_t814 =  *(_t1451 - 0x30);
									 *(_t1451 - 0xfc) = _t1452;
									if( *((intOrPtr*)(_t1451 - 0x1c)) < 8) {
										_t814 = _t1451 - 0x30;
									}
									_push(_t814);
									_push(_t1238);
									 *_t1452 = _t1451 - 0x94;
									 *(_t1451 - 0xfc) = _t1452;
									_push( *( *(_t1451 - 0x110)));
									E013449ED(_t1334); // executed
									__eflags = _t1334;
									if(_t1334 == 0) {
										_t680 = _t1451 - 0x104;
										 *_t680 =  *(_t1451 - 0x104) & 0x00000000;
										__eflags =  *_t680;
									} else {
										_t678 = _t1334 + 4; // 0x4
										 *(_t1451 - 0x104) = _t678;
									}
									E013454B5(_t1451 - 0x104,  *((intOrPtr*)(_t1451 - 0x100)) + 0x600);
									__eflags = _t1334;
									if(_t1334 == 0) {
										_t686 = _t1451 - 0x104;
										 *_t686 =  *(_t1451 - 0x104) & 0x00000000;
										__eflags =  *_t686;
									} else {
										_t684 = _t1334 + 4; // 0x4
										 *(_t1451 - 0x104) = _t684;
									}
									_t1452 = _t1452 - 0x1c;
									 *(_t1451 - 0xfc) = _t1452;
									E013116F0(_t1452, _t1451 + 0x10);
									_t1373 =  *(_t1451 - 0xf0);
									_t1183 =  *(_t1451 - 0x108);
									__eflags = _t1373 -  *((intOrPtr*)(_t1183 + 4));
									if(__eflags >= 0) {
										goto L282;
									}
									_push( *_t1183 +  *(_t1451 - 0xec));
									_push( *(_t1451 - 0x104));
									E013318DF(_t1183,  *((intOrPtr*)(_t1451 - 0x100)), _t1334, _t1373, __eflags); // executed
									__eflags = _t1373 -  *((intOrPtr*)(_t1183 + 4));
									if(_t1373 >=  *((intOrPtr*)(_t1183 + 4))) {
										goto L282;
									}
									_t1376 =  *_t1183 +  *(_t1451 - 0xec) + 0xb4;
									_t825 = E0132061F( *_t1183 +  *(_t1451 - 0xec) + 0xb4, 0x13a0f5e);
									__eflags = _t825;
									if(_t825 != 0) {
										 *((char*)(_t1334 + 0x2c)) = 0;
										__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1183 + 4));
										if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1183 + 4))) {
											goto L282;
										}
										_t1452 = _t1452 - 0x1c;
										__eflags =  *_t1183 +  *(_t1451 - 0xec) + 0xb4;
										 *(_t1451 - 0xfc) = _t1452;
										E013116F0(_t1452,  *_t1183 +  *(_t1451 - 0xec) + 0xb4);
										 *((intOrPtr*)(_t1334 + 0x24)) = E01333172(_t1183, _t1334, _t1376, __eflags);
									}
									__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1183 + 4));
									if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1183 + 4))) {
										goto L282;
									}
									_t827 = E0132061F( *_t1183 +  *(_t1451 - 0xec) + 0x98, 0x13a0f5e);
									__eflags = _t827;
									if(_t827 == 0) {
										_t1380 =  *(_t1451 - 0xec);
									} else {
										__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1183 + 4));
										if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1183 + 4))) {
											goto L282;
										}
										_t1380 =  *(_t1451 - 0xec);
										_t1452 = _t1452 - 0x1c;
										 *(_t1451 - 0xfc) = _t1452;
										E013116F0(_t1452,  *_t1183 + _t1380 + 0x98);
										 *((intOrPtr*)(_t1334 + 0x28)) = E01333172(_t1183, _t1334, _t1380, __eflags);
									}
									_t1242 =  *(_t1451 - 0xf0);
									__eflags = _t1242 -  *((intOrPtr*)(_t1183 + 4));
									if(_t1242 >=  *((intOrPtr*)(_t1183 + 4))) {
										goto L282;
									}
									_t828 =  *_t1183;
									__eflags =  *(_t828 + _t1380 + 0x100) - 0xffffffff;
									if( *(_t828 + _t1380 + 0x100) == 0xffffffff) {
										_t723 = _t1334 + 0x30;
										 *_t723 =  *(_t1334 + 0x30) | 0xffffffff;
										__eflags =  *_t723;
									} else {
										 *(_t1334 + 0x30) =  *(_t828 + _t1380 + 0x100);
										 *((char*)(_t1334 + 0x34)) = 0;
									}
									__eflags = _t1242 -  *((intOrPtr*)(_t1183 + 4));
									if(_t1242 >=  *((intOrPtr*)(_t1183 + 4))) {
										goto L282;
									}
									_t829 =  *_t1183;
									__eflags =  *((char*)(_t829 + _t1380 + 0x104));
									if( *((char*)(_t829 + _t1380 + 0x104)) != 0) {
										 *((char*)(_t1334 + 0x2d)) =  *((intOrPtr*)(_t829 + _t1380 + 0x104));
										 *((char*)(_t1334 + 0x34)) = 0;
									}
									__eflags = _t1242 -  *((intOrPtr*)(_t1183 + 4));
									if(_t1242 >=  *((intOrPtr*)(_t1183 + 4))) {
										goto L282;
									}
									_t830 =  *_t1183;
									__eflags =  *((char*)(_t830 + _t1380 + 0x105));
									if( *((char*)(_t830 + _t1380 + 0x105)) != 0) {
										 *((char*)(_t1334 + 0x2e)) =  *((intOrPtr*)(_t830 + _t1380 + 0x105));
										 *((char*)(_t1334 + 0x34)) = 0;
									}
									__eflags = _t1242 -  *((intOrPtr*)(_t1183 + 4));
									if(_t1242 >=  *((intOrPtr*)(_t1183 + 4))) {
										goto L282;
									}
									_t831 =  *_t1183;
									__eflags =  *((char*)(_t831 + _t1380 + 0x106));
									if( *((char*)(_t831 + _t1380 + 0x106)) != 0) {
										 *((char*)(_t1334 + 0x2f)) =  *((intOrPtr*)(_t831 + _t1380 + 0x106));
										 *((char*)(_t1334 + 0x34)) = 0;
									}
									__eflags = _t1242 -  *((intOrPtr*)(_t1183 + 4));
									if(_t1242 >=  *((intOrPtr*)(_t1183 + 4))) {
										goto L282;
									}
									_t832 = E0132061F( *_t1183 +  *(_t1451 - 0xec) + 0x108, 0x13a0f5e);
									__eflags = _t832;
									if(_t832 == 0) {
										_t833 = E01375190("Tahoma");
										_t754 = _t1334 + 0x38; // 0x38
										E01311568(_t754, __eflags, "Tahoma", _t833);
									} else {
										__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1183 + 4));
										if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1183 + 4))) {
											goto L282;
										}
										_t752 = _t1334 + 0x38; // 0x38
										E01311716(_t752,  *_t1183 +  *(_t1451 - 0xec) + 0x108, 0, 0xffffffff);
										 *((char*)(_t1334 + 0x34)) = 0;
									}
									goto L277;
								} else {
									if(E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, E01375190("hyperlink"), "hyperlink") != 0) {
										L17:
										_t1345 = E01375190("checkbox");
										_t866 = E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, _t864, "checkbox");
										_t1471 = _t866;
										if(_t866 != 0) {
											_t1347 = E01375190("radio");
											__eflags = E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, _t867, "radio");
											if(__eflags != 0) {
												_t872 = E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, E01375190("hyperlink"), "hyperlink");
												__eflags = _t872;
												if(_t872 != 0) {
													L180:
													_t1334 = E01375190("scrolltext");
													__eflags = E01320766( *((intOrPtr*)(_t1451 - 0x58)), _t1451 - 0x68, _t873, "scrolltext");
													if(__eflags == 0) {
														_push(0x84);
														_t876 = E013753A6(_t1334, _t1370, __eflags);
														 *(_t1451 - 0xfc) = _t876;
														 *((char*)(_t1451 - 4)) = 0x19;
														__eflags = _t876 - _t1370;
														if(__eflags == 0) {
															 *(_t1451 - 0xf8) = _t1370;
														} else {
															_push(_t876);
															 *(_t1451 - 0xf8) = E0132A510(_t1176, _t1334, _t1370, __eflags);
														}
														 *((intOrPtr*)(_t1451 - 0x1c)) = 7;
														 *(_t1451 - 0x20) = _t1370;
														 *(_t1451 - 0x30) = 0;
														 *((char*)(_t1451 - 4)) = 0x1a;
														__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
														if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
															break;
														}
														_t1263 = _t1451 - 0x84;
														E01319B08(_t1451 - 0x84,  *_t1176 +  *(_t1451 - 0xec) + 0x44);
														 *((char*)(_t1451 - 4)) = 0x1b;
														_t1351 = _t1451 - 0x84;
														 *(_t1451 - 0x104) =  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70;
														_t885 = E0131FD87(_t1451 - 0x84, _t1451 - 0x84,  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70);
														__eflags = _t885 - 0xffffffff;
														if(_t885 <= 0xffffffff) {
															 *((short*)(_t1451 - 0x4c)) = 0;
															 *((intOrPtr*)(_t1451 - 0x38)) = 7;
															 *(_t1451 - 0x3c) = _t1370;
															E0131A995(_t1451 - 0x4c, _t1451 - 0x84, _t1370, 0xffffffff);
															 *((intOrPtr*)(_t1451 - 4)) = 0x1d;
															_t535 = _t1451 - 0xf4;
															 *_t535 =  *(_t1451 - 0xf4) | 0x00000200;
															__eflags =  *_t535;
															_t889 = _t1451 - 0x4c;
														} else {
															_t889 = E0131FD37(_t1451 - 0xb0, _t1263, _t1333, _t1351, _t1451 - 0xb0);
															 *((char*)(_t1451 - 4)) = 0x1c;
															 *(_t1451 - 0xf4) =  *(_t1451 - 0xf4) | 0x00000100;
															_t1370 = 0;
														}
														E0131A941(_t1451 - 0x30, _t889);
														__eflags =  *(_t1451 - 0xf4) & 0x00000200;
														if(( *(_t1451 - 0xf4) & 0x00000200) != 0) {
															_t542 = _t1451 - 0xf4;
															 *_t542 =  *(_t1451 - 0xf4) & 0xfffffdff;
															__eflags =  *_t542;
															E0131AA87(_t1451 - 0x4c, 1, _t1370);
														}
														 *((intOrPtr*)(_t1451 - 4)) = 0x1b;
														__eflags =  *(_t1451 - 0xf4) & 0x00000100;
														if(( *(_t1451 - 0xf4) & 0x00000100) != 0) {
															_t549 = _t1451 - 0xf4;
															 *_t549 =  *(_t1451 - 0xf4) & 0xfffffeff;
															__eflags =  *_t549;
															E0131AA87(_t1451 - 0xb0, 1, _t1370);
														}
														__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
														if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
															break;
														}
														_t1387 =  *_t1176 +  *(_t1451 - 0xec) + 0x98;
														_t892 = E0132061F( *_t1176 +  *(_t1451 - 0xec) + 0x98, 0x13a0f5e);
														__eflags = _t892;
														if(_t892 == 0) {
															_t1352 =  *(_t1451 - 0xf8);
														} else {
															__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
															if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
																goto L282;
															}
															_t1452 = _t1452 - 0x1c;
															 *(_t1451 - 0xfc) = _t1452;
															E013116F0(_t1452,  *_t1176 +  *(_t1451 - 0xec) + 0x98);
															_t933 = E01333172(_t1176, _t1351, _t1387, __eflags);
															_t1352 =  *(_t1451 - 0xf8);
															 *((intOrPtr*)(_t1352 + 0x3c)) = _t933;
														}
														_t1388 =  *(_t1451 - 0xf0);
														__eflags = _t1388 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1388 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t893 =  *_t1176;
														_t1266 =  *(_t1451 - 0xec);
														__eflags =  *(_t893 + _t1266 + 0x100) - 0xffffffff;
														if( *(_t893 + _t1266 + 0x100) == 0xffffffff) {
															_t572 = _t1352 + 0x78;
															 *_t572 =  *(_t1352 + 0x78) | 0xffffffff;
															__eflags =  *_t572;
														} else {
															 *(_t1352 + 0x78) =  *(_t893 + _t1266 + 0x100);
															 *((char*)(_t1352 + 0x7f)) = 0;
														}
														__eflags = _t1388 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1388 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t894 =  *_t1176;
														__eflags =  *((char*)(_t894 + _t1266 + 0x104));
														if( *((char*)(_t894 + _t1266 + 0x104)) != 0) {
															 *((char*)(_t1352 + 0x7c)) =  *((intOrPtr*)(_t894 + _t1266 + 0x104));
															 *((char*)(_t1352 + 0x7f)) = 0;
														}
														__eflags = _t1388 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1388 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t895 =  *_t1176;
														__eflags =  *((char*)(_t895 + _t1266 + 0x105));
														if( *((char*)(_t895 + _t1266 + 0x105)) != 0) {
															 *((char*)(_t1352 + 0x7d)) =  *((intOrPtr*)(_t895 + _t1266 + 0x105));
															 *((char*)(_t1352 + 0x7f)) = 0;
														}
														__eflags = _t1388 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1388 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t896 =  *_t1176;
														__eflags =  *((char*)(_t896 + _t1266 + 0x106));
														if( *((char*)(_t896 + _t1266 + 0x106)) != 0) {
															 *((char*)(_t1352 + 0x7e)) =  *((intOrPtr*)(_t896 + _t1266 + 0x106));
															 *((char*)(_t1352 + 0x7f)) = 0;
														}
														__eflags = _t1388 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1388 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t897 = E0132061F( *_t1176 +  *(_t1451 - 0xec) + 0x108, 0x13a0f5e);
														__eflags = _t897;
														if(_t897 == 0) {
															E01311568(_t1352 + 0x5c, __eflags, "Tahoma", E01375190("Tahoma"));
															_t1393 =  *(_t1451 - 0xf0);
														} else {
															_t1393 =  *(_t1451 - 0xf0);
															__eflags = _t1393 -  *((intOrPtr*)(_t1176 + 4));
															if(_t1393 >=  *((intOrPtr*)(_t1176 + 4))) {
																goto L282;
															}
															E01311716(_t1352 + 0x5c,  *_t1176 +  *(_t1451 - 0xec) + 0x108, 0, 0xffffffff);
															 *((char*)(_t1352 + 0x7f)) = 0;
														}
														__eflags = _t1393 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1393 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t1269 =  *(_t1451 - 0xec);
														 *((char*)(_t1352 + 0x81)) =  *((intOrPtr*)( *_t1176 + _t1269 + 0x15c));
														__eflags = _t1393 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1393 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														 *((char*)(_t1352 + 0x80)) =  *((intOrPtr*)( *_t1176 + _t1269 + 0x15d));
														__eflags = _t1393 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1393 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t905 =  *((intOrPtr*)( *_t1176 + _t1269 + 0x15e));
														 *((char*)(_t1352 + 0x82)) = _t905;
														__eflags = _t1393 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1393 >=  *((intOrPtr*)(_t1176 + 4))) {
															goto L282;
														}
														_t1189 =  *((intOrPtr*)( *_t1176 + _t1269 + 0x15f));
														 *((char*)(_t1352 + 0x83)) = _t1189;
														_t1270 = 0x50001000;
														__eflags = _t905;
														if(_t905 != 0) {
															_t1270 = 0x50001004;
															__eflags = 0x50001000;
														}
														__eflags =  *((char*)(_t1352 + 0x81));
														if( *((char*)(_t1352 + 0x81)) != 0) {
															_t1270 = _t1270 | 0x00200040;
															__eflags = _t1270;
														}
														__eflags =  *((char*)(_t1352 + 0x80));
														if( *((char*)(_t1352 + 0x80)) != 0) {
															_t1270 = _t1270 | 0x00100080;
															__eflags = _t1270;
														}
														__eflags = _t1189;
														if(_t1189 != 0) {
															_t1270 = _t1270 | 0x00000800;
															__eflags = _t1270;
														}
														_push(_t1270);
														 *_t1452 =  *_t1452 & 0x00000000;
														__eflags =  *((intOrPtr*)(_t1451 - 0x1c)) - 8;
														_t907 =  *(_t1451 - 0x30);
														 *(_t1451 - 0xfc) = _t1452;
														if( *((intOrPtr*)(_t1451 - 0x1c)) < 8) {
															_t907 = _t1451 - 0x30;
														}
														_push(_t1270);
														_push(_t907);
														_push(_t1270);
														 *_t1452 = _t1451 - 0x94;
														 *(_t1451 - 0xfc) = _t1452;
														_push( *( *(_t1451 - 0x110)));
														E01344E56(_t1352);
														E013209BC(_t1333, _t1352);
														goto L122;
													}
												} else {
													_t1353 =  *(_t1451 - 0xf0);
													__eflags = _t1353 -  *((intOrPtr*)(_t1176 + 4));
													if(_t1353 >=  *((intOrPtr*)(_t1176 + 4))) {
														break;
													}
													__eflags =  *((intOrPtr*)( *_t1176 +  *(_t1451 - 0xec) + 0xe0)) - _t1370;
													if(__eflags == 0) {
														goto L180;
													} else {
														_push(0x8c);
														_t940 = E013753A6(_t1353, _t1370, __eflags);
														 *(_t1451 - 0xfc) = _t940;
														 *((char*)(_t1451 - 4)) = 0x13;
														__eflags = _t940 - _t1370;
														if(__eflags == 0) {
															 *(_t1451 - 0xf8) = _t1370;
														} else {
															_push(_t940);
															 *(_t1451 - 0xf8) = E0132A411(_t1176, _t1353, _t1370, __eflags);
														}
														 *(_t1451 - 0xfc) =  *(_t1451 - 0xf8);
														 *((intOrPtr*)(_t1451 - 0x1c)) = 7;
														 *(_t1451 - 0x20) = _t1370;
														 *(_t1451 - 0x30) = 0;
														 *((char*)(_t1451 - 4)) = 0x14;
														__eflags = _t1353 -  *((intOrPtr*)(_t1176 + 4));
														if(_t1353 >=  *((intOrPtr*)(_t1176 + 4))) {
															break;
														}
														_t1280 = _t1451 - 0x84;
														E01319B08(_t1451 - 0x84,  *_t1176 +  *(_t1451 - 0xec) + 0x44);
														_t1354 = _t1451 - 0x84;
														 *((char*)(_t1451 - 4)) = 0x15;
														_t944 = E0131FD87(_t1451 - 0x84, _t1451 - 0x84,  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70);
														__eflags = _t944 - 0xffffffff;
														if(_t944 <= 0xffffffff) {
															 *((short*)(_t1451 - 0x4c)) = 0;
															 *((intOrPtr*)(_t1451 - 0x38)) = 7;
															 *(_t1451 - 0x3c) = _t1370;
															E0131A995(_t1451 - 0x4c, _t1451 - 0x84, _t1370, 0xffffffff);
															 *((intOrPtr*)(_t1451 - 4)) = 0x17;
															_t391 = _t1451 - 0xf4;
															 *_t391 =  *(_t1451 - 0xf4) | 0x00000080;
															__eflags =  *_t391;
															_t948 = _t1451 - 0x4c;
														} else {
															_t948 = E0131FD37(_t1451 - 0xb0, _t1280, _t1333, _t1354, _t1451 - 0xb0);
															 *((char*)(_t1451 - 4)) = 0x16;
															 *(_t1451 - 0xf4) =  *(_t1451 - 0xf4) | 0x00000040;
														}
														E0131A941(_t1451 - 0x30, _t948);
														__eflags =  *(_t1451 - 0xf4) & 0x00000080;
														if(( *(_t1451 - 0xf4) & 0x00000080) != 0) {
															_t398 = _t1451 - 0xf4;
															 *_t398 =  *(_t1451 - 0xf4) & 0xffffff7f;
															__eflags =  *_t398;
															E0131AA87(_t1451 - 0x4c, 1, 0);
														}
														 *((intOrPtr*)(_t1451 - 4)) = 0x15;
														__eflags =  *(_t1451 - 0xf4) & 0x00000040;
														if(( *(_t1451 - 0xf4) & 0x00000040) != 0) {
															_t405 = _t1451 - 0xf4;
															 *_t405 =  *(_t1451 - 0xf4) & 0xffffffbf;
															__eflags =  *_t405;
															E0131AA87(_t1451 - 0xb0, 1, 0);
														}
														_t1398 =  *(_t1451 - 0x30);
														__eflags =  *((intOrPtr*)(_t1451 - 0x1c)) - 8;
														if( *((intOrPtr*)(_t1451 - 0x1c)) < 8) {
															_t1398 = _t1451 - 0x30;
														}
														_t1355 =  *( *(_t1451 - 0x110));
														__eflags =  *0x13bfb80; // 0x0
														if(__eflags == 0) {
															 *0x13bfb80 = 0;
														}
														_push( *((intOrPtr*)(_t1451 - 0x114)));
														_t953 = E0131D71A(0x13bfb50,  *(_t1451 - 0xf8) + 0x20);
														_t1453 = _t1452 + 0xc;
														_t954 = _t953 & 0x0000ffff;
														__eflags = _t1398;
														if (__eflags != 0) goto L142;
														_t1197 =  *(_t1451 - 0xf8);
														E01347E09( *(_t1451 - 0xf8), __eflags, _t1355, _t1451 - 0x94, _t1398, 0x50000000, 0, 0, _t954);
														_t1334 =  *(_t1451 - 0x108);
														_push(0xffffffff);
														_push(0xfde9);
														_push(0xfde9);
														__eflags =  *(_t1451 - 0xf0) -  *(_t1334 + 4);
														if( *(_t1451 - 0xf0) >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t1454 = _t1453 - 0x1c;
														 *(_t1451 - 0x10c) = _t1454;
														E013116F0(_t1454,  *_t1334 +  *(_t1451 - 0xec) + 0xd0);
														_push(_t1451 - 0xb0);
														_t964 = E0135BED6(_t1197, _t1334, _t1398, __eflags);
														_t1455 = _t1454 + 0x2c;
														 *((char*)(_t1451 - 4)) = 0x18;
														__eflags =  *((intOrPtr*)(_t964 + 0x14)) - 8;
														if(__eflags >= 0) {
															_t964 =  *_t964;
														}
														_t1399 =  *(_t1451 - 0xf8);
														_push(_t964);
														_push(_t1399);
														E01344A79(_t1197, _t1334, _t1399, __eflags);
														 *((char*)(_t1451 - 4)) = 0x15;
														E0131AA87(_t1451 - 0xb0, 1, 0);
														__eflags = _t1399;
														if(_t1399 == 0) {
															_t428 = _t1451 - 0x104;
															 *_t428 =  *(_t1451 - 0x104) & 0x00000000;
															__eflags =  *_t428;
														} else {
															 *(_t1451 - 0x104) = _t1399 + 4;
														}
														E013454B5(_t1451 - 0x104,  *((intOrPtr*)(_t1451 - 0x100)) + 0x600);
														_t1199 =  *(_t1451 - 0xf8);
														__eflags = _t1199;
														if(_t1199 == 0) {
															_t435 = _t1451 - 0x104;
															 *_t435 =  *(_t1451 - 0x104) & 0x00000000;
															__eflags =  *_t435;
														} else {
															 *(_t1451 - 0x104) = _t1199 + 4;
														}
														_t1452 = _t1455 - 0x1c;
														 *(_t1451 - 0x10c) = _t1452;
														E013116F0(_t1452, _t1451 + 0x10);
														_t1402 =  *(_t1451 - 0xf0);
														__eflags = _t1402 -  *(_t1334 + 4);
														if(__eflags >= 0) {
															goto L282;
														}
														_push( *_t1334 +  *(_t1451 - 0xec));
														_push( *(_t1451 - 0x104));
														E013318DF(_t1199,  *((intOrPtr*)(_t1451 - 0x100)), _t1334, _t1402, __eflags);
														__eflags = _t1402 -  *(_t1334 + 4);
														if(_t1402 >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t1405 =  *_t1334 +  *(_t1451 - 0xec) + 0xb4;
														_t973 = E0132061F( *_t1334 +  *(_t1451 - 0xec) + 0xb4, 0x13a0f5e);
														__eflags = _t973;
														if(_t973 != 0) {
															 *((char*)(_t1199 + 0x64)) = 0;
															__eflags =  *(_t1451 - 0xf0) -  *(_t1334 + 4);
															if( *(_t1451 - 0xf0) >=  *(_t1334 + 4)) {
																goto L282;
															}
															_t1452 = _t1452 - 0x1c;
															__eflags =  *_t1334 +  *(_t1451 - 0xec) + 0xb4;
															 *(_t1451 - 0x10c) = _t1452;
															E013116F0(_t1452,  *_t1334 +  *(_t1451 - 0xec) + 0xb4);
															 *((intOrPtr*)(_t1199 + 0x5c)) = E01333172(_t1199, _t1334, _t1405, __eflags);
														}
														__eflags =  *(_t1451 - 0xf0) -  *(_t1334 + 4);
														if( *(_t1451 - 0xf0) >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t975 = E0132061F( *_t1334 +  *(_t1451 - 0xec) + 0x98, 0x13a0f5e);
														__eflags = _t975;
														if(_t975 == 0) {
															_t1409 =  *(_t1451 - 0xec);
															 *((char*)(_t1199 + 0x6d)) = 1;
														} else {
															__eflags =  *(_t1451 - 0xf0) -  *(_t1334 + 4);
															if( *(_t1451 - 0xf0) >=  *(_t1334 + 4)) {
																goto L282;
															}
															_t1409 =  *(_t1451 - 0xec);
															_t1452 = _t1452 - 0x1c;
															 *(_t1451 - 0x10c) = _t1452;
															E013116F0(_t1452,  *_t1334 + _t1409 + 0x98);
															 *((intOrPtr*)(_t1199 + 0x60)) = E01333172(_t1199, _t1334, _t1409, __eflags);
															 *((char*)(_t1199 + 0x6d)) = 0;
														}
														_t1287 =  *(_t1451 - 0xf0);
														__eflags = _t1287 -  *(_t1334 + 4);
														if(_t1287 >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t976 =  *_t1334;
														__eflags =  *(_t976 + _t1409 + 0x100) - 0xffffffff;
														if( *(_t976 + _t1409 + 0x100) == 0xffffffff) {
															_t472 = _t1199 + 0x68;
															 *_t472 =  *(_t1199 + 0x68) | 0xffffffff;
															__eflags =  *_t472;
														} else {
															 *(_t1199 + 0x68) =  *(_t976 + _t1409 + 0x100);
														}
														__eflags = _t1287 -  *(_t1334 + 4);
														if(_t1287 >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t977 =  *_t1334;
														__eflags =  *((char*)(_t977 + _t1409 + 0x104));
														if( *((char*)(_t977 + _t1409 + 0x104)) != 0) {
															 *((char*)(_t1199 + 0x65)) =  *((intOrPtr*)(_t977 + _t1409 + 0x104));
															 *((char*)(_t1199 + 0x6c)) = 0;
														}
														__eflags = _t1287 -  *(_t1334 + 4);
														if(_t1287 >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t978 =  *_t1334;
														__eflags =  *((char*)(_t978 + _t1409 + 0x105));
														if( *((char*)(_t978 + _t1409 + 0x105)) != 0) {
															 *((char*)(_t1199 + 0x66)) =  *((intOrPtr*)(_t978 + _t1409 + 0x105));
															 *((char*)(_t1199 + 0x6c)) = 0;
														}
														__eflags = _t1287 -  *(_t1334 + 4);
														if(_t1287 >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t979 =  *_t1334;
														__eflags =  *((char*)(_t979 + _t1409 + 0x107));
														if( *((char*)(_t979 + _t1409 + 0x107)) != 0) {
															 *((char*)(_t1199 + 0x67)) =  *((intOrPtr*)(_t979 + _t1409 + 0x106));
															 *((char*)(_t1199 + 0x6c)) = 0;
														}
														__eflags = _t1287 -  *(_t1334 + 4);
														if(_t1287 >=  *(_t1334 + 4)) {
															goto L282;
														}
														_t980 = E0132061F( *_t1334 +  *(_t1451 - 0xec) + 0x108, 0x13a0f5e);
														__eflags = _t980;
														if(_t980 == 0) {
															E01311568(_t1199 + 0x70, __eflags, "Tahoma", E01375190("Tahoma"));
														} else {
															__eflags =  *(_t1451 - 0xf0) -  *(_t1334 + 4);
															if( *(_t1451 - 0xf0) >=  *(_t1334 + 4)) {
																goto L282;
															}
															E01311716(_t1199 + 0x70, _t1334, 0, 0xffffffff);
															 *((char*)(_t1199 + 0x6c)) = 0;
														}
														E013454B5(_t1451 - 0xfc,  *((intOrPtr*)(_t1451 - 0x100)) + 0x134);
														goto L277;
													}
												}
											} else {
												_push(0x120);
												_t1007 = E013753A6(_t1347, _t1370, __eflags);
												 *(_t1451 - 0xfc) = _t1007;
												 *((char*)(_t1451 - 4)) = 0xe;
												__eflags = _t1007 - _t1370;
												if(__eflags == 0) {
													 *(_t1451 - 0xf8) = _t1370;
												} else {
													_push(_t1007);
													 *(_t1451 - 0xf8) = E0131FE5B(_t1176, _t1347, _t1370, __eflags);
												}
												 *(_t1451 - 0xfc) =  *(_t1451 - 0xf8);
												 *((intOrPtr*)(_t1451 - 0x1c)) = 7;
												 *(_t1451 - 0x20) = _t1370;
												 *(_t1451 - 0x30) = 0;
												 *((char*)(_t1451 - 4)) = 0xf;
												__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
												if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
													break;
												}
												_t1296 = _t1451 - 0x84;
												E01319B08(_t1451 - 0x84,  *_t1176 +  *(_t1451 - 0xec) + 0x44);
												 *((char*)(_t1451 - 4)) = 0x10;
												_t1358 = _t1451 - 0x84;
												 *(_t1451 - 0x104) =  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70;
												_t1017 = E0131FD87(_t1451 - 0x84, _t1451 - 0x84,  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70);
												__eflags = _t1017 - 0xffffffff;
												if(_t1017 <= 0xffffffff) {
													 *((short*)(_t1451 - 0x4c)) = 0;
													 *((intOrPtr*)(_t1451 - 0x38)) = 7;
													 *(_t1451 - 0x3c) = _t1370;
													E0131A995(_t1451 - 0x4c, _t1451 - 0x84, _t1370, 0xffffffff);
													 *((intOrPtr*)(_t1451 - 4)) = 0x12;
													_t239 = _t1451 - 0xf4;
													 *_t239 =  *(_t1451 - 0xf4) | 0x00000020;
													__eflags =  *_t239;
													_t1021 = _t1451 - 0x4c;
												} else {
													_t1021 = E0131FD37(_t1451 - 0xb0, _t1296, _t1333, _t1358, _t1451 - 0xb0);
													 *((char*)(_t1451 - 4)) = 0x11;
													 *(_t1451 - 0xf4) =  *(_t1451 - 0xf4) | 0x00000010;
													_t1370 = 0;
												}
												E0131A941(_t1451 - 0x30, _t1021);
												__eflags =  *(_t1451 - 0xf4) & 0x00000020;
												if(( *(_t1451 - 0xf4) & 0x00000020) != 0) {
													_t246 = _t1451 - 0xf4;
													 *_t246 =  *(_t1451 - 0xf4) & 0xffffffdf;
													__eflags =  *_t246;
													E0131AA87(_t1451 - 0x4c, 1, _t1370);
												}
												 *((intOrPtr*)(_t1451 - 4)) = 0x10;
												__eflags =  *(_t1451 - 0xf4) & 0x00000010;
												if(( *(_t1451 - 0xf4) & 0x00000010) != 0) {
													_t253 = _t1451 - 0xf4;
													 *_t253 =  *(_t1451 - 0xf4) & 0xffffffef;
													__eflags =  *_t253;
													E0131AA87(_t1451 - 0xb0, 1, _t1370);
												}
												_t1359 =  *(_t1451 - 0xf0);
												__eflags = _t1359 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1359 >=  *((intOrPtr*)(_t1176 + 4))) {
													break;
												}
												E01311716( *(_t1451 - 0xf8) + 0x6c,  *_t1176 +  *(_t1451 - 0xec) + 0xc, _t1370, 0xffffffff);
												__eflags = _t1359 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1359 >=  *((intOrPtr*)(_t1176 + 4))) {
													break;
												}
												 *((intOrPtr*)( *(_t1451 - 0xf8) + 0x88)) =  *_t1176 +  *(_t1451 - 0xec) + 0xec;
												__eflags = _t1359 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1359 >=  *((intOrPtr*)(_t1176 + 4))) {
													break;
												}
												_t1420 =  *_t1176 +  *(_t1451 - 0xec) + 0xb4;
												_t1030 = E0132061F( *_t1176 +  *(_t1451 - 0xec) + 0xb4, 0x13a0f5e);
												_t1360 =  *(_t1451 - 0xf8);
												__eflags = _t1030;
												if(_t1030 != 0) {
													 *((char*)(_t1360 + 0x68)) = 0;
													__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
													if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
														goto L282;
													}
													_t1452 = _t1452 - 0x1c;
													__eflags =  *_t1176 +  *(_t1451 - 0xec) + 0xb4;
													 *(_t1451 - 0x10c) = _t1452;
													E013116F0(_t1452,  *_t1176 +  *(_t1451 - 0xec) + 0xb4);
													 *((intOrPtr*)(_t1360 + 0x60)) = E01333172(_t1176, _t1360, _t1420, __eflags);
												}
												__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
												if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
													goto L282;
												}
												_t1032 = E0132061F( *_t1176 +  *(_t1451 - 0xec) + 0x98, 0x13a0f5e);
												__eflags = _t1032;
												if(_t1032 == 0) {
													_t1424 =  *(_t1451 - 0xec);
												} else {
													__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
													if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
														goto L282;
													}
													_t1424 =  *(_t1451 - 0xec);
													_t1452 = _t1452 - 0x1c;
													 *(_t1451 - 0x10c) = _t1452;
													E013116F0(_t1452,  *_t1176 + _t1424 + 0x98);
													 *((intOrPtr*)(_t1360 + 0x64)) = E01333172(_t1176, _t1360, _t1424, __eflags);
												}
												_t1302 =  *(_t1451 - 0xf0);
												__eflags = _t1302 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1302 >=  *((intOrPtr*)(_t1176 + 4))) {
													goto L282;
												}
												_t1033 =  *_t1176;
												__eflags =  *(_t1033 + _t1424 + 0x100) - 0xffffffff;
												if( *(_t1033 + _t1424 + 0x100) == 0xffffffff) {
													_t292 = _t1360 + 0x90;
													 *_t292 =  *(_t1360 + 0x90) | 0xffffffff;
													__eflags =  *_t292;
												} else {
													 *(_t1360 + 0x90) =  *(_t1033 + _t1424 + 0x100);
													 *((char*)(_t1360 + 0x94)) = 0;
												}
												__eflags = _t1302 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1302 >=  *((intOrPtr*)(_t1176 + 4))) {
													goto L282;
												}
												_t1034 =  *_t1176;
												__eflags =  *((char*)(_t1034 + _t1424 + 0x104));
												if( *((char*)(_t1034 + _t1424 + 0x104)) != 0) {
													 *((char*)(_t1360 + 0x8c)) =  *((intOrPtr*)(_t1034 + _t1424 + 0x104));
													 *((char*)(_t1360 + 0x94)) = 0;
												}
												__eflags = _t1302 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1302 >=  *((intOrPtr*)(_t1176 + 4))) {
													goto L282;
												}
												_t1035 =  *_t1176;
												__eflags =  *((char*)(_t1035 + _t1424 + 0x105));
												if( *((char*)(_t1035 + _t1424 + 0x105)) != 0) {
													 *((char*)(_t1360 + 0x8d)) =  *((intOrPtr*)(_t1035 + _t1424 + 0x105));
													 *((char*)(_t1360 + 0x94)) = 0;
												}
												__eflags = _t1302 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1302 >=  *((intOrPtr*)(_t1176 + 4))) {
													goto L282;
												}
												_t1036 =  *_t1176;
												__eflags =  *((char*)(_t1036 + _t1424 + 0x106));
												if( *((char*)(_t1036 + _t1424 + 0x106)) != 0) {
													 *((char*)(_t1360 + 0x8e)) =  *((intOrPtr*)(_t1036 + _t1424 + 0x106));
													 *((char*)(_t1360 + 0x94)) = 0;
												}
												__eflags = _t1302 -  *((intOrPtr*)(_t1176 + 4));
												if(_t1302 >=  *((intOrPtr*)(_t1176 + 4))) {
													goto L282;
												}
												_t1037 = E0132061F( *_t1176 +  *(_t1451 - 0xec) + 0x108, 0x13a0f5e);
												__eflags = _t1037;
												if(_t1037 == 0) {
													E01311568(_t1360 + 0x104, __eflags, "Tahoma", E01375190("Tahoma"));
													_t1429 = 0;
													__eflags = 0;
												} else {
													__eflags =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t1176 + 4));
													if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
														goto L282;
													}
													_t1429 = 0;
													E01311716(_t1360 + 0x104,  *_t1176 +  *(_t1451 - 0xec) + 0x108, 0, 0xffffffff);
													 *((char*)(_t1360 + 0x94)) = 0;
												}
												E0131A995(_t1360 + 0xb4, _t1451 - 0x30, _t1429, 0xffffffff);
												__eflags =  *((intOrPtr*)(_t1451 - 0x1c)) - 8;
												_t1201 =  *(_t1451 - 0x30);
												if( *((intOrPtr*)(_t1451 - 0x1c)) < 8) {
													_t1201 = _t1451 - 0x30;
												}
												 *(_t1451 - 0x10c) =  *( *(_t1451 - 0x110));
												__eflags =  *0x13bfd30 - _t1429; // 0x0
												if(__eflags == 0) {
													 *0x13bfd30 = _t1429;
												}
												_push( *((intOrPtr*)(_t1451 - 0x114)));
												_t1045 = E0131D71A(0x13bfd00, _t1360 + 0x20);
												_t1452 = _t1452 + 0xc;
												_t1046 = _t1045 & 0x0000ffff;
												__eflags = _t1201 - _t1429;
												if(__eflags == 0) {
													_t1201 = 0;
													__eflags = 0;
												}
												E01347E09(_t1360, __eflags,  *(_t1451 - 0x10c), _t1451 - 0x94, _t1201, 0x50000009, _t1429, 0, _t1046);
												_t1352 =  *(_t1451 - 0xf8);
												 *((intOrPtr*)(_t1352 + 0xd0)) =  *((intOrPtr*)(_t1451 - 0x100));
												E01311716(_t1352 + 0x98, _t1451 + 0x10, 0, 0xffffffff);
												_t1203 =  *(_t1451 - 0xf0);
												_t1430 =  *(_t1451 - 0x108);
												__eflags = _t1203 -  *((intOrPtr*)(_t1430 + 4));
												if(_t1203 >=  *((intOrPtr*)(_t1430 + 4))) {
													goto L282;
												}
												E01311716(_t1352 + 0xe4,  *_t1430 +  *(_t1451 - 0xec) + 0x164, 0, 0xffffffff);
												__eflags = _t1203 -  *((intOrPtr*)(_t1430 + 4));
												if(_t1203 >=  *((intOrPtr*)(_t1430 + 4))) {
													goto L282;
												}
												 *((char*)(_t1352 + 0x100)) =  *((intOrPtr*)( *_t1430 +  *(_t1451 - 0xec) + 0x180));
												__eflags = _t1203 -  *((intOrPtr*)(_t1430 + 4));
												if(_t1203 >=  *((intOrPtr*)(_t1430 + 4))) {
													goto L282;
												}
												E0134470C( *_t1430 +  *(_t1451 - 0xec) + 0x184, _t1352 + 0xd4);
												__eflags = _t1203 -  *((intOrPtr*)(_t1430 + 4));
												if(_t1203 >=  *((intOrPtr*)(_t1430 + 4))) {
													goto L282;
												}
												E01320401( *((intOrPtr*)( *_t1430 +  *(_t1451 - 0xec) + 0xec)), _t1203, _t1352,  *_t1430 +  *(_t1451 - 0xec));
												__eflags =  *((intOrPtr*)(_t1451 - 0x100)) + 0x618;
												E013454B5(_t1451 - 0xfc,  *((intOrPtr*)(_t1451 - 0x100)) + 0x618);
												L122:
												_t1334 = _t1352 + 4;
												 *(_t1451 - 0xfc) = _t1334;
												_t1190 = _t1451 - 0xfc;
												goto L68;
											}
										} else {
											_push(0xf4);
											_t1089 = E013753A6(_t1345, _t1370, _t1471);
											 *(_t1451 - 0xfc) = _t1089;
											 *((char*)(_t1451 - 4)) = 9;
											_t1472 = _t1089 - _t1370;
											if(_t1089 == _t1370) {
												 *(_t1451 - 0xf8) = _t1370;
											} else {
												_push(_t1089);
												 *(_t1451 - 0xf8) = E0132A1F9(_t1176, _t1345, _t1370, _t1472);
											}
											 *(_t1451 - 0x10c) =  *(_t1451 - 0xf8);
											 *((intOrPtr*)(_t1451 - 0x1c)) = 7;
											 *(_t1451 - 0x20) = _t1370;
											 *(_t1451 - 0x30) = 0;
											 *((char*)(_t1451 - 4)) = 0xa;
											if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
												break;
											}
											_t1315 = _t1451 - 0x84;
											E01319B08(_t1451 - 0x84,  *_t1176 +  *(_t1451 - 0xec) + 0x44);
											 *((char*)(_t1451 - 4)) = 0xb;
											_t1361 = _t1451 - 0x84;
											 *(_t1451 - 0x104) =  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70;
											if(E0131FD87(_t1451 - 0x84, _t1451 - 0x84,  *((intOrPtr*)(_t1451 - 0x100)) + 0xa70) <= 0xffffffff) {
												 *((short*)(_t1451 - 0x4c)) = 0;
												 *((intOrPtr*)(_t1451 - 0x38)) = 7;
												 *(_t1451 - 0x3c) = _t1370;
												E0131A995(_t1451 - 0x4c, _t1451 - 0x84, _t1370, 0xffffffff);
												 *((intOrPtr*)(_t1451 - 4)) = 0xd;
												_t85 = _t1451 - 0xf4;
												 *_t85 =  *(_t1451 - 0xf4) | 0x00000008;
												__eflags =  *_t85;
												_t1103 = _t1451 - 0x4c;
											} else {
												_t1103 = E0131FD37(_t1451 - 0xb0, _t1315, _t1333, _t1361, _t1451 - 0xb0);
												 *((char*)(_t1451 - 4)) = 0xc;
												 *(_t1451 - 0xf4) =  *(_t1451 - 0xf4) | 0x00000004;
												_t1370 = 0;
											}
											E0131A941(_t1451 - 0x30, _t1103);
											if(( *(_t1451 - 0xf4) & 0x00000008) != 0) {
												 *(_t1451 - 0xf4) =  *(_t1451 - 0xf4) & 0xfffffff7;
												E0131AA87(_t1451 - 0x4c, 1, _t1370);
											}
											 *((intOrPtr*)(_t1451 - 4)) = 0xb;
											if(( *(_t1451 - 0xf4) & 0x00000004) != 0) {
												 *(_t1451 - 0xf4) =  *(_t1451 - 0xf4) & 0xfffffffb;
												E0131AA87(_t1451 - 0xb0, 1, _t1370);
											}
											if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
												break;
											}
											_t1362 =  *(_t1451 - 0xf8);
											E01311716(_t1362 + 0x38,  *_t1176 +  *(_t1451 - 0xec) + 0xc, _t1370, 0xffffffff);
											if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
												break;
											}
											 *((intOrPtr*)(_t1362 + 0x70)) =  *_t1176 +  *(_t1451 - 0xec) + 0xec;
											_t1211 =  *(_t1451 - 0x30);
											if( *((intOrPtr*)(_t1451 - 0x1c)) < 8) {
												_t1211 = _t1451 - 0x30;
											}
											 *(_t1451 - 0x104) =  *( *(_t1451 - 0x110));
											_t1482 =  *0x13bfca0 - _t1370; // 0x0
											if(_t1482 == 0) {
												 *0x13bfca0 = _t1370;
											}
											_push( *((intOrPtr*)(_t1451 - 0x114)));
											_t1113 = E0131D71A(0x13bfc70, _t1362 + 0x20);
											_t1452 = _t1452 + 0xc;
											_t1114 = _t1113 & 0x0000ffff;
											if(_t1211 == _t1370) {
												_t1211 = 0;
											}
											_t1212 =  *(_t1451 - 0xf8);
											E01347E09(_t1212, 0,  *(_t1451 - 0x104), _t1451 - 0x94, _t1211, 0x50000003, _t1370, _t1370, _t1114); // executed
											_t1436 =  *(_t1451 - 0xf0);
											_t1364 =  *(_t1451 - 0x108);
											if(_t1436 >=  *((intOrPtr*)(_t1364 + 4))) {
												L282:
												_push(0);
												_push(0);
												L281:
												RaiseException(0xc000008c, 1, ??, ??);
												goto L282;
											}
											E01311716(_t1212 + 0xa0,  *_t1364 +  *(_t1451 - 0xec) + 0x164, 0, 0xffffffff);
											if(_t1436 >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											E0134470C( *_t1364 +  *(_t1451 - 0xec) + 0x184, _t1212 + 0xbc);
											 *((intOrPtr*)(_t1212 + 0x9c)) =  *((intOrPtr*)(_t1451 - 0x100));
											if(_t1436 >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_t1439 =  *_t1364 +  *(_t1451 - 0xec) + 0xb4;
											if(E0132061F( *_t1364 +  *(_t1451 - 0xec) + 0xb4, 0x13a0f5e) != 0) {
												 *((char*)(_t1212 + 0x34)) = 0;
												if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1364 + 4))) {
													goto L282;
												}
												_t1452 = _t1452 - 0x1c;
												 *(_t1451 - 0xfc) = _t1452;
												E013116F0(_t1452,  *_t1364 +  *(_t1451 - 0xec) + 0xb4);
												 *((intOrPtr*)(_t1212 + 0x2c)) = E01333172(_t1212, _t1364, _t1439,  *_t1364 +  *(_t1451 - 0xec) + 0xb4);
											}
											if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_t1442 =  *_t1364 +  *(_t1451 - 0xec) + 0x98;
											if(E0132061F( *_t1364 +  *(_t1451 - 0xec) + 0x98, 0x13a0f5e) != 0) {
												if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1364 + 4))) {
													goto L282;
												}
												_t1452 = _t1452 - 0x1c;
												 *(_t1451 - 0xfc) = _t1452;
												E013116F0(_t1452,  *_t1364 +  *(_t1451 - 0xec) + 0x98);
												 *((intOrPtr*)(_t1212 + 0x30)) = E01333172(_t1212, _t1364, _t1442,  *_t1364 +  *(_t1451 - 0xec) + 0x98);
											}
											if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											if(E0132061F( *_t1364 +  *(_t1451 - 0xec) + 0x108, 0x13a0f5e) == 0) {
												E01311568(_t1212 + 0x54, __eflags, "Tahoma", E01375190("Tahoma"));
												_t1447 =  *(_t1451 - 0xec);
											} else {
												if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1364 + 4))) {
													goto L282;
												}
												_t1447 =  *(_t1451 - 0xec);
												E01311716(_t1212 + 0x54,  *_t1364 + _t1447 + 0x108, 0, 0xffffffff);
											}
											_t1323 =  *(_t1451 - 0xf0);
											if(_t1323 >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_t1133 =  *_t1364;
											if( *(_t1133 + _t1447 + 0x100) == 0xffffffff) {
												_t166 = _t1212 + 0x78;
												 *_t166 =  *(_t1212 + 0x78) | 0xffffffff;
												__eflags =  *_t166;
											} else {
												 *(_t1212 + 0x78) =  *(_t1133 + _t1447 + 0x100);
												 *((char*)(_t1212 + 0x7c)) = 0;
											}
											if(_t1323 >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_t1134 =  *_t1364;
											if( *((char*)(_t1134 + _t1447 + 0x104)) != 0) {
												 *((char*)(_t1212 + 0x74)) =  *((intOrPtr*)(_t1134 + _t1447 + 0x104));
												 *((char*)(_t1212 + 0x7c)) = 0;
											}
											if(_t1323 >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_t1135 =  *_t1364;
											if( *((char*)(_t1135 + _t1447 + 0x105)) != 0) {
												 *((char*)(_t1212 + 0x75)) =  *((intOrPtr*)(_t1135 + _t1447 + 0x105));
												 *((char*)(_t1212 + 0x7c)) = 0;
											}
											if(_t1323 >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_t1136 =  *_t1364;
											if( *((char*)(_t1136 + _t1447 + 0x106)) != 0) {
												 *((char*)(_t1212 + 0x76)) =  *((intOrPtr*)(_t1136 + _t1447 + 0x106));
												 *((char*)(_t1212 + 0x7c)) = 0;
											}
											if(_t1323 >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_t1324 = _t1212 + 0x80;
											E01311716(_t1212 + 0x80,  *_t1364 + _t1447 + 0x140, 0, 0xffffffff);
											if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1364 + 4))) {
												goto L282;
											}
											_push( *( *_t1364 +  *(_t1451 - 0xec) + 0xec) & 0x000000ff);
											E01321318(_t1212, _t1324, _t1212);
											E013454B5(_t1451 - 0x10c,  *((intOrPtr*)(_t1451 - 0x100)) + 0x60c);
											_t1334 =  *(_t1451 - 0xf8) + 4;
											 *(_t1451 - 0x10c) = _t1334;
											_t1190 = _t1451 - 0x10c;
											L68:
											_t1396 =  *((intOrPtr*)(_t1451 - 0x100)) + 0x600;
											E013454B5(_t1190,  *((intOrPtr*)(_t1451 - 0x100)) + 0x600);
											_t1452 = _t1452 - 0x1c;
											 *(_t1451 - 0xfc) = _t1452;
											E013116F0(_t1452, _t1451 + 0x10);
											_t916 =  *(_t1451 - 0x108);
											_t1509 =  *(_t1451 - 0xf0) -  *((intOrPtr*)(_t916 + 4));
											if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t916 + 4))) {
												goto L282;
											}
											_push( *_t916 +  *(_t1451 - 0xec));
											_push(_t1334);
											E013318DF(_t1190,  *((intOrPtr*)(_t1451 - 0x100)), _t1334, _t1396, _t1509);
											L277:
											E0131AA87(_t1451 - 0x84, 1, 0);
											E0131AA87(_t1451 - 0x30, 1, 0);
											_t1176 =  *(_t1451 - 0x108);
											_t1370 = 0;
										}
									} else {
										if( *(_t1451 - 0xf0) >=  *((intOrPtr*)(_t1176 + 4))) {
											break;
										}
										if( *((intOrPtr*)( *_t1176 +  *(_t1451 - 0xec) + 0xe0)) == _t1370) {
											goto L230;
										} else {
											goto L17;
										}
									}
								}
							}
						}
						E0131AA87(_t1451 - 0xcc, 1, _t1370);
						E01311524(_t1451 - 0xe8, 1, _t1370);
						 *((char*)(_t1451 - 4)) = 0;
						E01311524(_t1451 - 0x68, 1, _t1370);
						 *(_t1451 - 0xf0) =  *(_t1451 - 0xf0) + 1;
						_t770 =  *((intOrPtr*)(_t1176 + 4));
						if( *(_t1451 - 0xf0) < _t770) {
							continue;
						}
						goto L279;
					}
					_push(_t1370);
					_push(_t1370);
					goto L281;
				}
				L279:
				E01311524(_t1451 + 0x10, 1, _t1370);
				return E0137C2C5(_t1176, _t1334, _t1370);
			}




















































































































                                                                                                                                                                                                                                0x013318df
                                                                                                                                                                                                                                0x013318df
                                                                                                                                                                                                                                0x013318e9
                                                                                                                                                                                                                                0x013318f1
                                                                                                                                                                                                                                0x013318f4
                                                                                                                                                                                                                                0x013318f6
                                                                                                                                                                                                                                0x013318fc
                                                                                                                                                                                                                                0x01331902
                                                                                                                                                                                                                                0x01331908
                                                                                                                                                                                                                                0x0133190e
                                                                                                                                                                                                                                0x01331911
                                                                                                                                                                                                                                0x01331918
                                                                                                                                                                                                                                0x0133191a
                                                                                                                                                                                                                                0x0133191f
                                                                                                                                                                                                                                0x0133192a
                                                                                                                                                                                                                                0x01331934
                                                                                                                                                                                                                                0x01331934
                                                                                                                                                                                                                                0x01331939
                                                                                                                                                                                                                                0x0133193c
                                                                                                                                                                                                                                0x01331944
                                                                                                                                                                                                                                0x0133194a
                                                                                                                                                                                                                                0x0133194a
                                                                                                                                                                                                                                0x01331952
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331962
                                                                                                                                                                                                                                0x01331971
                                                                                                                                                                                                                                0x01331977
                                                                                                                                                                                                                                0x0133197c
                                                                                                                                                                                                                                0x01331984
                                                                                                                                                                                                                                0x01331987
                                                                                                                                                                                                                                0x01331989
                                                                                                                                                                                                                                0x0133198b
                                                                                                                                                                                                                                0x0133198e
                                                                                                                                                                                                                                0x0133198e
                                                                                                                                                                                                                                0x01331990
                                                                                                                                                                                                                                0x01331997
                                                                                                                                                                                                                                0x0133199a
                                                                                                                                                                                                                                0x0133199c
                                                                                                                                                                                                                                0x0133199c
                                                                                                                                                                                                                                0x013319a9
                                                                                                                                                                                                                                0x013319b4
                                                                                                                                                                                                                                0x013319ba
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013319c2
                                                                                                                                                                                                                                0x013319ca
                                                                                                                                                                                                                                0x013319dc
                                                                                                                                                                                                                                0x013319e1
                                                                                                                                                                                                                                0x013319ea
                                                                                                                                                                                                                                0x013319f7
                                                                                                                                                                                                                                0x01331a03
                                                                                                                                                                                                                                0x01331a0e
                                                                                                                                                                                                                                0x01331a15
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331a2d
                                                                                                                                                                                                                                0x01331a38
                                                                                                                                                                                                                                0x01331a43
                                                                                                                                                                                                                                0x01331a52
                                                                                                                                                                                                                                0x01331a65
                                                                                                                                                                                                                                0x01331a74
                                                                                                                                                                                                                                0x01331a96
                                                                                                                                                                                                                                0x01332d48
                                                                                                                                                                                                                                0x01332d4a
                                                                                                                                                                                                                                0x01332d51
                                                                                                                                                                                                                                0x01332d54
                                                                                                                                                                                                                                0x01332d5e
                                                                                                                                                                                                                                0x01332d62
                                                                                                                                                                                                                                0x01332d65
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332d73
                                                                                                                                                                                                                                0x01332d7d
                                                                                                                                                                                                                                0x01332d88
                                                                                                                                                                                                                                0x01332d8f
                                                                                                                                                                                                                                0x01332d95
                                                                                                                                                                                                                                0x01332d99
                                                                                                                                                                                                                                0x01332d9e
                                                                                                                                                                                                                                0x01332da1
                                                                                                                                                                                                                                0x01332dc0
                                                                                                                                                                                                                                0x01332dc5
                                                                                                                                                                                                                                0x01332dd4
                                                                                                                                                                                                                                0x01332dd7
                                                                                                                                                                                                                                0x01332dda
                                                                                                                                                                                                                                0x01332ddf
                                                                                                                                                                                                                                0x01332de2
                                                                                                                                                                                                                                0x01332de2
                                                                                                                                                                                                                                0x01332de2
                                                                                                                                                                                                                                0x01332de9
                                                                                                                                                                                                                                0x01332da3
                                                                                                                                                                                                                                0x01332daa
                                                                                                                                                                                                                                0x01332dac
                                                                                                                                                                                                                                0x01332db1
                                                                                                                                                                                                                                0x01332db5
                                                                                                                                                                                                                                0x01332db5
                                                                                                                                                                                                                                0x01332df0
                                                                                                                                                                                                                                0x01332df5
                                                                                                                                                                                                                                0x01332dfc
                                                                                                                                                                                                                                0x01332dfe
                                                                                                                                                                                                                                0x01332dfe
                                                                                                                                                                                                                                0x01332dfe
                                                                                                                                                                                                                                0x01332e0c
                                                                                                                                                                                                                                0x01332e0c
                                                                                                                                                                                                                                0x01332e11
                                                                                                                                                                                                                                0x01332e18
                                                                                                                                                                                                                                0x01332e1f
                                                                                                                                                                                                                                0x01332e21
                                                                                                                                                                                                                                0x01332e21
                                                                                                                                                                                                                                0x01332e21
                                                                                                                                                                                                                                0x01332e32
                                                                                                                                                                                                                                0x01332e32
                                                                                                                                                                                                                                0x01332e39
                                                                                                                                                                                                                                0x01332e3e
                                                                                                                                                                                                                                0x01332e3f
                                                                                                                                                                                                                                0x01332e45
                                                                                                                                                                                                                                0x01332e49
                                                                                                                                                                                                                                0x01332e4b
                                                                                                                                                                                                                                0x01332e57
                                                                                                                                                                                                                                0x01332e57
                                                                                                                                                                                                                                0x01332e4d
                                                                                                                                                                                                                                0x01332e4d
                                                                                                                                                                                                                                0x01332e53
                                                                                                                                                                                                                                0x01332e53
                                                                                                                                                                                                                                0x01332e59
                                                                                                                                                                                                                                0x01332e5a
                                                                                                                                                                                                                                0x01332e60
                                                                                                                                                                                                                                0x01332e63
                                                                                                                                                                                                                                0x01332e67
                                                                                                                                                                                                                                0x01332e6a
                                                                                                                                                                                                                                0x01332e70
                                                                                                                                                                                                                                0x01332e72
                                                                                                                                                                                                                                0x01332e72
                                                                                                                                                                                                                                0x01332e75
                                                                                                                                                                                                                                0x01332e76
                                                                                                                                                                                                                                0x01332e7f
                                                                                                                                                                                                                                0x01332e87
                                                                                                                                                                                                                                0x01332e8d
                                                                                                                                                                                                                                0x01332e91
                                                                                                                                                                                                                                0x01332e96
                                                                                                                                                                                                                                0x01332e98
                                                                                                                                                                                                                                0x01332ea5
                                                                                                                                                                                                                                0x01332ea5
                                                                                                                                                                                                                                0x01332ea5
                                                                                                                                                                                                                                0x01332e9a
                                                                                                                                                                                                                                0x01332e9a
                                                                                                                                                                                                                                0x01332e9d
                                                                                                                                                                                                                                0x01332e9d
                                                                                                                                                                                                                                0x01332ebe
                                                                                                                                                                                                                                0x01332ec3
                                                                                                                                                                                                                                0x01332ec5
                                                                                                                                                                                                                                0x01332ed2
                                                                                                                                                                                                                                0x01332ed2
                                                                                                                                                                                                                                0x01332ed2
                                                                                                                                                                                                                                0x01332ec7
                                                                                                                                                                                                                                0x01332ec7
                                                                                                                                                                                                                                0x01332eca
                                                                                                                                                                                                                                0x01332eca
                                                                                                                                                                                                                                0x01332ed9
                                                                                                                                                                                                                                0x01332ee1
                                                                                                                                                                                                                                0x01332ee8
                                                                                                                                                                                                                                0x01332eed
                                                                                                                                                                                                                                0x01332ef3
                                                                                                                                                                                                                                0x01332ef9
                                                                                                                                                                                                                                0x01332efc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332f10
                                                                                                                                                                                                                                0x01332f11
                                                                                                                                                                                                                                0x01332f17
                                                                                                                                                                                                                                0x01332f1c
                                                                                                                                                                                                                                0x01332f1f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332f32
                                                                                                                                                                                                                                0x01332f38
                                                                                                                                                                                                                                0x01332f3d
                                                                                                                                                                                                                                0x01332f3f
                                                                                                                                                                                                                                0x01332f47
                                                                                                                                                                                                                                0x01332f4b
                                                                                                                                                                                                                                0x01332f4e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332f5c
                                                                                                                                                                                                                                0x01332f5f
                                                                                                                                                                                                                                0x01332f66
                                                                                                                                                                                                                                0x01332f6d
                                                                                                                                                                                                                                0x01332f77
                                                                                                                                                                                                                                0x01332f77
                                                                                                                                                                                                                                0x01332f80
                                                                                                                                                                                                                                0x01332f83
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332f9c
                                                                                                                                                                                                                                0x01332fa1
                                                                                                                                                                                                                                0x01332fa3
                                                                                                                                                                                                                                0x01332fde
                                                                                                                                                                                                                                0x01332fa5
                                                                                                                                                                                                                                0x01332fab
                                                                                                                                                                                                                                0x01332fae
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332fb6
                                                                                                                                                                                                                                0x01332fbc
                                                                                                                                                                                                                                0x01332fc8
                                                                                                                                                                                                                                0x01332fcf
                                                                                                                                                                                                                                0x01332fd9
                                                                                                                                                                                                                                0x01332fd9
                                                                                                                                                                                                                                0x01332fe4
                                                                                                                                                                                                                                0x01332fea
                                                                                                                                                                                                                                0x01332fed
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332ff3
                                                                                                                                                                                                                                0x01332ff5
                                                                                                                                                                                                                                0x01332ffd
                                                                                                                                                                                                                                0x0133300f
                                                                                                                                                                                                                                0x0133300f
                                                                                                                                                                                                                                0x0133300f
                                                                                                                                                                                                                                0x01332fff
                                                                                                                                                                                                                                0x01333006
                                                                                                                                                                                                                                0x01333009
                                                                                                                                                                                                                                0x01333009
                                                                                                                                                                                                                                0x01333013
                                                                                                                                                                                                                                0x01333016
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133301c
                                                                                                                                                                                                                                0x0133301e
                                                                                                                                                                                                                                0x01333026
                                                                                                                                                                                                                                0x0133302f
                                                                                                                                                                                                                                0x01333032
                                                                                                                                                                                                                                0x01333032
                                                                                                                                                                                                                                0x01333036
                                                                                                                                                                                                                                0x01333039
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133303f
                                                                                                                                                                                                                                0x01333041
                                                                                                                                                                                                                                0x01333049
                                                                                                                                                                                                                                0x01333052
                                                                                                                                                                                                                                0x01333055
                                                                                                                                                                                                                                0x01333055
                                                                                                                                                                                                                                0x01333059
                                                                                                                                                                                                                                0x0133305c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01333062
                                                                                                                                                                                                                                0x01333064
                                                                                                                                                                                                                                0x0133306c
                                                                                                                                                                                                                                0x01333075
                                                                                                                                                                                                                                0x01333078
                                                                                                                                                                                                                                0x01333078
                                                                                                                                                                                                                                0x0133307c
                                                                                                                                                                                                                                0x0133307f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01333098
                                                                                                                                                                                                                                0x0133309d
                                                                                                                                                                                                                                0x0133309f
                                                                                                                                                                                                                                0x013330d7
                                                                                                                                                                                                                                0x013330df
                                                                                                                                                                                                                                0x013330e2
                                                                                                                                                                                                                                0x013330a1
                                                                                                                                                                                                                                0x013330a7
                                                                                                                                                                                                                                0x013330aa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013330c3
                                                                                                                                                                                                                                0x013330c6
                                                                                                                                                                                                                                0x013330cb
                                                                                                                                                                                                                                0x013330cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331a9c
                                                                                                                                                                                                                                0x01331ab8
                                                                                                                                                                                                                                0x01331add
                                                                                                                                                                                                                                0x01331aea
                                                                                                                                                                                                                                0x01331af2
                                                                                                                                                                                                                                0x01331af7
                                                                                                                                                                                                                                0x01331af9
                                                                                                                                                                                                                                0x01331fe8
                                                                                                                                                                                                                                0x01331ff5
                                                                                                                                                                                                                                0x01331ff7
                                                                                                                                                                                                                                0x013324e3
                                                                                                                                                                                                                                0x013324e8
                                                                                                                                                                                                                                0x013324ea
                                                                                                                                                                                                                                0x0133298d
                                                                                                                                                                                                                                0x0133299a
                                                                                                                                                                                                                                0x013329a7
                                                                                                                                                                                                                                0x013329a9
                                                                                                                                                                                                                                0x013329af
                                                                                                                                                                                                                                0x013329b4
                                                                                                                                                                                                                                0x013329ba
                                                                                                                                                                                                                                0x013329c0
                                                                                                                                                                                                                                0x013329c4
                                                                                                                                                                                                                                0x013329c6
                                                                                                                                                                                                                                0x013329d6
                                                                                                                                                                                                                                0x013329c8
                                                                                                                                                                                                                                0x013329c8
                                                                                                                                                                                                                                0x013329ce
                                                                                                                                                                                                                                0x013329ce
                                                                                                                                                                                                                                0x013329de
                                                                                                                                                                                                                                0x013329e5
                                                                                                                                                                                                                                0x013329e8
                                                                                                                                                                                                                                0x013329f2
                                                                                                                                                                                                                                0x013329f6
                                                                                                                                                                                                                                0x013329f9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332a07
                                                                                                                                                                                                                                0x01332a11
                                                                                                                                                                                                                                0x01332a21
                                                                                                                                                                                                                                0x01332a26
                                                                                                                                                                                                                                0x01332a2c
                                                                                                                                                                                                                                0x01332a32
                                                                                                                                                                                                                                0x01332a37
                                                                                                                                                                                                                                0x01332a3a
                                                                                                                                                                                                                                0x01332a64
                                                                                                                                                                                                                                0x01332a73
                                                                                                                                                                                                                                0x01332a7a
                                                                                                                                                                                                                                0x01332a7d
                                                                                                                                                                                                                                0x01332a82
                                                                                                                                                                                                                                0x01332a89
                                                                                                                                                                                                                                0x01332a89
                                                                                                                                                                                                                                0x01332a89
                                                                                                                                                                                                                                0x01332a93
                                                                                                                                                                                                                                0x01332a3c
                                                                                                                                                                                                                                0x01332a49
                                                                                                                                                                                                                                0x01332a4e
                                                                                                                                                                                                                                0x01332a52
                                                                                                                                                                                                                                0x01332a5c
                                                                                                                                                                                                                                0x01332a5c
                                                                                                                                                                                                                                0x01332a9a
                                                                                                                                                                                                                                0x01332a9f
                                                                                                                                                                                                                                0x01332aa9
                                                                                                                                                                                                                                0x01332aab
                                                                                                                                                                                                                                0x01332aab
                                                                                                                                                                                                                                0x01332aab
                                                                                                                                                                                                                                0x01332abb
                                                                                                                                                                                                                                0x01332abb
                                                                                                                                                                                                                                0x01332ac0
                                                                                                                                                                                                                                0x01332ac7
                                                                                                                                                                                                                                0x01332ad1
                                                                                                                                                                                                                                0x01332ad3
                                                                                                                                                                                                                                0x01332ad3
                                                                                                                                                                                                                                0x01332ad3
                                                                                                                                                                                                                                0x01332ae6
                                                                                                                                                                                                                                0x01332ae6
                                                                                                                                                                                                                                0x01332af1
                                                                                                                                                                                                                                0x01332af4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332b07
                                                                                                                                                                                                                                0x01332b0d
                                                                                                                                                                                                                                0x01332b12
                                                                                                                                                                                                                                0x01332b14
                                                                                                                                                                                                                                0x01332b53
                                                                                                                                                                                                                                0x01332b16
                                                                                                                                                                                                                                0x01332b1c
                                                                                                                                                                                                                                0x01332b1f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332b2d
                                                                                                                                                                                                                                0x01332b37
                                                                                                                                                                                                                                0x01332b3e
                                                                                                                                                                                                                                0x01332b43
                                                                                                                                                                                                                                0x01332b48
                                                                                                                                                                                                                                0x01332b4e
                                                                                                                                                                                                                                0x01332b4e
                                                                                                                                                                                                                                0x01332b59
                                                                                                                                                                                                                                0x01332b5f
                                                                                                                                                                                                                                0x01332b62
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332b68
                                                                                                                                                                                                                                0x01332b6a
                                                                                                                                                                                                                                0x01332b70
                                                                                                                                                                                                                                0x01332b78
                                                                                                                                                                                                                                0x01332b8a
                                                                                                                                                                                                                                0x01332b8a
                                                                                                                                                                                                                                0x01332b8a
                                                                                                                                                                                                                                0x01332b7a
                                                                                                                                                                                                                                0x01332b81
                                                                                                                                                                                                                                0x01332b84
                                                                                                                                                                                                                                0x01332b84
                                                                                                                                                                                                                                0x01332b8e
                                                                                                                                                                                                                                0x01332b91
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332b97
                                                                                                                                                                                                                                0x01332b99
                                                                                                                                                                                                                                0x01332ba1
                                                                                                                                                                                                                                0x01332baa
                                                                                                                                                                                                                                0x01332bad
                                                                                                                                                                                                                                0x01332bad
                                                                                                                                                                                                                                0x01332bb1
                                                                                                                                                                                                                                0x01332bb4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332bba
                                                                                                                                                                                                                                0x01332bbc
                                                                                                                                                                                                                                0x01332bc4
                                                                                                                                                                                                                                0x01332bcd
                                                                                                                                                                                                                                0x01332bd0
                                                                                                                                                                                                                                0x01332bd0
                                                                                                                                                                                                                                0x01332bd4
                                                                                                                                                                                                                                0x01332bd7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332bdd
                                                                                                                                                                                                                                0x01332bdf
                                                                                                                                                                                                                                0x01332be7
                                                                                                                                                                                                                                0x01332bf0
                                                                                                                                                                                                                                0x01332bf3
                                                                                                                                                                                                                                0x01332bf3
                                                                                                                                                                                                                                0x01332bf7
                                                                                                                                                                                                                                0x01332bfa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332c13
                                                                                                                                                                                                                                0x01332c18
                                                                                                                                                                                                                                0x01332c1a
                                                                                                                                                                                                                                0x01332c5c
                                                                                                                                                                                                                                0x01332c61
                                                                                                                                                                                                                                0x01332c1c
                                                                                                                                                                                                                                0x01332c1c
                                                                                                                                                                                                                                0x01332c22
                                                                                                                                                                                                                                0x01332c25
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332c40
                                                                                                                                                                                                                                0x01332c45
                                                                                                                                                                                                                                0x01332c45
                                                                                                                                                                                                                                0x01332c67
                                                                                                                                                                                                                                0x01332c6a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332c72
                                                                                                                                                                                                                                0x01332c7f
                                                                                                                                                                                                                                0x01332c85
                                                                                                                                                                                                                                0x01332c88
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332c97
                                                                                                                                                                                                                                0x01332c9d
                                                                                                                                                                                                                                0x01332ca0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332ca8
                                                                                                                                                                                                                                0x01332caf
                                                                                                                                                                                                                                0x01332cb5
                                                                                                                                                                                                                                0x01332cb8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332cc2
                                                                                                                                                                                                                                0x01332cc8
                                                                                                                                                                                                                                0x01332cce
                                                                                                                                                                                                                                0x01332cd3
                                                                                                                                                                                                                                0x01332cd5
                                                                                                                                                                                                                                0x01332cd7
                                                                                                                                                                                                                                0x01332cd7
                                                                                                                                                                                                                                0x01332cd7
                                                                                                                                                                                                                                0x01332cda
                                                                                                                                                                                                                                0x01332ce1
                                                                                                                                                                                                                                0x01332ce3
                                                                                                                                                                                                                                0x01332ce3
                                                                                                                                                                                                                                0x01332ce3
                                                                                                                                                                                                                                0x01332ce9
                                                                                                                                                                                                                                0x01332cf0
                                                                                                                                                                                                                                0x01332cf2
                                                                                                                                                                                                                                0x01332cf2
                                                                                                                                                                                                                                0x01332cf2
                                                                                                                                                                                                                                0x01332cf8
                                                                                                                                                                                                                                0x01332cfa
                                                                                                                                                                                                                                0x01332cfc
                                                                                                                                                                                                                                0x01332cfc
                                                                                                                                                                                                                                0x01332cfc
                                                                                                                                                                                                                                0x01332d02
                                                                                                                                                                                                                                0x01332d05
                                                                                                                                                                                                                                0x01332d08
                                                                                                                                                                                                                                0x01332d0c
                                                                                                                                                                                                                                0x01332d0f
                                                                                                                                                                                                                                0x01332d15
                                                                                                                                                                                                                                0x01332d17
                                                                                                                                                                                                                                0x01332d17
                                                                                                                                                                                                                                0x01332d1a
                                                                                                                                                                                                                                0x01332d1b
                                                                                                                                                                                                                                0x01332d1c
                                                                                                                                                                                                                                0x01332d25
                                                                                                                                                                                                                                0x01332d2d
                                                                                                                                                                                                                                0x01332d33
                                                                                                                                                                                                                                0x01332d37
                                                                                                                                                                                                                                0x01332d3e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332d3e
                                                                                                                                                                                                                                0x013324f0
                                                                                                                                                                                                                                0x013324f0
                                                                                                                                                                                                                                0x013324f6
                                                                                                                                                                                                                                0x013324f9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332507
                                                                                                                                                                                                                                0x0133250d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332513
                                                                                                                                                                                                                                0x01332513
                                                                                                                                                                                                                                0x01332518
                                                                                                                                                                                                                                0x0133251e
                                                                                                                                                                                                                                0x01332524
                                                                                                                                                                                                                                0x01332528
                                                                                                                                                                                                                                0x0133252a
                                                                                                                                                                                                                                0x0133253a
                                                                                                                                                                                                                                0x0133252c
                                                                                                                                                                                                                                0x0133252c
                                                                                                                                                                                                                                0x01332532
                                                                                                                                                                                                                                0x01332532
                                                                                                                                                                                                                                0x01332546
                                                                                                                                                                                                                                0x0133254e
                                                                                                                                                                                                                                0x01332555
                                                                                                                                                                                                                                0x01332558
                                                                                                                                                                                                                                0x0133255c
                                                                                                                                                                                                                                0x01332560
                                                                                                                                                                                                                                0x01332563
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332571
                                                                                                                                                                                                                                0x0133257b
                                                                                                                                                                                                                                0x0133258d
                                                                                                                                                                                                                                0x01332593
                                                                                                                                                                                                                                0x01332597
                                                                                                                                                                                                                                0x0133259c
                                                                                                                                                                                                                                0x0133259f
                                                                                                                                                                                                                                0x013325c0
                                                                                                                                                                                                                                0x013325cf
                                                                                                                                                                                                                                0x013325d6
                                                                                                                                                                                                                                0x013325d9
                                                                                                                                                                                                                                0x013325de
                                                                                                                                                                                                                                0x013325e5
                                                                                                                                                                                                                                0x013325e5
                                                                                                                                                                                                                                0x013325e5
                                                                                                                                                                                                                                0x013325ef
                                                                                                                                                                                                                                0x013325a1
                                                                                                                                                                                                                                0x013325aa
                                                                                                                                                                                                                                0x013325af
                                                                                                                                                                                                                                0x013325b3
                                                                                                                                                                                                                                0x013325b3
                                                                                                                                                                                                                                0x013325f6
                                                                                                                                                                                                                                0x013325fb
                                                                                                                                                                                                                                0x01332602
                                                                                                                                                                                                                                0x01332604
                                                                                                                                                                                                                                0x01332604
                                                                                                                                                                                                                                0x01332604
                                                                                                                                                                                                                                0x01332615
                                                                                                                                                                                                                                0x01332615
                                                                                                                                                                                                                                0x0133261a
                                                                                                                                                                                                                                0x01332621
                                                                                                                                                                                                                                0x01332628
                                                                                                                                                                                                                                0x0133262a
                                                                                                                                                                                                                                0x0133262a
                                                                                                                                                                                                                                0x0133262a
                                                                                                                                                                                                                                0x0133263b
                                                                                                                                                                                                                                0x0133263b
                                                                                                                                                                                                                                0x01332640
                                                                                                                                                                                                                                0x01332645
                                                                                                                                                                                                                                0x01332649
                                                                                                                                                                                                                                0x0133264b
                                                                                                                                                                                                                                0x0133264b
                                                                                                                                                                                                                                0x01332654
                                                                                                                                                                                                                                0x01332656
                                                                                                                                                                                                                                0x0133265c
                                                                                                                                                                                                                                0x0133265e
                                                                                                                                                                                                                                0x0133265e
                                                                                                                                                                                                                                0x01332664
                                                                                                                                                                                                                                0x01332679
                                                                                                                                                                                                                                0x0133267e
                                                                                                                                                                                                                                0x01332681
                                                                                                                                                                                                                                0x01332684
                                                                                                                                                                                                                                0x01332686
                                                                                                                                                                                                                                0x0133268a
                                                                                                                                                                                                                                0x013326a0
                                                                                                                                                                                                                                0x013326a5
                                                                                                                                                                                                                                0x013326b0
                                                                                                                                                                                                                                0x013326b2
                                                                                                                                                                                                                                0x013326b3
                                                                                                                                                                                                                                0x013326ba
                                                                                                                                                                                                                                0x013326bd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013326cb
                                                                                                                                                                                                                                0x013326d5
                                                                                                                                                                                                                                0x013326dc
                                                                                                                                                                                                                                0x013326e7
                                                                                                                                                                                                                                0x013326e8
                                                                                                                                                                                                                                0x013326ed
                                                                                                                                                                                                                                0x013326f0
                                                                                                                                                                                                                                0x013326f4
                                                                                                                                                                                                                                0x013326f8
                                                                                                                                                                                                                                0x013326fa
                                                                                                                                                                                                                                0x013326fa
                                                                                                                                                                                                                                0x013326fc
                                                                                                                                                                                                                                0x01332702
                                                                                                                                                                                                                                0x01332703
                                                                                                                                                                                                                                0x01332704
                                                                                                                                                                                                                                0x01332713
                                                                                                                                                                                                                                0x01332717
                                                                                                                                                                                                                                0x0133271c
                                                                                                                                                                                                                                0x0133271e
                                                                                                                                                                                                                                0x0133272b
                                                                                                                                                                                                                                0x0133272b
                                                                                                                                                                                                                                0x0133272b
                                                                                                                                                                                                                                0x01332720
                                                                                                                                                                                                                                0x01332723
                                                                                                                                                                                                                                0x01332723
                                                                                                                                                                                                                                0x01332744
                                                                                                                                                                                                                                0x01332749
                                                                                                                                                                                                                                0x0133274f
                                                                                                                                                                                                                                0x01332751
                                                                                                                                                                                                                                0x0133275e
                                                                                                                                                                                                                                0x0133275e
                                                                                                                                                                                                                                0x0133275e
                                                                                                                                                                                                                                0x01332753
                                                                                                                                                                                                                                0x01332756
                                                                                                                                                                                                                                0x01332756
                                                                                                                                                                                                                                0x01332765
                                                                                                                                                                                                                                0x0133276d
                                                                                                                                                                                                                                0x01332774
                                                                                                                                                                                                                                0x01332779
                                                                                                                                                                                                                                0x0133277f
                                                                                                                                                                                                                                0x01332782
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332796
                                                                                                                                                                                                                                0x01332797
                                                                                                                                                                                                                                0x0133279d
                                                                                                                                                                                                                                0x013327a2
                                                                                                                                                                                                                                0x013327a5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013327b8
                                                                                                                                                                                                                                0x013327be
                                                                                                                                                                                                                                0x013327c3
                                                                                                                                                                                                                                0x013327c5
                                                                                                                                                                                                                                0x013327cd
                                                                                                                                                                                                                                0x013327d1
                                                                                                                                                                                                                                0x013327d4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013327e2
                                                                                                                                                                                                                                0x013327e5
                                                                                                                                                                                                                                0x013327ec
                                                                                                                                                                                                                                0x013327f3
                                                                                                                                                                                                                                0x013327fd
                                                                                                                                                                                                                                0x013327fd
                                                                                                                                                                                                                                0x01332806
                                                                                                                                                                                                                                0x01332809
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332822
                                                                                                                                                                                                                                0x01332827
                                                                                                                                                                                                                                0x01332829
                                                                                                                                                                                                                                0x01332868
                                                                                                                                                                                                                                0x0133286e
                                                                                                                                                                                                                                0x0133282b
                                                                                                                                                                                                                                0x01332831
                                                                                                                                                                                                                                0x01332834
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133283c
                                                                                                                                                                                                                                0x01332842
                                                                                                                                                                                                                                0x0133284e
                                                                                                                                                                                                                                0x01332855
                                                                                                                                                                                                                                0x0133285f
                                                                                                                                                                                                                                0x01332862
                                                                                                                                                                                                                                0x01332862
                                                                                                                                                                                                                                0x01332872
                                                                                                                                                                                                                                0x01332878
                                                                                                                                                                                                                                0x0133287b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332881
                                                                                                                                                                                                                                0x01332883
                                                                                                                                                                                                                                0x0133288b
                                                                                                                                                                                                                                0x01332899
                                                                                                                                                                                                                                0x01332899
                                                                                                                                                                                                                                0x01332899
                                                                                                                                                                                                                                0x0133288d
                                                                                                                                                                                                                                0x01332894
                                                                                                                                                                                                                                0x01332894
                                                                                                                                                                                                                                0x0133289d
                                                                                                                                                                                                                                0x013328a0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013328a6
                                                                                                                                                                                                                                0x013328a8
                                                                                                                                                                                                                                0x013328b0
                                                                                                                                                                                                                                0x013328b9
                                                                                                                                                                                                                                0x013328bc
                                                                                                                                                                                                                                0x013328bc
                                                                                                                                                                                                                                0x013328c0
                                                                                                                                                                                                                                0x013328c3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013328c9
                                                                                                                                                                                                                                0x013328cb
                                                                                                                                                                                                                                0x013328d3
                                                                                                                                                                                                                                0x013328dc
                                                                                                                                                                                                                                0x013328df
                                                                                                                                                                                                                                0x013328df
                                                                                                                                                                                                                                0x013328e3
                                                                                                                                                                                                                                0x013328e6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013328ec
                                                                                                                                                                                                                                0x013328ee
                                                                                                                                                                                                                                0x013328f6
                                                                                                                                                                                                                                0x013328ff
                                                                                                                                                                                                                                0x01332902
                                                                                                                                                                                                                                0x01332902
                                                                                                                                                                                                                                0x01332906
                                                                                                                                                                                                                                0x01332909
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332922
                                                                                                                                                                                                                                0x01332927
                                                                                                                                                                                                                                0x01332929
                                                                                                                                                                                                                                0x0133296c
                                                                                                                                                                                                                                0x0133292b
                                                                                                                                                                                                                                0x01332931
                                                                                                                                                                                                                                0x01332934
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332950
                                                                                                                                                                                                                                0x01332955
                                                                                                                                                                                                                                0x01332955
                                                                                                                                                                                                                                0x01332983
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332983
                                                                                                                                                                                                                                0x0133250d
                                                                                                                                                                                                                                0x01331ffd
                                                                                                                                                                                                                                0x01331ffd
                                                                                                                                                                                                                                0x01332002
                                                                                                                                                                                                                                0x01332008
                                                                                                                                                                                                                                0x0133200e
                                                                                                                                                                                                                                0x01332012
                                                                                                                                                                                                                                0x01332014
                                                                                                                                                                                                                                0x01332024
                                                                                                                                                                                                                                0x01332016
                                                                                                                                                                                                                                0x01332016
                                                                                                                                                                                                                                0x0133201c
                                                                                                                                                                                                                                0x0133201c
                                                                                                                                                                                                                                0x01332030
                                                                                                                                                                                                                                0x01332038
                                                                                                                                                                                                                                0x0133203f
                                                                                                                                                                                                                                0x01332042
                                                                                                                                                                                                                                0x0133204c
                                                                                                                                                                                                                                0x01332050
                                                                                                                                                                                                                                0x01332053
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332061
                                                                                                                                                                                                                                0x0133206b
                                                                                                                                                                                                                                0x0133207b
                                                                                                                                                                                                                                0x01332080
                                                                                                                                                                                                                                0x01332086
                                                                                                                                                                                                                                0x0133208c
                                                                                                                                                                                                                                0x01332091
                                                                                                                                                                                                                                0x01332094
                                                                                                                                                                                                                                0x013320bb
                                                                                                                                                                                                                                0x013320ca
                                                                                                                                                                                                                                0x013320d1
                                                                                                                                                                                                                                0x013320d4
                                                                                                                                                                                                                                0x013320d9
                                                                                                                                                                                                                                0x013320e0
                                                                                                                                                                                                                                0x013320e0
                                                                                                                                                                                                                                0x013320e0
                                                                                                                                                                                                                                0x013320e7
                                                                                                                                                                                                                                0x01332096
                                                                                                                                                                                                                                0x013320a3
                                                                                                                                                                                                                                0x013320a8
                                                                                                                                                                                                                                0x013320ac
                                                                                                                                                                                                                                0x013320b3
                                                                                                                                                                                                                                0x013320b3
                                                                                                                                                                                                                                0x013320ee
                                                                                                                                                                                                                                0x013320f3
                                                                                                                                                                                                                                0x013320fa
                                                                                                                                                                                                                                0x013320fc
                                                                                                                                                                                                                                0x013320fc
                                                                                                                                                                                                                                0x013320fc
                                                                                                                                                                                                                                0x01332109
                                                                                                                                                                                                                                0x01332109
                                                                                                                                                                                                                                0x0133210e
                                                                                                                                                                                                                                0x01332115
                                                                                                                                                                                                                                0x0133211c
                                                                                                                                                                                                                                0x0133211e
                                                                                                                                                                                                                                0x0133211e
                                                                                                                                                                                                                                0x0133211e
                                                                                                                                                                                                                                0x0133212e
                                                                                                                                                                                                                                0x0133212e
                                                                                                                                                                                                                                0x01332133
                                                                                                                                                                                                                                0x01332139
                                                                                                                                                                                                                                0x0133213c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133215a
                                                                                                                                                                                                                                0x0133215f
                                                                                                                                                                                                                                0x01332162
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133217b
                                                                                                                                                                                                                                0x01332181
                                                                                                                                                                                                                                0x01332184
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332197
                                                                                                                                                                                                                                0x0133219d
                                                                                                                                                                                                                                0x013321a2
                                                                                                                                                                                                                                0x013321a8
                                                                                                                                                                                                                                0x013321aa
                                                                                                                                                                                                                                0x013321b2
                                                                                                                                                                                                                                0x013321b6
                                                                                                                                                                                                                                0x013321b9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013321c7
                                                                                                                                                                                                                                0x013321ca
                                                                                                                                                                                                                                0x013321d1
                                                                                                                                                                                                                                0x013321d8
                                                                                                                                                                                                                                0x013321e2
                                                                                                                                                                                                                                0x013321e2
                                                                                                                                                                                                                                0x013321eb
                                                                                                                                                                                                                                0x013321ee
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332207
                                                                                                                                                                                                                                0x0133220c
                                                                                                                                                                                                                                0x0133220e
                                                                                                                                                                                                                                0x01332249
                                                                                                                                                                                                                                0x01332210
                                                                                                                                                                                                                                0x01332216
                                                                                                                                                                                                                                0x01332219
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332221
                                                                                                                                                                                                                                0x01332227
                                                                                                                                                                                                                                0x01332233
                                                                                                                                                                                                                                0x0133223a
                                                                                                                                                                                                                                0x01332244
                                                                                                                                                                                                                                0x01332244
                                                                                                                                                                                                                                0x0133224f
                                                                                                                                                                                                                                0x01332255
                                                                                                                                                                                                                                0x01332258
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133225e
                                                                                                                                                                                                                                0x01332260
                                                                                                                                                                                                                                0x01332268
                                                                                                                                                                                                                                0x01332280
                                                                                                                                                                                                                                0x01332280
                                                                                                                                                                                                                                0x01332280
                                                                                                                                                                                                                                0x0133226a
                                                                                                                                                                                                                                0x01332271
                                                                                                                                                                                                                                0x01332277
                                                                                                                                                                                                                                0x01332277
                                                                                                                                                                                                                                0x01332287
                                                                                                                                                                                                                                0x0133228a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332290
                                                                                                                                                                                                                                0x01332292
                                                                                                                                                                                                                                0x0133229a
                                                                                                                                                                                                                                0x013322a3
                                                                                                                                                                                                                                0x013322a9
                                                                                                                                                                                                                                0x013322a9
                                                                                                                                                                                                                                0x013322b0
                                                                                                                                                                                                                                0x013322b3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013322b9
                                                                                                                                                                                                                                0x013322bb
                                                                                                                                                                                                                                0x013322c3
                                                                                                                                                                                                                                0x013322cc
                                                                                                                                                                                                                                0x013322d2
                                                                                                                                                                                                                                0x013322d2
                                                                                                                                                                                                                                0x013322d9
                                                                                                                                                                                                                                0x013322dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013322e2
                                                                                                                                                                                                                                0x013322e4
                                                                                                                                                                                                                                0x013322ec
                                                                                                                                                                                                                                0x013322f5
                                                                                                                                                                                                                                0x013322fb
                                                                                                                                                                                                                                0x013322fb
                                                                                                                                                                                                                                0x01332302
                                                                                                                                                                                                                                0x01332305
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133231e
                                                                                                                                                                                                                                0x01332323
                                                                                                                                                                                                                                0x01332325
                                                                                                                                                                                                                                0x01332372
                                                                                                                                                                                                                                0x01332377
                                                                                                                                                                                                                                0x01332377
                                                                                                                                                                                                                                0x01332327
                                                                                                                                                                                                                                0x0133232d
                                                                                                                                                                                                                                0x01332330
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332340
                                                                                                                                                                                                                                0x01332350
                                                                                                                                                                                                                                0x01332355
                                                                                                                                                                                                                                0x01332355
                                                                                                                                                                                                                                0x01332386
                                                                                                                                                                                                                                0x0133238b
                                                                                                                                                                                                                                0x0133238f
                                                                                                                                                                                                                                0x01332392
                                                                                                                                                                                                                                0x01332394
                                                                                                                                                                                                                                0x01332394
                                                                                                                                                                                                                                0x0133239f
                                                                                                                                                                                                                                0x013323a5
                                                                                                                                                                                                                                0x013323ab
                                                                                                                                                                                                                                0x013323ad
                                                                                                                                                                                                                                0x013323ad
                                                                                                                                                                                                                                0x013323b3
                                                                                                                                                                                                                                0x013323c2
                                                                                                                                                                                                                                0x013323c7
                                                                                                                                                                                                                                0x013323ca
                                                                                                                                                                                                                                0x013323cd
                                                                                                                                                                                                                                0x013323cf
                                                                                                                                                                                                                                0x013323d1
                                                                                                                                                                                                                                0x013323d1
                                                                                                                                                                                                                                0x013323d1
                                                                                                                                                                                                                                0x013323ed
                                                                                                                                                                                                                                0x013323f2
                                                                                                                                                                                                                                0x01332400
                                                                                                                                                                                                                                0x01332412
                                                                                                                                                                                                                                0x01332417
                                                                                                                                                                                                                                0x0133241d
                                                                                                                                                                                                                                0x01332423
                                                                                                                                                                                                                                0x01332426
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332444
                                                                                                                                                                                                                                0x01332449
                                                                                                                                                                                                                                0x0133244c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332460
                                                                                                                                                                                                                                0x01332466
                                                                                                                                                                                                                                0x01332469
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01332482
                                                                                                                                                                                                                                0x01332487
                                                                                                                                                                                                                                0x0133248a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133249e
                                                                                                                                                                                                                                0x013324a9
                                                                                                                                                                                                                                0x013324b5
                                                                                                                                                                                                                                0x013324ba
                                                                                                                                                                                                                                0x013324ba
                                                                                                                                                                                                                                0x013324bd
                                                                                                                                                                                                                                0x013324c3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013324c3
                                                                                                                                                                                                                                0x01331aff
                                                                                                                                                                                                                                0x01331aff
                                                                                                                                                                                                                                0x01331b04
                                                                                                                                                                                                                                0x01331b0a
                                                                                                                                                                                                                                0x01331b10
                                                                                                                                                                                                                                0x01331b14
                                                                                                                                                                                                                                0x01331b16
                                                                                                                                                                                                                                0x01331b26
                                                                                                                                                                                                                                0x01331b18
                                                                                                                                                                                                                                0x01331b18
                                                                                                                                                                                                                                0x01331b1e
                                                                                                                                                                                                                                0x01331b1e
                                                                                                                                                                                                                                0x01331b32
                                                                                                                                                                                                                                0x01331b3a
                                                                                                                                                                                                                                0x01331b41
                                                                                                                                                                                                                                0x01331b44
                                                                                                                                                                                                                                0x01331b4e
                                                                                                                                                                                                                                0x01331b55
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331b63
                                                                                                                                                                                                                                0x01331b6d
                                                                                                                                                                                                                                0x01331b7d
                                                                                                                                                                                                                                0x01331b82
                                                                                                                                                                                                                                0x01331b88
                                                                                                                                                                                                                                0x01331b96
                                                                                                                                                                                                                                0x01331bbd
                                                                                                                                                                                                                                0x01331bcc
                                                                                                                                                                                                                                0x01331bd3
                                                                                                                                                                                                                                0x01331bd6
                                                                                                                                                                                                                                0x01331bdb
                                                                                                                                                                                                                                0x01331be2
                                                                                                                                                                                                                                0x01331be2
                                                                                                                                                                                                                                0x01331be2
                                                                                                                                                                                                                                0x01331be9
                                                                                                                                                                                                                                0x01331b98
                                                                                                                                                                                                                                0x01331ba5
                                                                                                                                                                                                                                0x01331baa
                                                                                                                                                                                                                                0x01331bae
                                                                                                                                                                                                                                0x01331bb5
                                                                                                                                                                                                                                0x01331bb5
                                                                                                                                                                                                                                0x01331bf0
                                                                                                                                                                                                                                0x01331bfc
                                                                                                                                                                                                                                0x01331bfe
                                                                                                                                                                                                                                0x01331c0b
                                                                                                                                                                                                                                0x01331c0b
                                                                                                                                                                                                                                0x01331c10
                                                                                                                                                                                                                                0x01331c1e
                                                                                                                                                                                                                                0x01331c20
                                                                                                                                                                                                                                0x01331c30
                                                                                                                                                                                                                                0x01331c30
                                                                                                                                                                                                                                0x01331c3e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331c4c
                                                                                                                                                                                                                                0x01331c5c
                                                                                                                                                                                                                                0x01331c6a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331c7e
                                                                                                                                                                                                                                0x01331c85
                                                                                                                                                                                                                                0x01331c88
                                                                                                                                                                                                                                0x01331c8a
                                                                                                                                                                                                                                0x01331c8a
                                                                                                                                                                                                                                0x01331c95
                                                                                                                                                                                                                                0x01331c9b
                                                                                                                                                                                                                                0x01331ca1
                                                                                                                                                                                                                                0x01331ca3
                                                                                                                                                                                                                                0x01331ca3
                                                                                                                                                                                                                                0x01331ca9
                                                                                                                                                                                                                                0x01331cb8
                                                                                                                                                                                                                                0x01331cbd
                                                                                                                                                                                                                                0x01331cc0
                                                                                                                                                                                                                                0x01331cc5
                                                                                                                                                                                                                                0x01331cc7
                                                                                                                                                                                                                                0x01331cc7
                                                                                                                                                                                                                                0x01331cd2
                                                                                                                                                                                                                                0x01331ce5
                                                                                                                                                                                                                                0x01331cea
                                                                                                                                                                                                                                0x01331cf0
                                                                                                                                                                                                                                0x01331cf9
                                                                                                                                                                                                                                0x0133316c
                                                                                                                                                                                                                                0x0133316c
                                                                                                                                                                                                                                0x0133316e
                                                                                                                                                                                                                                0x0133315f
                                                                                                                                                                                                                                0x01333166
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01333166
                                                                                                                                                                                                                                0x01331d17
                                                                                                                                                                                                                                0x01331d1f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331d38
                                                                                                                                                                                                                                0x01331d43
                                                                                                                                                                                                                                0x01331d4c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331d5f
                                                                                                                                                                                                                                0x01331d6c
                                                                                                                                                                                                                                0x01331d74
                                                                                                                                                                                                                                0x01331d7b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331d89
                                                                                                                                                                                                                                0x01331d93
                                                                                                                                                                                                                                0x01331d9a
                                                                                                                                                                                                                                0x01331da4
                                                                                                                                                                                                                                0x01331da4
                                                                                                                                                                                                                                0x01331db0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331dc3
                                                                                                                                                                                                                                0x01331dd0
                                                                                                                                                                                                                                0x01331ddb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331de9
                                                                                                                                                                                                                                0x01331df3
                                                                                                                                                                                                                                0x01331dfa
                                                                                                                                                                                                                                0x01331e04
                                                                                                                                                                                                                                0x01331e04
                                                                                                                                                                                                                                0x01331e10
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331e30
                                                                                                                                                                                                                                0x01331e70
                                                                                                                                                                                                                                0x01331e75
                                                                                                                                                                                                                                0x01331e32
                                                                                                                                                                                                                                0x01331e3b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331e43
                                                                                                                                                                                                                                0x01331e58
                                                                                                                                                                                                                                0x01331e58
                                                                                                                                                                                                                                0x01331e7b
                                                                                                                                                                                                                                0x01331e84
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331e8a
                                                                                                                                                                                                                                0x01331e94
                                                                                                                                                                                                                                0x01331ea6
                                                                                                                                                                                                                                0x01331ea6
                                                                                                                                                                                                                                0x01331ea6
                                                                                                                                                                                                                                0x01331e96
                                                                                                                                                                                                                                0x01331e9d
                                                                                                                                                                                                                                0x01331ea0
                                                                                                                                                                                                                                0x01331ea0
                                                                                                                                                                                                                                0x01331ead
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331eb3
                                                                                                                                                                                                                                0x01331ebd
                                                                                                                                                                                                                                0x01331ec6
                                                                                                                                                                                                                                0x01331ec9
                                                                                                                                                                                                                                0x01331ec9
                                                                                                                                                                                                                                0x01331ed0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331ed6
                                                                                                                                                                                                                                0x01331ee0
                                                                                                                                                                                                                                0x01331ee9
                                                                                                                                                                                                                                0x01331eec
                                                                                                                                                                                                                                0x01331eec
                                                                                                                                                                                                                                0x01331ef3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331ef9
                                                                                                                                                                                                                                0x01331f03
                                                                                                                                                                                                                                0x01331f0c
                                                                                                                                                                                                                                0x01331f0f
                                                                                                                                                                                                                                0x01331f0f
                                                                                                                                                                                                                                0x01331f16
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331f29
                                                                                                                                                                                                                                0x01331f30
                                                                                                                                                                                                                                0x01331f3e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331f53
                                                                                                                                                                                                                                0x01331f56
                                                                                                                                                                                                                                0x01331f6d
                                                                                                                                                                                                                                0x01331f78
                                                                                                                                                                                                                                0x01331f7b
                                                                                                                                                                                                                                0x01331f81
                                                                                                                                                                                                                                0x01331f87
                                                                                                                                                                                                                                0x01331f8d
                                                                                                                                                                                                                                0x01331f93
                                                                                                                                                                                                                                0x01331f98
                                                                                                                                                                                                                                0x01331fa0
                                                                                                                                                                                                                                0x01331fa7
                                                                                                                                                                                                                                0x01331fac
                                                                                                                                                                                                                                0x01331fb8
                                                                                                                                                                                                                                0x01331fbb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331fcf
                                                                                                                                                                                                                                0x01331fd0
                                                                                                                                                                                                                                0x01331fd1
                                                                                                                                                                                                                                0x013330e7
                                                                                                                                                                                                                                0x013330f1
                                                                                                                                                                                                                                0x013330fd
                                                                                                                                                                                                                                0x01333102
                                                                                                                                                                                                                                0x01333108
                                                                                                                                                                                                                                0x01333108
                                                                                                                                                                                                                                0x01331aba
                                                                                                                                                                                                                                0x01331ac3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331ad7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01331ad7
                                                                                                                                                                                                                                0x01331ab8
                                                                                                                                                                                                                                0x01331a96
                                                                                                                                                                                                                                0x01331a74
                                                                                                                                                                                                                                0x01333113
                                                                                                                                                                                                                                0x01333121
                                                                                                                                                                                                                                0x0133312c
                                                                                                                                                                                                                                0x01333130
                                                                                                                                                                                                                                0x01333135
                                                                                                                                                                                                                                0x0133313b
                                                                                                                                                                                                                                0x01333144
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01333144
                                                                                                                                                                                                                                0x0133315d
                                                                                                                                                                                                                                0x0133315e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133315e
                                                                                                                                                                                                                                0x0133314a
                                                                                                                                                                                                                                0x01333150
                                                                                                                                                                                                                                0x0133315a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 013318E9
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01331A3C
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01331A5E
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01331A80
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01331AA2
                                                                                                                                                                                                                                  • Part of subcall function 01320766: _memcmp.LIBCMT ref: 0132078A
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01331AE3
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01331FE1
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01332364
                                                                                                                                                                                                                                  • Part of subcall function 01311716: _memmove.LIBCMT ref: 0131178B
                                                                                                                                                                                                                                  • Part of subcall function 01320401: EnableWindow.USER32(?,00000001), ref: 0132050A
                                                                                                                                                                                                                                  • Part of subcall function 01320401: InvalidateRect.USER32(?,00000000,00000000), ref: 01320574
                                                                                                                                                                                                                                  • Part of subcall function 013454B5: __recalloc.LIBCMT ref: 013454F3
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 013324D4
                                                                                                                                                                                                                                  • Part of subcall function 013753A6: _malloc.LIBCMT ref: 013753C0
                                                                                                                                                                                                                                  • Part of subcall function 0131FE5B: __EH_prolog3.LIBCMT ref: 0131FE62
                                                                                                                                                                                                                                  • Part of subcall function 0131A995: _memmove.LIBCMT ref: 0131AA0A
                                                                                                                                                                                                                                  • Part of subcall function 0132061F: _strlen.LIBCMT ref: 01320626
                                                                                                                                                                                                                                  • Part of subcall function 01333172: __EH_prolog3_GS.LIBCMT ref: 0133317C
                                                                                                                                                                                                                                  • Part of subcall function 01333172: __wcstoui64.LIBCMT ref: 013332BF
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,00000108,013314B0,?,?,?,?,?,0000006A,?,000000A0), ref: 01333166
                                                                                                                                                                                                                                  • Part of subcall function 0131A995: std::_Xinvalid_argument.LIBCPMT ref: 0131A9AF
                                                                                                                                                                                                                                  • Part of subcall function 01311716: std::_Xinvalid_argument.LIBCPMT ref: 01311730
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _strlen$H_prolog3_$Xinvalid_argument_memmovestd::_$CurrentEnableExceptionH_prolog3InvalidateLocalProcessRaiseRectTimeWindow__recalloc__wcstoui64_malloc_memcmp_memsetswprintf
                                                                                                                                                                                                                                • String ID: @$DisplayDynamicUI()...$Tahoma$bitmap$checkbox$hyperlink$png$radio$scrolltext$text
                                                                                                                                                                                                                                • API String ID: 2021226817-2579417856
                                                                                                                                                                                                                                • Opcode ID: 083411df8977c7e6d1433b418fdb78967da8853c57f55f1917b6b5bcfa96e071
                                                                                                                                                                                                                                • Instruction ID: d1941b4615cb21aa595623d80dc997c94d60e69ff061b06b350a3a9517cd2acb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 083411df8977c7e6d1433b418fdb78967da8853c57f55f1917b6b5bcfa96e071
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6FF29C7190026ADFDB25DF68CC80BEDBBB4BF15318F0481D4E959AB281D770AA85CF64
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013189DE, Relevance: 18.2, APIs: 4, Strings: 6, Instructions: 739COMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1196 13189de-1318a07 call 137c242 call 1319b30 1201 1318a0d-1318a4a LoadStringW call 1319b30 call 1319f97 1196->1201 1202 131943c-131944a call 131aa87 1196->1202 1210 1318a4f-1318a98 call 131e279 1201->1210 1208 131944c-1319451 call 137c2c5 1202->1208 1214 1318aa0-1318b32 call 1319b08 * 2 call 131d8b6 1210->1214 1215 1318a9a 1210->1215 1222 13193f8-1319437 call 131ab10 call 131aa87 * 2 call 13194b6 call 131aa87 1214->1222 1223 1318b38-1318b44 1214->1223 1215->1214 1222->1202 1224 1318b46 1223->1224 1225 1318b4b-1318b60 call 131aa30 1223->1225 1224->1225 1231 1318b66-1318bbb call 131d937 call 131b6a8 call 131aa87 1225->1231 1232 1318ce8-1318cf4 1225->1232 1258 1318bc1-1318c67 call 1319b08 call 131d937 call 131b6a8 call 131aa87 call 1319f97 call 13196ae call 13194b6 call 131aa87 1231->1258 1259 1319452 1231->1259 1236 1318cf6 1232->1236 1237 1318cfb-1318d10 call 131aa30 1232->1237 1236->1237 1244 1318d16-1318d72 call 131d937 call 131b6a8 call 131aa87 1237->1244 1245 1318e59-1318e65 1237->1245 1279 1318e20 1244->1279 1280 1318d78-1318e1e call 1319b08 call 131d937 call 131b6a8 call 131aa87 call 1319f97 call 13196ae call 13194b6 call 131aa87 1244->1280 1248 1318e67 1245->1248 1249 1318e6c-1318e81 call 131aa30 1245->1249 1248->1249 1261 1318e83-1318ed2 call 1319b30 * 2 call 135c5a9 call 131aa87 1249->1261 1262 1318ed7-1318ee3 1249->1262 1296 1319356-131935c 1258->1296 1375 1318c6d-1318c74 1258->1375 1260 1319454-13194a9 call 131ab10 call 131aa87 * 2 call 13194b6 call 131aa87 * 2 1259->1260 1260->1208 1329 13193d0-13193dc call 131aa87 1261->1329 1269 1318ee5 1262->1269 1270 1318eea-1318eff call 131aa30 1262->1270 1269->1270 1283 1318f01-1318f32 call 131d937 1270->1283 1284 1318f37-1318f43 1270->1284 1288 1318e22-1318e24 1279->1288 1280->1288 1309 1319109 1283->1309 1291 1318f45 1284->1291 1292 1318f4a-1318f5f call 131aa30 1284->1292 1288->1296 1297 1318e2a-1318e31 1288->1297 1291->1292 1317 1318f65-1318fba call 131d937 call 131b6a8 call 131aa87 1292->1317 1318 131900b-1319017 1292->1318 1299 13193e1-13193f0 1296->1299 1305 1318ce0-1318ce3 1297->1305 1306 1318e37-1318e4f call 1319b30 1297->1306 1299->1223 1307 13193f6 1299->1307 1305->1260 1306->1245 1307->1222 1316 131910e-1319118 call 131b6a8 1309->1316 1341 131911a-131912b call 131aa87 1316->1341 1363 1318fc0-1318fc4 1317->1363 1364 131934d-1319350 1317->1364 1327 1319019 1318->1327 1328 131901e-1319033 call 131aa30 1318->1328 1327->1328 1344 1319035-1319068 call 131d937 call 131b6a8 1328->1344 1345 131906d-1319079 1328->1345 1329->1299 1341->1296 1344->1341 1354 1319080-1319095 call 131aa30 1345->1354 1355 131907b 1345->1355 1373 1319097-13190ba call 131d937 1354->1373 1374 13190bc-13190c8 1354->1374 1355->1354 1369 13194ab-13194b5 call 1363221 1363->1369 1370 1318fca-1318fce 1363->1370 1364->1296 1377 1318fd0-1318fd2 1370->1377 1378 1318fd4 1370->1378 1373->1309 1382 13190ca 1374->1382 1383 13190cf-13190e4 call 131aa30 1374->1383 1375->1305 1381 1318c76-1318cdb call 1319b30 call 131b6a8 call 1376d83 call 131b74b call 135be26 call 134ba76 call 131aa87 1375->1381 1386 1318fd6-1318fda 1377->1386 1378->1386 1381->1305 1382->1383 1395 1319130-131913c 1383->1395 1396 13190e6-1319105 call 131d937 1383->1396 1386->1364 1391 1318fe0-1319006 call 131a995 call 131d937 1386->1391 1391->1316 1401 1319143-1319158 call 131aa30 1395->1401 1402 131913e 1395->1402 1396->1309 1410 1319202-131920e 1401->1410 1411 131915e-13191b3 call 131d937 call 131b6a8 call 131aa87 1401->1411 1402->1401 1414 1319210 1410->1414 1415 1319215-131922a call 131aa30 1410->1415 1411->1364 1436 13191b9-13191bd 1411->1436 1414->1415 1425 1319361-1319368 1415->1425 1426 1319230-131928c call 131d937 call 131b6a8 call 131aa87 1415->1426 1425->1299 1427 131936a-13193cf call 131a995 call 131b6a8 call 135be26 call 134ba76 1425->1427 1426->1364 1448 1319292-1319296 1426->1448 1427->1329 1436->1369 1439 13191c3-13191c7 1436->1439 1442 13191c9-13191cb 1439->1442 1443 13191cd 1439->1443 1446 13191cf-13191d3 1442->1446 1443->1446 1446->1364 1450 13191d9-13191f9 call 131a995 call 131d937 1446->1450 1448->1369 1451 131929c-13192a0 1448->1451 1450->1410 1455 13192a2-13192a4 1451->1455 1456 13192a6 1451->1456 1459 13192a8-13192ac 1455->1459 1456->1459 1459->1364 1461 13192b2-13192ca call 131a995 1459->1461 1464 1319335-1319344 call 131d937 1461->1464 1465 13192cc-1319330 call 135dae1 call 131aa87 * 2 1461->1465 1464->1364 1465->1464
                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                			E013189DE(void* __ebx, void* __edx, char __edi, void* __esi, void* __eflags) {
				signed char _t226;
				intOrPtr _t233;
				intOrPtr* _t239;
				void* _t241;
				intOrPtr* _t242;
				intOrPtr* _t245;
				char _t247;
				intOrPtr* _t248;
				intOrPtr* _t251;
				intOrPtr* _t254;
				intOrPtr* _t257;
				intOrPtr* _t260;
				intOrPtr* _t263;
				intOrPtr* _t266;
				void* _t278;
				intOrPtr* _t282;
				char _t283;
				void* _t284;
				void* _t289;
				intOrPtr _t292;
				void* _t299;
				void* _t308;
				void* _t311;
				void* _t323;
				intOrPtr _t327;
				void* _t337;
				void* _t345;
				void* _t357;
				intOrPtr _t361;
				void* _t364;
				char _t377;
				intOrPtr _t378;
				intOrPtr _t379;
				intOrPtr _t380;
				intOrPtr _t381;
				intOrPtr _t382;
				intOrPtr _t383;
				intOrPtr _t384;
				intOrPtr _t385;
				intOrPtr _t386;
				intOrPtr _t387;
				char* _t388;
				char* _t390;
				signed char _t391;
				char* _t395;
				short* _t437;
				void* _t441;
				short* _t453;
				short* _t468;
				void* _t540;
				intOrPtr* _t541;
				void* _t549;
				void* _t550;
				intOrPtr* _t551;
				intOrPtr* _t552;
				intOrPtr _t553;

				_t527 = __esi;
				_t513 = __edi;
				_t512 = __edx;
				_push(0x3b0);
				E0137C242(0x13989f8, __ebx, __edi, __esi);
				E01319B30(_t549 - 0x238,  *((intOrPtr*)(_t549 + 8)));
				_t377 = 0;
				 *((intOrPtr*)(_t549 - 4)) = 0;
				_t555 =  *((intOrPtr*)(_t549 - 0x228));
				if( *((intOrPtr*)(_t549 - 0x228)) == 0) {
					L86:
					E0131AA87(_t549 - 0x238, 1, _t377);
					__eflags = 0;
					goto L87;
				} else {
					LoadStringW( *0x13c1728, 0x72, _t549 - 0x1a4, 0x190);
					E01319B30(_t549 - 0x254, _t549 - 0x1a4);
					_push(_t549 - 0x3bc);
					 *((char*)(_t549 - 4)) = 1;
					E01319F97(0, _t549 - 0x238, __edi, __esi, _t555); // executed
					 *((intOrPtr*)(_t549 - 0x1fc)) = _t549 - 0x3bc;
					 *((intOrPtr*)(_t549 - 0x1e4)) = 7;
					 *((intOrPtr*)(_t549 - 0x1e8)) = 0;
					 *((short*)(_t549 - 0x1f8)) = 0;
					_push(_t549 - 0x1f8);
					_push(_t549 - 0x3bc);
					 *((char*)(_t549 - 4)) = 3;
					_t226 =  *( *((intOrPtr*)( *((intOrPtr*)(E0131E279(0, _t549 - 0x238, _t512, __edi, __esi, _t555))) + 4)) + _t225 + 0xc);
					_t556 = _t226 & 0x00000006;
					if((_t226 & 0x00000006) != 0) {
						 *((intOrPtr*)(_t549 - 0x1fc)) = 0;
					}
					 *((intOrPtr*)(_t549 - 0x21c)) = _t377;
					 *((intOrPtr*)(_t549 - 0x204)) = 7;
					 *((intOrPtr*)(_t549 - 0x208)) = _t377;
					 *((short*)(_t549 - 0x218)) = 0;
					_t551 = _t550 - 0x20;
					 *((char*)(_t549 - 4)) = 5;
					 *((intOrPtr*)(_t549 - 0x25c)) = _t551;
					 *_t551 = _t377;
					E01319B08(_t551 + 4, _t549 - 0x218);
					_t552 = _t551 - 0x20;
					 *((char*)(_t549 - 4)) = 6;
					 *_t552 =  *((intOrPtr*)(_t549 - 0x1fc));
					 *((intOrPtr*)(_t549 - 0x258)) = _t552;
					E01319B08(_t552 + 4, _t549 - 0x1f8);
					 *((char*)(_t549 - 4)) = 5;
					E0131D8B6(_t377, _t513, _t549 - 0x26c, _t556);
					 *((char*)(_t549 - 4)) = 7;
					_t233 =  *((intOrPtr*)(_t549 - 0x268));
					_t513 =  *((intOrPtr*)(_t549 - 0x26c));
					 *((intOrPtr*)(_t549 - 0x25c)) = _t233;
					 *((intOrPtr*)(_t549 - 0x258)) = _t513;
					if(_t513 == _t233) {
						L85:
						_t527 = _t549 - 0x26c;
						E0131AB10(_t549 - 0x26c);
						E0131AA87(_t549 - 0x218, 1, _t377);
						E0131AA87(_t549 - 0x1f8, 1, _t377);
						 *((char*)(_t549 - 4)) = 1;
						L91();
						E0131AA87(_t549 - 0x254, 1, _t377);
						goto L86;
					} else {
						do {
							_t239 =  *0x13c2eb4; // 0x740000
							if( *0x13c2ec8 < 8) {
								_t239 = 0x13c2eb4;
							}
							_t378 =  *0x13c2ec4; // 0x0
							_t241 = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t378, _t513, 0, _t239);
							_t559 = _t241;
							if(_t241 != 0) {
								__eflags =  *0x13c2e58 - 8;
								_t242 =  *0x13c2e44; // 0x640000
								if( *0x13c2e58 < 8) {
									_t242 = 0x13c2e44;
								}
								_t379 =  *0x13c2e54; // 0x0
								__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t379, _t513, 0, _t242);
								if(__eflags != 0) {
									__eflags =  *0x13c2d20 - 8;
									_t245 =  *0x13c2d0c; // 0x720000
									if( *0x13c2d20 < 8) {
										_t245 = 0x13c2d0c;
									}
									_t380 =  *0x13c2d1c; // 0x0
									_t247 = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t380, _t513, 0, _t245);
									__eflags = _t247;
									if(_t247 != 0) {
										__eflags =  *0x13c2f68 - 8;
										_t248 =  *0x13c2f54; // 0x620000
										if( *0x13c2f68 < 8) {
											_t248 = 0x13c2f54;
										}
										_t381 =  *0x13c2f64; // 0x0
										__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t381, _t513, 0, _t248);
										if(__eflags != 0) {
											__eflags =  *0x13c2e3c - 8;
											_t251 =  *0x13c2e28; // 0x700000
											if( *0x13c2e3c < 8) {
												_t251 = 0x13c2e28;
											}
											_t382 =  *0x13c2e38; // 0x0
											__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t382, _t513, 0, _t251);
											if(__eflags != 0) {
												__eflags =  *0x13c2d04 - 8;
												_t254 =  *0x13c2cf0; // 0x6e0000
												if( *0x13c2d04 < 8) {
													_t254 = 0x13c2cf0;
												}
												_t383 =  *0x13c2d00; // 0x0
												__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t383, _t513, 0, _t254);
												if(__eflags != 0) {
													__eflags =  *0x13c2b10 - 8;
													_t257 =  *0x13c2afc; // 0x730000
													if( *0x13c2b10 < 8) {
														_t257 = 0x13c2afc;
													}
													_t384 =  *0x13c2b0c; // 0x0
													__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t384, _t513, 0, _t257);
													if(__eflags != 0) {
														__eflags =  *0x13c2eac - 8;
														_t260 =  *0x13c2e98; // 0x610000
														if( *0x13c2eac < 8) {
															_t260 = 0x13c2e98;
														}
														_t385 =  *0x13c2ea8; // 0x0
														__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t385, _t513, 0, _t260);
														if(__eflags != 0) {
															__eflags =  *0x13c2f4c - 8;
															_t263 =  *0x13c2f38; // 0x620000
															if( *0x13c2f4c < 8) {
																_t263 = 0x13c2f38;
															}
															_t386 =  *0x13c2f48; // 0x0
															__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t386, _t513, 0, _t263);
															if(__eflags != 0) {
																__eflags =  *0x13c2e90 - 8;
																_t266 =  *0x13c2e7c; // 0x6c0000
																if( *0x13c2e90 < 8) {
																	_t266 = 0x13c2e7c;
																}
																_t387 =  *0x13c2e8c; // 0x0
																__eflags = E0131AA30( *((intOrPtr*)(_t513 + 0x10)), _t387, _t513, 0, _t266);
																if(__eflags != 0) {
																	__eflags =  *0x13c2a33;
																	if( *0x13c2a33 != 0) {
																		__eflags = 0;
																		 *((short*)(_t549 - 0x1dc)) = 0;
																		 *((intOrPtr*)(_t549 - 0x1c8)) = 7;
																		 *(_t549 - 0x1cc) = 0;
																		E0131A995(_t549 - 0x1dc, _t549 - 0x254, 0, 0xffffffff);
																		 *((char*)(_t549 - 4)) = 0x20;
																		E0131B6A8(_t549 - 0x1dc, _t513, 0, 0xffffffff);
																		_t552 = _t552 - 0x1c;
																		 *((intOrPtr*)(_t549 - 0x258)) = _t552;
																		_push(_t552);
																		E0135BE26(_t387, _t549 - 0x1dc, _t513, 0, __eflags);
																		E0134BA76(_t387, 0x13c2b18, _t512, _t513, 0, __eflags);
																		_push(0);
																		goto L82;
																	}
																	goto L83;
																} else {
																	_t388 = " ";
																	_push(_t388);
																	_push(_t549 - 0x1c0);
																	_t514 = 0x13c2e7c;
																	 *0x13c2a33 = 1;
																	_t278 = E0131D937(_t388, 0x13c2e7c, 0, __eflags);
																	_t540 = 0x13c2eec;
																	 *((char*)(_t549 - 4)) = 0x1c;
																	E0131B6A8(0x13c2eec, _t278, 0, 0xffffffff);
																	 *((char*)(_t549 - 4)) = 7;
																	E0131AA87(_t549 - 0x1c0, 1, 0);
																	_t282 =  *((intOrPtr*)(_t549 - 0x258)) + 0x1c;
																	 *((intOrPtr*)(_t549 - 0x258)) = _t282;
																	__eflags = _t282 -  *((intOrPtr*)(_t549 - 0x25c));
																	if(_t282 ==  *((intOrPtr*)(_t549 - 0x25c))) {
																		goto L78;
																	} else {
																		__eflags =  *((intOrPtr*)(_t282 + 0x10));
																		if(__eflags <= 0) {
																			goto L90;
																		} else {
																			__eflags =  *((intOrPtr*)(_t282 + 0x14)) - 8;
																			if( *((intOrPtr*)(_t282 + 0x14)) < 8) {
																				_t437 = _t282;
																			} else {
																				_t437 =  *_t282;
																			}
																			__eflags =  *_t437 - 0x2d;
																			if( *_t437 == 0x2d) {
																				goto L78;
																			} else {
																				E0131A995(0x13bf00c, _t282, 0, 0xffffffff);
																				__eflags =  *0x13bf01c;
																				if(__eflags == 0) {
																					 *(_t549 - 0x1b0) =  *(_t549 - 0x1b0) & 0x00000000;
																					_t292 = 7;
																					 *((intOrPtr*)(_t549 - 0x1ac)) = _t292;
																					 *((short*)(_t549 - 0x1c0)) = 0;
																					 *(_t549 - 0x1cc) =  *(_t549 - 0x1cc) & 0;
																					 *((intOrPtr*)(_t549 - 0x1c8)) = _t292;
																					__eflags = 0;
																					 *((short*)(_t549 - 0x1dc)) = 0;
																					 *((char*)(_t549 - 4)) = 0x1e;
																					E0135DAE1(_t549 - 0x1c0, _t512, 0, 0x13bf00c, _t549 - 0x1dc);
																					E0131AA87(_t549 - 0x1dc, 1, 0);
																					 *((char*)(_t549 - 4)) = 7;
																					E0131AA87(_t549 - 0x1c0, 1, 0);
																				}
																				_push(_t388);
																				_push(_t549 - 0x1c0);
																				_t289 = E0131D937(_t388, 0x13bf00c, _t540, __eflags);
																				 *((char*)(_t549 - 4)) = 0x1f;
																				goto L40;
																			}
																			goto L79;
																		}
																	}
																}
															} else {
																_t388 = " ";
																_push(_t388);
																_push(_t549 - 0x1c0);
																_t514 = 0x13c2f38;
																_t299 = E0131D937(_t388, 0x13c2f38, 0, __eflags);
																_t540 = 0x13c2eec;
																 *((char*)(_t549 - 4)) = 0x1a;
																E0131B6A8(0x13c2eec, _t299, 0, 0xffffffff);
																 *((char*)(_t549 - 4)) = 7;
																E0131AA87(_t549 - 0x1c0, 1, 0);
																_t282 =  *((intOrPtr*)(_t549 - 0x258)) + 0x1c;
																 *((intOrPtr*)(_t549 - 0x258)) = _t282;
																__eflags = _t282 -  *((intOrPtr*)(_t549 - 0x25c));
																if(_t282 ==  *((intOrPtr*)(_t549 - 0x25c))) {
																	goto L78;
																} else {
																	__eflags =  *((intOrPtr*)(_t282 + 0x10));
																	if(__eflags <= 0) {
																		goto L90;
																	} else {
																		__eflags =  *((intOrPtr*)(_t282 + 0x14)) - 8;
																		if( *((intOrPtr*)(_t282 + 0x14)) < 8) {
																			_t453 = _t282;
																		} else {
																			_t453 =  *_t282;
																		}
																		__eflags =  *_t453 - 0x2d;
																		if( *_t453 == 0x2d) {
																			goto L78;
																		} else {
																			E0131A995(0x13bf028, _t282, 0, 0xffffffff);
																			_push(_t388);
																			_push(_t549 - 0x1c0);
																			_t289 = E0131D937(_t388, 0x13bf028, _t540, __eflags);
																			 *((char*)(_t549 - 4)) = 0x1b;
																			goto L40;
																		}
																		goto L79;
																	}
																}
															}
														} else {
															_push(" ");
															_push(_t549 - 0x1c0);
															 *0x13c2a32 = 1;
															_t289 = E0131D937(_t385, 0x13c2e98, 0, __eflags);
															 *((char*)(_t549 - 4)) = 0x19;
															goto L53;
														}
													} else {
														_push(" ");
														_push(_t549 - 0x1c0);
														 *0x13c2a31 = 1;
														_t289 = E0131D937(_t384, 0x13c2afc, 0, __eflags);
														 *((char*)(_t549 - 4)) = 0x18;
														goto L53;
													}
												} else {
													_push(" ");
													_push(_t549 - 0x1c0);
													 *0x13c2a30 = 0;
													_t308 = E0131D937(0, 0x13c2cf0, 0, __eflags);
													 *((char*)(_t549 - 4)) = 0x17;
													E0131B6A8(0x13c2eec, _t308, 0, 0xffffffff);
													_push(0);
													goto L55;
												}
											} else {
												_t388 = " ";
												_push(_t388);
												_push(_t549 - 0x1c0);
												_t514 = 0x13c2e28;
												_t311 = E0131D937(_t388, 0x13c2e28, 0, __eflags);
												_t540 = 0x13c2eec;
												 *((char*)(_t549 - 4)) = 0x15;
												E0131B6A8(0x13c2eec, _t311, 0, 0xffffffff);
												 *((char*)(_t549 - 4)) = 7;
												E0131AA87(_t549 - 0x1c0, 1, 0);
												_t282 =  *((intOrPtr*)(_t549 - 0x258)) + 0x1c;
												 *((intOrPtr*)(_t549 - 0x258)) = _t282;
												__eflags = _t282 -  *((intOrPtr*)(_t549 - 0x25c));
												if(_t282 ==  *((intOrPtr*)(_t549 - 0x25c))) {
													L78:
													_t283 = _t282 - 0x1c;
													__eflags = _t283;
													 *((intOrPtr*)(_t549 - 0x258)) = _t283;
													goto L79;
												} else {
													__eflags =  *((intOrPtr*)(_t282 + 0x10));
													if(__eflags <= 0) {
														L90:
														_t284 = E01363221("invalid string position");
														asm("int3");
														_push(_t540);
														_t541 = _t284 + 0x60;
														E0131A020(_t388, _t541, _t514, _t541, __eflags);
														 *_t541 = 0x13a1494;
														return E01363509(_t541);
													} else {
														__eflags =  *((intOrPtr*)(_t282 + 0x14)) - 8;
														if( *((intOrPtr*)(_t282 + 0x14)) < 8) {
															_t468 = _t282;
														} else {
															_t468 =  *_t282;
														}
														__eflags =  *_t468 - 0x2d;
														if( *_t468 == 0x2d) {
															goto L78;
														} else {
															E0131A995(0x13befd4, _t282, 0, 0xffffffff);
															_push(_t388);
															_push(_t549 - 0x1c0);
															_t289 = E0131D937(_t388, 0x13befd4, _t540, __eflags);
															 *((char*)(_t549 - 4)) = 0x16;
															L40:
															_t441 = _t540;
															goto L54;
														}
														goto L79;
													}
												}
											}
										} else {
											_push(" ");
											_push(_t549 - 0x1c0);
											 *0x13c2a29 = 1;
											 *0x13c2a28 = 1;
											 *0x13c2a30 = 1;
											_t289 = E0131D937(_t381, 0x13c2f54, 0, __eflags);
											 *((char*)(_t549 - 4)) = 0x14;
											L53:
											_t441 = 0x13c2eec;
											L54:
											E0131B6A8(_t441, _t289, 0, 0xffffffff);
											_push(0);
											L55:
											_push(1);
											 *((char*)(_t549 - 4)) = 7;
											E0131AA87(_t549 - 0x1c0);
											goto L79;
										}
									} else {
										 *0x13c2a2b = 1;
										E01319B30(_t549 - 0x1dc, L"PIP");
										 *((char*)(_t549 - 4)) = 0x12;
										E01319B30(_t549 - 0x1c0, L"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce");
										_t512 = _t549 - 0x1c0;
										 *((char*)(_t549 - 4)) = 0x13;
										E0135C5A9(_t380, _t549 - 0x1dc, _t549 - 0x1c0, _t513, 0, __eflags);
										E0131AA87(_t549 - 0x1c0, 1, 0);
										_push(0);
										L82:
										_push(1);
										 *((char*)(_t549 - 4)) = 7;
										E0131AA87(_t549 - 0x1dc);
										goto L83;
									}
								} else {
									_t390 = " ";
									_push(_t390);
									_push(_t549 - 0x1c0);
									_t522 = 0x13c2e44;
									_t323 = E0131D937(_t390, 0x13c2e44, 0, __eflags);
									 *((char*)(_t549 - 4)) = 0xd;
									E0131B6A8(0x13c2eec, _t323, 0, 0xffffffff);
									 *((char*)(_t549 - 4)) = 7;
									E0131AA87(_t549 - 0x1c0, 1, 0);
									_t327 =  *((intOrPtr*)(_t549 - 0x258)) + 0x1c;
									 *0x13c2a2a = 1;
									 *((intOrPtr*)(_t549 - 0x258)) = _t327;
									__eflags = _t327 -  *((intOrPtr*)(_t549 - 0x25c));
									if(_t327 ==  *((intOrPtr*)(_t549 - 0x25c))) {
										_t391 = 1;
									} else {
										E01319B08(_t549 - 0x1c0, _t327);
										_push(_t390);
										_push(_t549 - 0x1dc);
										 *((char*)(_t549 - 4)) = 0xe;
										_t345 = E0131D937(_t390, _t549 - 0x1c0, 0x13c2eec, __eflags);
										_t522 = 0;
										 *((char*)(_t549 - 4)) = 0xf;
										E0131B6A8(0x13c2eec, _t345, 0, 0xffffffff);
										 *((char*)(_t549 - 4)) = 0xe;
										E0131AA87(_t549 - 0x1dc, 1, 0);
										_push(_t549 - 0x314);
										E01319F97(_t390, _t549 - 0x1c0, 0, 0x13c2eec, __eflags);
										_push(0x13bee24);
										_push(_t549 - 0x314);
										 *((char*)(_t549 - 4)) = 0x10;
										E013196AE(_t390, _t549 - 0x1c0, _t512, 0, 0x13c2eec, __eflags);
										_t391 =  *(_t549 +  *((intOrPtr*)( *((intOrPtr*)(_t549 - 0x314)) + 4)) - 0x308) >> 0x00000002 & 0x00000001;
										 *((char*)(_t549 - 4)) = 0xe;
										L91();
										 *((char*)(_t549 - 4)) = 7;
										E0131AA87(_t549 - 0x1c0, 1, 0);
									}
									__eflags = _t391;
									if(_t391 == 0) {
										goto L79;
									} else {
										__eflags =  *0x13c2a33;
										if( *0x13c2a33 == 0) {
											goto L12;
										} else {
											E01319B30(_t549 - 0x1c0, L"Command line argument \"");
											_push(0xffffffff);
											_push(0);
											 *((char*)(_t549 - 4)) = 0x11;
											_push(0x13c2e44);
											goto L11;
										}
										goto L87;
									}
								}
							} else {
								_t395 = " ";
								_push(_t395);
								_push(_t549 - 0x1c0);
								_t357 = E0131D937(_t395, 0x13c2eb4, 0, _t559);
								 *((char*)(_t549 - 4)) = 8;
								E0131B6A8(0x13c2eec, _t357, 0, 0xffffffff);
								 *((char*)(_t549 - 4)) = 7;
								E0131AA87(_t549 - 0x1c0, 1, 0);
								_t361 =  *((intOrPtr*)(_t549 - 0x258)) + 0x1c;
								 *((intOrPtr*)(_t549 - 0x258)) = _t361;
								_t560 = _t361 -  *((intOrPtr*)(_t549 - 0x25c));
								if(_t361 ==  *((intOrPtr*)(_t549 - 0x25c))) {
									_t513 = 0;
									__eflags = 0;
									goto L89;
								} else {
									E01319B08(_t549 - 0x1c0, _t361);
									_push(_t395);
									_push(_t549 - 0x1dc);
									 *((char*)(_t549 - 4)) = 9;
									_t364 = E0131D937(_t395, _t549 - 0x1c0, 0x13c2eec, _t560);
									_t522 = 0;
									 *((char*)(_t549 - 4)) = 0xa;
									E0131B6A8(0x13c2eec, _t364, 0, 0xffffffff);
									 *((char*)(_t549 - 4)) = 9;
									E0131AA87(_t549 - 0x1dc, 1, 0);
									_push(_t549 - 0x314);
									E01319F97(_t395, _t549 - 0x1c0, 0, 0x13c2eec, _t560);
									_push(0x13c2a2c);
									_push(_t549 - 0x314);
									 *((char*)(_t549 - 4)) = 0xb;
									E013196AE(_t395, _t549 - 0x1c0, _t512, 0, 0x13c2eec, _t560);
									 *((char*)(_t549 - 4)) = 9;
									L91();
									 *((char*)(_t549 - 4)) = 7;
									E0131AA87(_t549 - 0x1c0, 1, 0);
									if(( *(_t549 +  *((intOrPtr*)( *((intOrPtr*)(_t549 - 0x314)) + 4)) - 0x308) >> 0x00000002 & 0x00000001) == 0) {
										L79:
										_t513 =  *((intOrPtr*)(_t549 - 0x258));
										goto L83;
									} else {
										_t562 =  *0x13c2a33;
										if( *0x13c2a33 != 0) {
											E01319B30(_t549 - 0x1c0, L"Command line argument \"");
											_push(0xffffffff);
											_push(0);
											 *((char*)(_t549 - 4)) = 0xc;
											_push(0x13c2eb4);
											L11:
											E0131B6A8(_t549 - 0x1c0);
											_t337 = E01376D83(L"\" should be followed by a numeric value");
											_t547 = _t549 - 0x1c0;
											E0131B74B(_t337, _t549 - 0x1c0, _t562, L"\" should be followed by a numeric value");
											_t553 = _t552 - 0x1c;
											 *((intOrPtr*)(_t549 - 0x25c)) = _t553;
											_push(_t553);
											E0135BE26(_t337, _t549 - 0x1c0, _t522, _t549 - 0x1c0, _t562);
											E0134BA76(_t337, 0x13c2b18, _t512, _t522, _t547, _t562);
											E0131AA87(_t547, 1, 0);
										}
										L12:
										_t513 = 1;
										L89:
										E0131AB10(_t549 - 0x26c);
										_t377 = 0;
										_t527 = 1;
										E0131AA87(_t549 - 0x218, 1, 0);
										E0131AA87(_t549 - 0x1f8, 1, 0);
										 *((char*)(_t549 - 4)) = 1;
										L91();
										E0131AA87(_t549 - 0x254, 1, 0);
										E0131AA87(_t549 - 0x238, 1, 0);
										L87:
										return E0137C2C5(_t377, _t513, _t527);
									}
								}
							}
							goto L92;
							L83:
							_t513 = _t513 + 0x1c;
							 *((intOrPtr*)(_t549 - 0x258)) = _t513;
							__eflags = _t513 -  *((intOrPtr*)(_t549 - 0x25c));
						} while (_t513 !=  *((intOrPtr*)(_t549 - 0x25c)));
						_t377 = 0;
						__eflags = 0;
						goto L85;
					}
				}
				L92:
			}



























































                                                                                                                                                                                                                                0x013189de
                                                                                                                                                                                                                                0x013189de
                                                                                                                                                                                                                                0x013189de
                                                                                                                                                                                                                                0x013189de
                                                                                                                                                                                                                                0x013189e8
                                                                                                                                                                                                                                0x013189f7
                                                                                                                                                                                                                                0x013189fc
                                                                                                                                                                                                                                0x013189fe
                                                                                                                                                                                                                                0x01318a01
                                                                                                                                                                                                                                0x01318a07
                                                                                                                                                                                                                                0x0131943c
                                                                                                                                                                                                                                0x01319445
                                                                                                                                                                                                                                0x0131944a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318a0d
                                                                                                                                                                                                                                0x01318a21
                                                                                                                                                                                                                                0x01318a34
                                                                                                                                                                                                                                0x01318a3f
                                                                                                                                                                                                                                0x01318a46
                                                                                                                                                                                                                                0x01318a4a
                                                                                                                                                                                                                                0x01318a55
                                                                                                                                                                                                                                0x01318a5d
                                                                                                                                                                                                                                0x01318a67
                                                                                                                                                                                                                                0x01318a6d
                                                                                                                                                                                                                                0x01318a7a
                                                                                                                                                                                                                                0x01318a81
                                                                                                                                                                                                                                0x01318a82
                                                                                                                                                                                                                                0x01318a92
                                                                                                                                                                                                                                0x01318a96
                                                                                                                                                                                                                                0x01318a98
                                                                                                                                                                                                                                0x01318a9a
                                                                                                                                                                                                                                0x01318a9a
                                                                                                                                                                                                                                0x01318aa2
                                                                                                                                                                                                                                0x01318aa8
                                                                                                                                                                                                                                0x01318ab2
                                                                                                                                                                                                                                0x01318ab8
                                                                                                                                                                                                                                0x01318abf
                                                                                                                                                                                                                                0x01318ac2
                                                                                                                                                                                                                                0x01318ace
                                                                                                                                                                                                                                0x01318ad8
                                                                                                                                                                                                                                0x01318ada
                                                                                                                                                                                                                                0x01318adf
                                                                                                                                                                                                                                0x01318ae2
                                                                                                                                                                                                                                0x01318aee
                                                                                                                                                                                                                                0x01318af6
                                                                                                                                                                                                                                0x01318b00
                                                                                                                                                                                                                                0x01318b0b
                                                                                                                                                                                                                                0x01318b0f
                                                                                                                                                                                                                                0x01318b14
                                                                                                                                                                                                                                0x01318b18
                                                                                                                                                                                                                                0x01318b1e
                                                                                                                                                                                                                                0x01318b24
                                                                                                                                                                                                                                0x01318b2a
                                                                                                                                                                                                                                0x01318b32
                                                                                                                                                                                                                                0x013193f8
                                                                                                                                                                                                                                0x013193f8
                                                                                                                                                                                                                                0x013193fe
                                                                                                                                                                                                                                0x0131940c
                                                                                                                                                                                                                                0x0131941a
                                                                                                                                                                                                                                0x01319425
                                                                                                                                                                                                                                0x01319429
                                                                                                                                                                                                                                0x01319437
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318b38
                                                                                                                                                                                                                                0x01318b38
                                                                                                                                                                                                                                0x01318b3f
                                                                                                                                                                                                                                0x01318b44
                                                                                                                                                                                                                                0x01318b46
                                                                                                                                                                                                                                0x01318b46
                                                                                                                                                                                                                                0x01318b4b
                                                                                                                                                                                                                                0x01318b59
                                                                                                                                                                                                                                0x01318b5e
                                                                                                                                                                                                                                0x01318b60
                                                                                                                                                                                                                                0x01318ce8
                                                                                                                                                                                                                                0x01318cef
                                                                                                                                                                                                                                0x01318cf4
                                                                                                                                                                                                                                0x01318cf6
                                                                                                                                                                                                                                0x01318cf6
                                                                                                                                                                                                                                0x01318cfb
                                                                                                                                                                                                                                0x01318d0e
                                                                                                                                                                                                                                0x01318d10
                                                                                                                                                                                                                                0x01318e59
                                                                                                                                                                                                                                0x01318e60
                                                                                                                                                                                                                                0x01318e65
                                                                                                                                                                                                                                0x01318e67
                                                                                                                                                                                                                                0x01318e67
                                                                                                                                                                                                                                0x01318e6c
                                                                                                                                                                                                                                0x01318e7a
                                                                                                                                                                                                                                0x01318e7f
                                                                                                                                                                                                                                0x01318e81
                                                                                                                                                                                                                                0x01318ed7
                                                                                                                                                                                                                                0x01318ede
                                                                                                                                                                                                                                0x01318ee3
                                                                                                                                                                                                                                0x01318ee5
                                                                                                                                                                                                                                0x01318ee5
                                                                                                                                                                                                                                0x01318eea
                                                                                                                                                                                                                                0x01318efd
                                                                                                                                                                                                                                0x01318eff
                                                                                                                                                                                                                                0x01318f37
                                                                                                                                                                                                                                0x01318f3e
                                                                                                                                                                                                                                0x01318f43
                                                                                                                                                                                                                                0x01318f45
                                                                                                                                                                                                                                0x01318f45
                                                                                                                                                                                                                                0x01318f4a
                                                                                                                                                                                                                                0x01318f5d
                                                                                                                                                                                                                                0x01318f5f
                                                                                                                                                                                                                                0x0131900b
                                                                                                                                                                                                                                0x01319012
                                                                                                                                                                                                                                0x01319017
                                                                                                                                                                                                                                0x01319019
                                                                                                                                                                                                                                0x01319019
                                                                                                                                                                                                                                0x0131901e
                                                                                                                                                                                                                                0x01319031
                                                                                                                                                                                                                                0x01319033
                                                                                                                                                                                                                                0x0131906d
                                                                                                                                                                                                                                0x01319074
                                                                                                                                                                                                                                0x01319079
                                                                                                                                                                                                                                0x0131907b
                                                                                                                                                                                                                                0x0131907b
                                                                                                                                                                                                                                0x01319080
                                                                                                                                                                                                                                0x01319093
                                                                                                                                                                                                                                0x01319095
                                                                                                                                                                                                                                0x013190bc
                                                                                                                                                                                                                                0x013190c3
                                                                                                                                                                                                                                0x013190c8
                                                                                                                                                                                                                                0x013190ca
                                                                                                                                                                                                                                0x013190ca
                                                                                                                                                                                                                                0x013190cf
                                                                                                                                                                                                                                0x013190e2
                                                                                                                                                                                                                                0x013190e4
                                                                                                                                                                                                                                0x01319130
                                                                                                                                                                                                                                0x01319137
                                                                                                                                                                                                                                0x0131913c
                                                                                                                                                                                                                                0x0131913e
                                                                                                                                                                                                                                0x0131913e
                                                                                                                                                                                                                                0x01319143
                                                                                                                                                                                                                                0x01319156
                                                                                                                                                                                                                                0x01319158
                                                                                                                                                                                                                                0x01319202
                                                                                                                                                                                                                                0x01319209
                                                                                                                                                                                                                                0x0131920e
                                                                                                                                                                                                                                0x01319210
                                                                                                                                                                                                                                0x01319210
                                                                                                                                                                                                                                0x01319215
                                                                                                                                                                                                                                0x01319228
                                                                                                                                                                                                                                0x0131922a
                                                                                                                                                                                                                                0x01319361
                                                                                                                                                                                                                                0x01319368
                                                                                                                                                                                                                                0x0131936e
                                                                                                                                                                                                                                0x01319370
                                                                                                                                                                                                                                0x01319385
                                                                                                                                                                                                                                0x0131938f
                                                                                                                                                                                                                                0x01319395
                                                                                                                                                                                                                                0x013193a4
                                                                                                                                                                                                                                0x013193a8
                                                                                                                                                                                                                                0x013193ad
                                                                                                                                                                                                                                0x013193b2
                                                                                                                                                                                                                                0x013193b8
                                                                                                                                                                                                                                0x013193bf
                                                                                                                                                                                                                                0x013193ca
                                                                                                                                                                                                                                0x013193cf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013193cf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01319230
                                                                                                                                                                                                                                0x01319230
                                                                                                                                                                                                                                0x0131923b
                                                                                                                                                                                                                                0x0131923c
                                                                                                                                                                                                                                0x0131923d
                                                                                                                                                                                                                                0x01319242
                                                                                                                                                                                                                                0x01319249
                                                                                                                                                                                                                                0x01319253
                                                                                                                                                                                                                                0x0131925b
                                                                                                                                                                                                                                0x0131925f
                                                                                                                                                                                                                                0x0131926e
                                                                                                                                                                                                                                0x01319272
                                                                                                                                                                                                                                0x0131927d
                                                                                                                                                                                                                                0x01319280
                                                                                                                                                                                                                                0x01319286
                                                                                                                                                                                                                                0x0131928c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01319292
                                                                                                                                                                                                                                0x01319292
                                                                                                                                                                                                                                0x01319296
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131929c
                                                                                                                                                                                                                                0x0131929c
                                                                                                                                                                                                                                0x013192a0
                                                                                                                                                                                                                                0x013192a6
                                                                                                                                                                                                                                0x013192a2
                                                                                                                                                                                                                                0x013192a2
                                                                                                                                                                                                                                0x013192a2
                                                                                                                                                                                                                                0x013192a8
                                                                                                                                                                                                                                0x013192ac
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013192b2
                                                                                                                                                                                                                                0x013192be
                                                                                                                                                                                                                                0x013192c3
                                                                                                                                                                                                                                0x013192ca
                                                                                                                                                                                                                                0x013192cc
                                                                                                                                                                                                                                0x013192d5
                                                                                                                                                                                                                                0x013192d8
                                                                                                                                                                                                                                0x013192de
                                                                                                                                                                                                                                0x013192e5
                                                                                                                                                                                                                                0x013192eb
                                                                                                                                                                                                                                0x013192f1
                                                                                                                                                                                                                                0x013192f3
                                                                                                                                                                                                                                0x01319308
                                                                                                                                                                                                                                0x0131930c
                                                                                                                                                                                                                                0x0131931d
                                                                                                                                                                                                                                0x0131932c
                                                                                                                                                                                                                                0x01319330
                                                                                                                                                                                                                                0x01319330
                                                                                                                                                                                                                                0x0131933b
                                                                                                                                                                                                                                0x0131933c
                                                                                                                                                                                                                                0x0131933d
                                                                                                                                                                                                                                0x01319344
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01319344
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013192ac
                                                                                                                                                                                                                                0x01319296
                                                                                                                                                                                                                                0x0131928c
                                                                                                                                                                                                                                0x0131915e
                                                                                                                                                                                                                                0x0131915e
                                                                                                                                                                                                                                0x01319169
                                                                                                                                                                                                                                0x0131916a
                                                                                                                                                                                                                                0x0131916b
                                                                                                                                                                                                                                0x01319170
                                                                                                                                                                                                                                0x0131917a
                                                                                                                                                                                                                                0x01319182
                                                                                                                                                                                                                                0x01319186
                                                                                                                                                                                                                                0x01319195
                                                                                                                                                                                                                                0x01319199
                                                                                                                                                                                                                                0x013191a4
                                                                                                                                                                                                                                0x013191a7
                                                                                                                                                                                                                                0x013191ad
                                                                                                                                                                                                                                0x013191b3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013191b9
                                                                                                                                                                                                                                0x013191b9
                                                                                                                                                                                                                                0x013191bd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013191c3
                                                                                                                                                                                                                                0x013191c3
                                                                                                                                                                                                                                0x013191c7
                                                                                                                                                                                                                                0x013191cd
                                                                                                                                                                                                                                0x013191c9
                                                                                                                                                                                                                                0x013191c9
                                                                                                                                                                                                                                0x013191c9
                                                                                                                                                                                                                                0x013191cf
                                                                                                                                                                                                                                0x013191d3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013191d9
                                                                                                                                                                                                                                0x013191e5
                                                                                                                                                                                                                                0x013191f0
                                                                                                                                                                                                                                0x013191f1
                                                                                                                                                                                                                                0x013191f2
                                                                                                                                                                                                                                0x013191f9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013191f9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013191d3
                                                                                                                                                                                                                                0x013191bd
                                                                                                                                                                                                                                0x013191b3
                                                                                                                                                                                                                                0x013190e6
                                                                                                                                                                                                                                0x013190ec
                                                                                                                                                                                                                                0x013190f1
                                                                                                                                                                                                                                0x013190f7
                                                                                                                                                                                                                                0x013190fe
                                                                                                                                                                                                                                0x01319105
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01319105
                                                                                                                                                                                                                                0x01319097
                                                                                                                                                                                                                                0x0131909d
                                                                                                                                                                                                                                0x013190a2
                                                                                                                                                                                                                                0x013190a8
                                                                                                                                                                                                                                0x013190af
                                                                                                                                                                                                                                0x013190b6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013190b6
                                                                                                                                                                                                                                0x01319035
                                                                                                                                                                                                                                0x0131903b
                                                                                                                                                                                                                                0x01319042
                                                                                                                                                                                                                                0x01319048
                                                                                                                                                                                                                                0x0131904e
                                                                                                                                                                                                                                0x0131905e
                                                                                                                                                                                                                                0x01319062
                                                                                                                                                                                                                                0x01319067
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01319067
                                                                                                                                                                                                                                0x01318f65
                                                                                                                                                                                                                                0x01318f65
                                                                                                                                                                                                                                0x01318f70
                                                                                                                                                                                                                                0x01318f71
                                                                                                                                                                                                                                0x01318f72
                                                                                                                                                                                                                                0x01318f77
                                                                                                                                                                                                                                0x01318f81
                                                                                                                                                                                                                                0x01318f89
                                                                                                                                                                                                                                0x01318f8d
                                                                                                                                                                                                                                0x01318f9c
                                                                                                                                                                                                                                0x01318fa0
                                                                                                                                                                                                                                0x01318fab
                                                                                                                                                                                                                                0x01318fae
                                                                                                                                                                                                                                0x01318fb4
                                                                                                                                                                                                                                0x01318fba
                                                                                                                                                                                                                                0x0131934d
                                                                                                                                                                                                                                0x0131934d
                                                                                                                                                                                                                                0x0131934d
                                                                                                                                                                                                                                0x01319350
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318fc0
                                                                                                                                                                                                                                0x01318fc0
                                                                                                                                                                                                                                0x01318fc4
                                                                                                                                                                                                                                0x013194ab
                                                                                                                                                                                                                                0x013194b0
                                                                                                                                                                                                                                0x013194b5
                                                                                                                                                                                                                                0x013194b6
                                                                                                                                                                                                                                0x013194b7
                                                                                                                                                                                                                                0x013194bc
                                                                                                                                                                                                                                0x013194c2
                                                                                                                                                                                                                                0x013194cf
                                                                                                                                                                                                                                0x01318fca
                                                                                                                                                                                                                                0x01318fca
                                                                                                                                                                                                                                0x01318fce
                                                                                                                                                                                                                                0x01318fd4
                                                                                                                                                                                                                                0x01318fd0
                                                                                                                                                                                                                                0x01318fd0
                                                                                                                                                                                                                                0x01318fd0
                                                                                                                                                                                                                                0x01318fd6
                                                                                                                                                                                                                                0x01318fda
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318fe0
                                                                                                                                                                                                                                0x01318fec
                                                                                                                                                                                                                                0x01318ff7
                                                                                                                                                                                                                                0x01318ff8
                                                                                                                                                                                                                                0x01318ff9
                                                                                                                                                                                                                                0x01319000
                                                                                                                                                                                                                                0x01319004
                                                                                                                                                                                                                                0x01319004
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01319004
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318fda
                                                                                                                                                                                                                                0x01318fc4
                                                                                                                                                                                                                                0x01318fba
                                                                                                                                                                                                                                0x01318f01
                                                                                                                                                                                                                                0x01318f07
                                                                                                                                                                                                                                0x01318f0c
                                                                                                                                                                                                                                0x01318f12
                                                                                                                                                                                                                                0x01318f19
                                                                                                                                                                                                                                0x01318f20
                                                                                                                                                                                                                                0x01318f27
                                                                                                                                                                                                                                0x01318f2e
                                                                                                                                                                                                                                0x01319109
                                                                                                                                                                                                                                0x01319109
                                                                                                                                                                                                                                0x0131910e
                                                                                                                                                                                                                                0x01319113
                                                                                                                                                                                                                                0x01319118
                                                                                                                                                                                                                                0x0131911a
                                                                                                                                                                                                                                0x0131911a
                                                                                                                                                                                                                                0x01319122
                                                                                                                                                                                                                                0x01319126
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01319126
                                                                                                                                                                                                                                0x01318e83
                                                                                                                                                                                                                                0x01318e8e
                                                                                                                                                                                                                                0x01318e95
                                                                                                                                                                                                                                0x01318ea5
                                                                                                                                                                                                                                0x01318ea9
                                                                                                                                                                                                                                0x01318eb4
                                                                                                                                                                                                                                0x01318eba
                                                                                                                                                                                                                                0x01318ebe
                                                                                                                                                                                                                                0x01318ecc
                                                                                                                                                                                                                                0x01318ed1
                                                                                                                                                                                                                                0x013193d0
                                                                                                                                                                                                                                0x013193d0
                                                                                                                                                                                                                                0x013193d8
                                                                                                                                                                                                                                0x013193dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013193dc
                                                                                                                                                                                                                                0x01318d16
                                                                                                                                                                                                                                0x01318d16
                                                                                                                                                                                                                                0x01318d21
                                                                                                                                                                                                                                0x01318d22
                                                                                                                                                                                                                                0x01318d23
                                                                                                                                                                                                                                0x01318d28
                                                                                                                                                                                                                                0x01318d3a
                                                                                                                                                                                                                                0x01318d3e
                                                                                                                                                                                                                                0x01318d4d
                                                                                                                                                                                                                                0x01318d51
                                                                                                                                                                                                                                0x01318d5c
                                                                                                                                                                                                                                0x01318d5f
                                                                                                                                                                                                                                0x01318d66
                                                                                                                                                                                                                                0x01318d6c
                                                                                                                                                                                                                                0x01318d72
                                                                                                                                                                                                                                0x01318e20
                                                                                                                                                                                                                                0x01318d78
                                                                                                                                                                                                                                0x01318d7f
                                                                                                                                                                                                                                0x01318d8a
                                                                                                                                                                                                                                0x01318d8b
                                                                                                                                                                                                                                0x01318d92
                                                                                                                                                                                                                                0x01318d96
                                                                                                                                                                                                                                0x01318d9f
                                                                                                                                                                                                                                0x01318da5
                                                                                                                                                                                                                                0x01318da9
                                                                                                                                                                                                                                0x01318db7
                                                                                                                                                                                                                                0x01318dbb
                                                                                                                                                                                                                                0x01318dc6
                                                                                                                                                                                                                                0x01318dcd
                                                                                                                                                                                                                                0x01318dd2
                                                                                                                                                                                                                                0x01318ddd
                                                                                                                                                                                                                                0x01318dde
                                                                                                                                                                                                                                0x01318de2
                                                                                                                                                                                                                                0x01318e00
                                                                                                                                                                                                                                0x01318e03
                                                                                                                                                                                                                                0x01318e07
                                                                                                                                                                                                                                0x01318e15
                                                                                                                                                                                                                                0x01318e19
                                                                                                                                                                                                                                0x01318e19
                                                                                                                                                                                                                                0x01318e22
                                                                                                                                                                                                                                0x01318e24
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318e2a
                                                                                                                                                                                                                                0x01318e2a
                                                                                                                                                                                                                                0x01318e31
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318e37
                                                                                                                                                                                                                                0x01318e42
                                                                                                                                                                                                                                0x01318e47
                                                                                                                                                                                                                                0x01318e49
                                                                                                                                                                                                                                0x01318e4b
                                                                                                                                                                                                                                0x01318e4f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318e4f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318e31
                                                                                                                                                                                                                                0x01318e24
                                                                                                                                                                                                                                0x01318b66
                                                                                                                                                                                                                                0x01318b66
                                                                                                                                                                                                                                0x01318b71
                                                                                                                                                                                                                                0x01318b72
                                                                                                                                                                                                                                0x01318b78
                                                                                                                                                                                                                                0x01318b8a
                                                                                                                                                                                                                                0x01318b8e
                                                                                                                                                                                                                                0x01318b9d
                                                                                                                                                                                                                                0x01318ba1
                                                                                                                                                                                                                                0x01318bac
                                                                                                                                                                                                                                0x01318baf
                                                                                                                                                                                                                                0x01318bb5
                                                                                                                                                                                                                                0x01318bbb
                                                                                                                                                                                                                                0x01319452
                                                                                                                                                                                                                                0x01319452
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318bc1
                                                                                                                                                                                                                                0x01318bc8
                                                                                                                                                                                                                                0x01318bd3
                                                                                                                                                                                                                                0x01318bd4
                                                                                                                                                                                                                                0x01318bdb
                                                                                                                                                                                                                                0x01318bdf
                                                                                                                                                                                                                                0x01318be8
                                                                                                                                                                                                                                0x01318bee
                                                                                                                                                                                                                                0x01318bf2
                                                                                                                                                                                                                                0x01318c00
                                                                                                                                                                                                                                0x01318c04
                                                                                                                                                                                                                                0x01318c0f
                                                                                                                                                                                                                                0x01318c16
                                                                                                                                                                                                                                0x01318c1b
                                                                                                                                                                                                                                0x01318c26
                                                                                                                                                                                                                                0x01318c27
                                                                                                                                                                                                                                0x01318c2b
                                                                                                                                                                                                                                0x01318c49
                                                                                                                                                                                                                                0x01318c4d
                                                                                                                                                                                                                                0x01318c5b
                                                                                                                                                                                                                                0x01318c5f
                                                                                                                                                                                                                                0x01318c67
                                                                                                                                                                                                                                0x01319356
                                                                                                                                                                                                                                0x01319356
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318c6d
                                                                                                                                                                                                                                0x01318c6d
                                                                                                                                                                                                                                0x01318c74
                                                                                                                                                                                                                                0x01318c81
                                                                                                                                                                                                                                0x01318c86
                                                                                                                                                                                                                                0x01318c88
                                                                                                                                                                                                                                0x01318c89
                                                                                                                                                                                                                                0x01318c8d
                                                                                                                                                                                                                                0x01318c92
                                                                                                                                                                                                                                0x01318c98
                                                                                                                                                                                                                                0x01318ca3
                                                                                                                                                                                                                                0x01318cac
                                                                                                                                                                                                                                0x01318cb2
                                                                                                                                                                                                                                0x01318cb7
                                                                                                                                                                                                                                0x01318cbc
                                                                                                                                                                                                                                0x01318cc2
                                                                                                                                                                                                                                0x01318cc5
                                                                                                                                                                                                                                0x01318cd0
                                                                                                                                                                                                                                0x01318cdb
                                                                                                                                                                                                                                0x01318cdb
                                                                                                                                                                                                                                0x01318ce0
                                                                                                                                                                                                                                0x01318ce2
                                                                                                                                                                                                                                0x01319454
                                                                                                                                                                                                                                0x0131945a
                                                                                                                                                                                                                                0x0131945f
                                                                                                                                                                                                                                0x01319464
                                                                                                                                                                                                                                0x0131946c
                                                                                                                                                                                                                                0x01319479
                                                                                                                                                                                                                                0x01319484
                                                                                                                                                                                                                                0x01319488
                                                                                                                                                                                                                                0x01319495
                                                                                                                                                                                                                                0x013194a2
                                                                                                                                                                                                                                0x0131944c
                                                                                                                                                                                                                                0x01319451
                                                                                                                                                                                                                                0x01319451
                                                                                                                                                                                                                                0x01318c67
                                                                                                                                                                                                                                0x01318bbb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013193e1
                                                                                                                                                                                                                                0x013193e1
                                                                                                                                                                                                                                0x013193e4
                                                                                                                                                                                                                                0x013193ea
                                                                                                                                                                                                                                0x013193ea
                                                                                                                                                                                                                                0x013193f6
                                                                                                                                                                                                                                0x013193f6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013193f6
                                                                                                                                                                                                                                0x01318b32
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 013189E8
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                • LoadStringW.USER32(00000072,?,00000190,?), ref: 01318A21
                                                                                                                                                                                                                                  • Part of subcall function 01319F97: __EH_prolog3.LIBCMT ref: 01319F9E
                                                                                                                                                                                                                                  • Part of subcall function 0131E279: __EH_prolog3_catch.LIBCMT ref: 0131E280
                                                                                                                                                                                                                                  • Part of subcall function 013196AE: __EH_prolog3_catch.LIBCMT ref: 013196B5
                                                                                                                                                                                                                                  • Part of subcall function 013194B6: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 013194C8
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01318CA3
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 013194B0
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: std::_Xinvalid_argument.LIBCPMT ref: 0131B6BF
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: std::_Xinvalid_argument.LIBCPMT ref: 0131B6E1
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: _memmove.LIBCMT ref: 0131B725
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_Xinvalid_argument_setlocalestd::_$H_prolog3_catch_memmove_memset_wcslen$CurrentH_prolog3Ios_base_dtorLoadLocalProcessStringTime__cftoestd::ios_base::_swprintf
                                                                                                                                                                                                                                • String ID: $" should be followed by a numeric value$Command line argument "$HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce$PIP$invalid string position
                                                                                                                                                                                                                                • API String ID: 349657962-3485492264
                                                                                                                                                                                                                                • Opcode ID: 1454428fa5a50cd7c3cadb930cf4c0fe86518a90af4e0852969b50ab07e0c907
                                                                                                                                                                                                                                • Instruction ID: 290fdc0ba1cd704c9fd11e6c970d770c87efd0e4f63ed06930db08973a7a3b55
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1454428fa5a50cd7c3cadb930cf4c0fe86518a90af4e0852969b50ab07e0c907
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2552D531905299EEEB29DB6CCC54BDE77B8AF1931CF1401D9D409A7284DBB0AE84CF61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132B1D7, Relevance: 51.1, APIs: 20, Strings: 9, Instructions: 378windowfiletimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 391 132b1d7-132b217 392 132b31a-132b31d 391->392 393 132b21d 391->393 395 132b388-132b3af call 1345350 call 13748c1 392->395 396 132b31f-132b370 call 1319b08 call 1376d83 call 131b74b call 1376d83 call 131b74b 392->396 394 132b221-132b227 393->394 397 132b28b-132b28d 394->397 398 132b229-132b22b 394->398 451 132b372 396->451 452 132b374-132b383 RemoveDirectoryW call 131aa87 396->452 401 132b3b0-132b3e1 RaiseException call 137c242 397->401 404 132b293-132b299 397->404 398->401 402 132b231-132b237 398->402 419 132b3e3-132b447 call 1319638 call 134ba76 call 135be26 call 131d888 call 134ba76 call 1311524 401->419 420 132b449 401->420 402->401 406 132b23d-132b286 call 135be26 call 131d888 call 134ba76 call 1311524 402->406 404->401 408 132b29f-132b2ad 404->408 406->397 413 132b2b1-132b2ba GetFileAttributesW 408->413 414 132b2af 408->414 417 132b2e3-132b2e9 413->417 418 132b2bc-132b2c2 413->418 414->413 417->401 426 132b2ef-132b2fd 417->426 418->401 424 132b2c8-132b2d6 418->424 428 132b44e-132b477 call 13570b1 call 1345b51 call 131f26e 419->428 420->428 430 132b2da-132b2e1 RemoveDirectoryW 424->430 431 132b2d8 424->431 433 132b301-132b302 DeleteFileW 426->433 434 132b2ff 426->434 457 132b4c0-132b4c7 428->457 458 132b479-132b4bb call 135bfb1 call 131d888 call 134ba76 call 1311524 428->458 440 132b308-132b314 430->440 431->430 433->440 434->433 440->392 440->394 451->452 452->395 462 132b55d-132b667 GetDlgItem call 13446cb call 1376d83 call 131b7e3 GetDlgItem call 13446cb GetDlgItem call 13446cb GetDlgItem * 4 SendMessageW call 131f26e call 1330720 call 1319b30 call 131fd87 call 131aa87 457->462 463 132b4cd-132b4f0 SetTimer 457->463 458->457 505 132b712-132b719 462->505 506 132b66d-132b695 call 1319b30 call 131fd37 462->506 463->462 467 132b4f2-132b558 call 135bfb1 call 131d888 call 1347f01 call 134ba76 call 1311524 * 2 463->467 467->462 508 132b724-132b732 PostMessageW 505->508 509 132b71b-132b722 505->509 516 132b697 506->516 517 132b699-132b6cd call 1319b30 call 131aa87 * 2 call 1327839 506->517 511 132b738-132b740 call 137c2c5 508->511 509->508 509->511 516->517 526 132b707-132b70d call 131aa87 517->526 527 132b6cf-132b6e6 ShowWindow 517->527 526->505 527->526 528 132b6e8-132b702 call 1319638 call 134ba76 527->528 528->526
                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                			E0132B1D7(void* __ebx, void* __edx, void* __edi, void* __esi, int _a4) {
				signed int _v8;
				long _v12;
				char _v16;
				signed int _v24;
				signed int _v36;
				char _v48;
				char _v52;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				void* _v88;
				WCHAR* _v92;
				char _v104;
				char _v132;
				char _v160;
				char _v161;
				char _v162;
				signed int _v168;
				int _v172;
				signed int _t107;
				signed int _t109;
				void* _t112;
				void* _t118;
				WCHAR* _t120;
				signed int _t130;
				struct HWND__* _t142;
				void* _t147;
				intOrPtr* _t155;
				signed int _t159;
				int _t164;
				void* _t167;
				void* _t169;
				void* _t175;
				void* _t182;
				WCHAR* _t187;
				signed char _t188;
				WCHAR* _t190;
				void* _t193;
				WCHAR* _t198;
				void* _t202;
				struct HWND__** _t205;
				struct HWND__** _t215;
				void* _t247;
				void* _t248;
				void* _t249;
				int _t254;
				void* _t256;
				WCHAR* _t260;
				char* _t261;
				signed int _t266;
				signed int _t268;
				signed int _t271;
				signed int _t272;
				signed int _t273;
				intOrPtr _t274;
				char _t276;

				_t248 = __edi;
				_t247 = __edx;
				_push(0xffffffff);
				_push(0x139533c);
				_push( *[fs:0x0]);
				_t268 = (_t266 & 0xfffffff8) - 0x4c;
				_t107 =  *0x13bce20; // 0xa1d783ff
				_v24 = _t107 ^ _t268;
				_push(__ebx);
				_push(__esi);
				_t109 =  *0x13bce20; // 0xa1d783ff
				_push(_t109 ^ _t268);
				 *[fs:0x0] =  &_v16;
				_t254 = 0;
				if( *((intOrPtr*)(__edi + 0x148)) <= 0) {
					L20:
					_t287 =  *((intOrPtr*)(_t248 + 0x28));
					if( *((intOrPtr*)(_t248 + 0x28)) != 0) {
						E01319B08( &_v80, _t248 + 0x1d4);
						_v12 = 1;
						E0131B74B(E01376D83("\\"),  &_v84, _t287, "\\");
						_t118 = E01376D83(L"apn_pip_local\\");
						_t260 =  &_v88;
						E0131B74B(_t118, _t260, _t287, L"apn_pip_local\\");
						_t120 = _v92;
						if(_v72 < 8) {
							_t120 = _t260;
						}
						RemoveDirectoryW(_t120);
						E0131AA87( &_v80, 1, 0);
					}
					_t112 = E01345350(_t248 + 0x144);
					 *[fs:0x0] = _v16;
					_pop(_t256);
					_pop(_t202);
					return E013748C1(_t112, _t202, _v24 ^ _t268, _t247, _t248, _t256);
				} else {
					_v88 = 0;
					do {
						_t276 =  *0x13c2a33; // 0x0
						if(_t276 == 0) {
							L6:
							if(_t254 < 0 || _t254 >=  *((intOrPtr*)(_t248 + 0x148))) {
								goto L25;
							} else {
								_t187 =  *((intOrPtr*)(_t248 + 0x144)) + _v88;
								if(_t187[0xa] >= 8) {
									_t187 =  *_t187;
								}
								_t188 = GetFileAttributesW(_t187); // executed
								if((_t188 & 0x00000010) == 0) {
									__eflags = _t254 -  *((intOrPtr*)(_t248 + 0x148));
									if(_t254 >=  *((intOrPtr*)(_t248 + 0x148))) {
										goto L25;
									} else {
										_t190 =  *((intOrPtr*)(_t248 + 0x144)) + _v88;
										__eflags = _t190[0xa] - 8;
										if(__eflags >= 0) {
											_t190 =  *_t190;
										}
										DeleteFileW(_t190); // executed
										goto L19;
									}
								} else {
									if(_t254 >=  *((intOrPtr*)(_t248 + 0x148))) {
										goto L25;
									} else {
										_t198 =  *((intOrPtr*)(_t248 + 0x144)) + _v88;
										if(_t198[0xa] >= 8) {
											_t198 =  *_t198;
										}
										RemoveDirectoryW(_t198); // executed
										goto L19;
									}
								}
							}
						} else {
							if(_t254 < 0) {
								L25:
								RaiseException(0xc000008c, 1, 0, 0);
								asm("int3");
								_push(0xa0);
								E0137C242(0x13980cf, 0, _t248, _t254);
								__eflags =  *0x13c2a33;
								_t261 = _t206;
								_v172 = _a4;
								if(__eflags == 0) {
									_t249 = 0x13c2b18;
								} else {
									_t272 = _t268 - 0x1c;
									_v168 = _t272;
									E01319638(_t272, "OnInitDialog......0");
									_t249 = 0x13c2b18;
									E0134BA76(0, 0x13c2b18, _t247, 0x13c2b18, _t261, __eflags);
									_push( &_v48);
									_t182 = E0135BE26(0, 0x13c2eec, 0x13c2b18, _t261, __eflags);
									_v8 = _v8 & 0x00000000;
									_t273 = _t272 - 0x18;
									_v168 = _t273;
									E0131D888(_t273, _t273, "Reboot command: ", _t182);
									_t268 = _t273 + 0xc;
									E0134BA76(0, 0x13c2b18, _t247, 0x13c2b18, _t261, __eflags);
									_v8 = _v8 | 0xffffffff;
									_t206 =  &_v48;
									E01311524( &_v48, 1, 0);
								}
								_t205 = _t261 + 4;
								E013570B1(_t206, _t247, _t249, _t261, __eflags,  *_t205); // executed
								E01345B51(_t247, _t261, 0x6a);
								 *_v172 =  *_v172 & 0x00000000;
								_t215 = _t205; // executed
								E0131F26E(_t215, _t247); // executed
								__eflags =  *0x13c2a33;
								if(__eflags != 0) {
									_push( *0x13c2a2c);
									_push( &_v48);
									_t175 = E0135BFB1(_t205, _t249, _t261, __eflags);
									_t271 = _t268 - 0x14;
									_v168 = _t271;
									_v8 = 1;
									E0131D888(_t271, _t271, "\tTimeout value: ", _t175);
									_t268 = _t271 + 0xc;
									E0134BA76(_t205, _t249, _t247, _t249, _t261, __eflags);
									_t58 =  &_v8;
									 *_t58 = _v8 | 0xffffffff;
									__eflags =  *_t58;
									_t215 =  &_v48;
									E01311524(_t215, 1, 0);
								}
								_t130 =  *0x13c2a2c; // 0x0
								__eflags = _t130;
								if(__eflags > 0) {
									_t164 = _t130 * 0x3e8;
									_v172 = _t164;
									SetTimer( *_t205, 2, _t164, 0x1340706);
									__eflags =  *0x13c2a33;
									if(__eflags != 0) {
										_push(_v172);
										_push( &_v160);
										_t167 = E0135BFB1(_t205, _t249, _t261, __eflags);
										_v8 = 2;
										_t169 = E0131D888(_t215,  &_v48, "\tSetting timer for: ", _t167);
										_push(_t215);
										_push(_t215);
										_v168 = _t268;
										_v8 = 3;
										E01347F01(_t268, _t268, _t169, "ms");
										_t268 = _t268 + 0xc;
										E0134BA76(_t205, _t249, _t247, _t249, _t261, __eflags);
										E01311524( &_v48, 1, 0);
										_t69 =  &_v8;
										 *_t69 = _v8 | 0xffffffff;
										__eflags =  *_t69;
										E01311524( &_v160, 1, 0);
									}
								}
								E013446CB(GetDlgItem( *_t205, 3), _t261 + 0x38c, _t247, __eflags);
								E0131B7E3(_t261 + 0x3e0, __eflags, L"Cancel", E01376D83(L"Cancel"));
								E013446CB(GetDlgItem( *_t205, 0xd2), _t261 + 0x2ac, _t247, __eflags);
								E013446CB(GetDlgItem( *_t205, 0xd1), _t261 + 0x31c, _t247, __eflags);
								 *((intOrPtr*)(_t261 + 0x408)) = GetDlgItem( *_t205, 0xcf);
								 *((intOrPtr*)(_t261 + 0x404)) = GetDlgItem( *_t205, 0xd0);
								 *((intOrPtr*)(_t261 + 0x40c)) = GetDlgItem( *_t205, 2);
								_t142 = GetDlgItem( *_t205, 0xd8);
								 *(_t261 + 0x25c) = _t142;
								SendMessageW(_t142, 0x401, 0, 0x640000);
								E0131F26E(_t261 + 0x25c, _t247);
								 *(_t261 + 0x140) =  *(_t261 + 0x140) & 0x00000000;
								E01330720(_t205, _t261, _t247, GetDlgItem, _t261, __eflags); // executed
								_v161 = 0;
								E01319B30( &_v48, L"HideEula");
								_t262 = _t261 + 0x128;
								_t251 =  &_v48;
								_v8 = 4;
								_t147 = E0131FD87( &_v48,  &_v48, _t261 + 0x128);
								__eflags = _t147 - 0xffffffff;
								_v162 = _t147 - 0xffffffff > 0;
								_v8 = _v8 | 0xffffffff;
								E0131AA87( &_v48, 1, 0);
								__eflags = _v162;
								if(_v162 != 0) {
									E01319B30( &_v76, L"HideEula");
									_v8 = 5;
									_t155 = E0131FD37( &_v132,  &_v76, _t247,  &_v76,  &_v132);
									_v8 = 6;
									__eflags =  *((intOrPtr*)(_t155 + 0x14)) - 8;
									if( *((intOrPtr*)(_t155 + 0x14)) >= 8) {
										_t155 =  *_t155;
									}
									E01319B30( &_v104, _t155);
									_t262 = 0;
									E0131AA87( &_v132, 1, 0);
									_v8 = 9;
									E0131AA87( &_v76, 1, 0);
									_t251 =  &_v104;
									_t159 = E01327839(_t247,  &_v104, __eflags, "1");
									__eflags = _t159;
									if(_t159 == 0) {
										_v161 = 1;
										ShowWindow( *_t205, 0); // executed
										__eflags =  *0x13c2a33;
										if( *0x13c2a33 != 0) {
											_v168 = _t268 - 0x1c;
											E01319638(_t268 - 0x1c, "Hiding eula disclosure based on setting");
											E0134BA76(_t205, 0x13c2b18, _t247,  &_v104, 0, __eflags);
										}
									}
									E0131AA87( &_v104, 1, _t262);
								}
								__eflags =  *0x13c2a2b;
								if( *0x13c2a2b != 0) {
									L42:
									PostMessageW( *_t205, 0x111, 0xd2, 0); // executed
								} else {
									__eflags = _v161;
									if(_v161 != 0) {
										goto L42;
									}
								}
								__eflags = 1;
								return E0137C2C5(_t205, _t251, _t262);
							} else {
								_t278 = _t254 -  *((intOrPtr*)(_t248 + 0x148));
								if(_t254 >=  *((intOrPtr*)(_t248 + 0x148))) {
									goto L25;
								} else {
									_push( &_v52);
									_t193 = E0135BE26(0,  *((intOrPtr*)(_t248 + 0x144)) + _v88, _t248, _t254, _t278);
									_t274 = _t268 - 0x18;
									_v84 = _t274;
									_v8 = 0;
									E0131D888(_t274, _t274, "Deleting file ", _t193);
									_t268 = _t274 + 0xc;
									E0134BA76(0, 0x13c2b18, _t247, _t248, _t254, _t278);
									_v36 = _v36 | 0xffffffff;
									_t206 =  &_v80;
									E01311524(_t206, 1, 0);
									goto L6;
								}
							}
						}
						goto L44;
						L19:
						_v88 = _v88 + 0x1c;
						_t254 = _t254 + 1;
					} while (_t254 <  *((intOrPtr*)(_t248 + 0x148)));
					goto L20;
				}
				L44:
			}




























































                                                                                                                                                                                                                                0x0132b1d7
                                                                                                                                                                                                                                0x0132b1d7
                                                                                                                                                                                                                                0x0132b1dd
                                                                                                                                                                                                                                0x0132b1df
                                                                                                                                                                                                                                0x0132b1ea
                                                                                                                                                                                                                                0x0132b1eb
                                                                                                                                                                                                                                0x0132b1ee
                                                                                                                                                                                                                                0x0132b1f5
                                                                                                                                                                                                                                0x0132b1f9
                                                                                                                                                                                                                                0x0132b1fa
                                                                                                                                                                                                                                0x0132b1fb
                                                                                                                                                                                                                                0x0132b202
                                                                                                                                                                                                                                0x0132b207
                                                                                                                                                                                                                                0x0132b20f
                                                                                                                                                                                                                                0x0132b217
                                                                                                                                                                                                                                0x0132b31a
                                                                                                                                                                                                                                0x0132b31a
                                                                                                                                                                                                                                0x0132b31d
                                                                                                                                                                                                                                0x0132b32a
                                                                                                                                                                                                                                0x0132b335
                                                                                                                                                                                                                                0x0132b34a
                                                                                                                                                                                                                                0x0132b355
                                                                                                                                                                                                                                0x0132b35e
                                                                                                                                                                                                                                0x0132b362
                                                                                                                                                                                                                                0x0132b36c
                                                                                                                                                                                                                                0x0132b370
                                                                                                                                                                                                                                0x0132b372
                                                                                                                                                                                                                                0x0132b372
                                                                                                                                                                                                                                0x0132b375
                                                                                                                                                                                                                                0x0132b383
                                                                                                                                                                                                                                0x0132b383
                                                                                                                                                                                                                                0x0132b38e
                                                                                                                                                                                                                                0x0132b397
                                                                                                                                                                                                                                0x0132b39f
                                                                                                                                                                                                                                0x0132b3a0
                                                                                                                                                                                                                                0x0132b3af
                                                                                                                                                                                                                                0x0132b21d
                                                                                                                                                                                                                                0x0132b21d
                                                                                                                                                                                                                                0x0132b221
                                                                                                                                                                                                                                0x0132b221
                                                                                                                                                                                                                                0x0132b227
                                                                                                                                                                                                                                0x0132b28b
                                                                                                                                                                                                                                0x0132b28d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b29f
                                                                                                                                                                                                                                0x0132b2a5
                                                                                                                                                                                                                                0x0132b2ad
                                                                                                                                                                                                                                0x0132b2af
                                                                                                                                                                                                                                0x0132b2af
                                                                                                                                                                                                                                0x0132b2b2
                                                                                                                                                                                                                                0x0132b2ba
                                                                                                                                                                                                                                0x0132b2e3
                                                                                                                                                                                                                                0x0132b2e9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b2ef
                                                                                                                                                                                                                                0x0132b2f5
                                                                                                                                                                                                                                0x0132b2f9
                                                                                                                                                                                                                                0x0132b2fd
                                                                                                                                                                                                                                0x0132b2ff
                                                                                                                                                                                                                                0x0132b2ff
                                                                                                                                                                                                                                0x0132b302
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b302
                                                                                                                                                                                                                                0x0132b2bc
                                                                                                                                                                                                                                0x0132b2c2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b2c8
                                                                                                                                                                                                                                0x0132b2ce
                                                                                                                                                                                                                                0x0132b2d6
                                                                                                                                                                                                                                0x0132b2d8
                                                                                                                                                                                                                                0x0132b2d8
                                                                                                                                                                                                                                0x0132b2db
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b2db
                                                                                                                                                                                                                                0x0132b2c2
                                                                                                                                                                                                                                0x0132b2ba
                                                                                                                                                                                                                                0x0132b229
                                                                                                                                                                                                                                0x0132b22b
                                                                                                                                                                                                                                0x0132b3b0
                                                                                                                                                                                                                                0x0132b3b9
                                                                                                                                                                                                                                0x0132b3bf
                                                                                                                                                                                                                                0x0132b3c0
                                                                                                                                                                                                                                0x0132b3ca
                                                                                                                                                                                                                                0x0132b3cf
                                                                                                                                                                                                                                0x0132b3d9
                                                                                                                                                                                                                                0x0132b3db
                                                                                                                                                                                                                                0x0132b3e1
                                                                                                                                                                                                                                0x0132b449
                                                                                                                                                                                                                                0x0132b3e3
                                                                                                                                                                                                                                0x0132b3e3
                                                                                                                                                                                                                                0x0132b3e8
                                                                                                                                                                                                                                0x0132b3f3
                                                                                                                                                                                                                                0x0132b3f8
                                                                                                                                                                                                                                0x0132b3ff
                                                                                                                                                                                                                                0x0132b407
                                                                                                                                                                                                                                0x0132b40d
                                                                                                                                                                                                                                0x0132b412
                                                                                                                                                                                                                                0x0132b416
                                                                                                                                                                                                                                0x0132b41b
                                                                                                                                                                                                                                0x0132b428
                                                                                                                                                                                                                                0x0132b42d
                                                                                                                                                                                                                                0x0132b432
                                                                                                                                                                                                                                0x0132b437
                                                                                                                                                                                                                                0x0132b43f
                                                                                                                                                                                                                                0x0132b442
                                                                                                                                                                                                                                0x0132b442
                                                                                                                                                                                                                                0x0132b44e
                                                                                                                                                                                                                                0x0132b453
                                                                                                                                                                                                                                0x0132b45b
                                                                                                                                                                                                                                0x0132b466
                                                                                                                                                                                                                                0x0132b469
                                                                                                                                                                                                                                0x0132b46b
                                                                                                                                                                                                                                0x0132b470
                                                                                                                                                                                                                                0x0132b477
                                                                                                                                                                                                                                0x0132b479
                                                                                                                                                                                                                                0x0132b482
                                                                                                                                                                                                                                0x0132b483
                                                                                                                                                                                                                                0x0132b488
                                                                                                                                                                                                                                0x0132b48d
                                                                                                                                                                                                                                0x0132b49a
                                                                                                                                                                                                                                0x0132b4a1
                                                                                                                                                                                                                                0x0132b4a6
                                                                                                                                                                                                                                0x0132b4ab
                                                                                                                                                                                                                                0x0132b4b0
                                                                                                                                                                                                                                0x0132b4b0
                                                                                                                                                                                                                                0x0132b4b0
                                                                                                                                                                                                                                0x0132b4b8
                                                                                                                                                                                                                                0x0132b4bb
                                                                                                                                                                                                                                0x0132b4bb
                                                                                                                                                                                                                                0x0132b4c0
                                                                                                                                                                                                                                0x0132b4c5
                                                                                                                                                                                                                                0x0132b4c7
                                                                                                                                                                                                                                0x0132b4cd
                                                                                                                                                                                                                                0x0132b4dd
                                                                                                                                                                                                                                0x0132b4e3
                                                                                                                                                                                                                                0x0132b4e9
                                                                                                                                                                                                                                0x0132b4f0
                                                                                                                                                                                                                                0x0132b4f2
                                                                                                                                                                                                                                0x0132b4fe
                                                                                                                                                                                                                                0x0132b4ff
                                                                                                                                                                                                                                0x0132b50e
                                                                                                                                                                                                                                0x0132b515
                                                                                                                                                                                                                                0x0132b51a
                                                                                                                                                                                                                                0x0132b51b
                                                                                                                                                                                                                                0x0132b51e
                                                                                                                                                                                                                                0x0132b52b
                                                                                                                                                                                                                                0x0132b52f
                                                                                                                                                                                                                                0x0132b534
                                                                                                                                                                                                                                0x0132b539
                                                                                                                                                                                                                                0x0132b545
                                                                                                                                                                                                                                0x0132b54a
                                                                                                                                                                                                                                0x0132b54a
                                                                                                                                                                                                                                0x0132b54a
                                                                                                                                                                                                                                0x0132b558
                                                                                                                                                                                                                                0x0132b558
                                                                                                                                                                                                                                0x0132b4f0
                                                                                                                                                                                                                                0x0132b56f
                                                                                                                                                                                                                                0x0132b58b
                                                                                                                                                                                                                                0x0132b59f
                                                                                                                                                                                                                                0x0132b5b3
                                                                                                                                                                                                                                0x0132b5c6
                                                                                                                                                                                                                                0x0132b5d2
                                                                                                                                                                                                                                0x0132b5e1
                                                                                                                                                                                                                                0x0132b5e9
                                                                                                                                                                                                                                0x0132b5f8
                                                                                                                                                                                                                                0x0132b5fe
                                                                                                                                                                                                                                0x0132b60a
                                                                                                                                                                                                                                0x0132b60f
                                                                                                                                                                                                                                0x0132b618
                                                                                                                                                                                                                                0x0132b625
                                                                                                                                                                                                                                0x0132b62c
                                                                                                                                                                                                                                0x0132b631
                                                                                                                                                                                                                                0x0132b638
                                                                                                                                                                                                                                0x0132b63b
                                                                                                                                                                                                                                0x0132b642
                                                                                                                                                                                                                                0x0132b647
                                                                                                                                                                                                                                0x0132b64c
                                                                                                                                                                                                                                0x0132b653
                                                                                                                                                                                                                                0x0132b65b
                                                                                                                                                                                                                                0x0132b660
                                                                                                                                                                                                                                0x0132b667
                                                                                                                                                                                                                                0x0132b675
                                                                                                                                                                                                                                0x0132b681
                                                                                                                                                                                                                                0x0132b688
                                                                                                                                                                                                                                0x0132b68d
                                                                                                                                                                                                                                0x0132b691
                                                                                                                                                                                                                                0x0132b695
                                                                                                                                                                                                                                0x0132b697
                                                                                                                                                                                                                                0x0132b697
                                                                                                                                                                                                                                0x0132b69d
                                                                                                                                                                                                                                0x0132b6a2
                                                                                                                                                                                                                                0x0132b6aa
                                                                                                                                                                                                                                0x0132b6b5
                                                                                                                                                                                                                                0x0132b6b9
                                                                                                                                                                                                                                0x0132b6c3
                                                                                                                                                                                                                                0x0132b6c6
                                                                                                                                                                                                                                0x0132b6cb
                                                                                                                                                                                                                                0x0132b6cd
                                                                                                                                                                                                                                0x0132b6d2
                                                                                                                                                                                                                                0x0132b6d9
                                                                                                                                                                                                                                0x0132b6df
                                                                                                                                                                                                                                0x0132b6e6
                                                                                                                                                                                                                                0x0132b6ed
                                                                                                                                                                                                                                0x0132b6f8
                                                                                                                                                                                                                                0x0132b702
                                                                                                                                                                                                                                0x0132b702
                                                                                                                                                                                                                                0x0132b6e6
                                                                                                                                                                                                                                0x0132b70d
                                                                                                                                                                                                                                0x0132b70d
                                                                                                                                                                                                                                0x0132b712
                                                                                                                                                                                                                                0x0132b719
                                                                                                                                                                                                                                0x0132b724
                                                                                                                                                                                                                                0x0132b732
                                                                                                                                                                                                                                0x0132b71b
                                                                                                                                                                                                                                0x0132b71b
                                                                                                                                                                                                                                0x0132b722
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b722
                                                                                                                                                                                                                                0x0132b73a
                                                                                                                                                                                                                                0x0132b740
                                                                                                                                                                                                                                0x0132b231
                                                                                                                                                                                                                                0x0132b231
                                                                                                                                                                                                                                0x0132b237
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b23d
                                                                                                                                                                                                                                0x0132b24b
                                                                                                                                                                                                                                0x0132b24c
                                                                                                                                                                                                                                0x0132b251
                                                                                                                                                                                                                                0x0132b256
                                                                                                                                                                                                                                0x0132b261
                                                                                                                                                                                                                                0x0132b268
                                                                                                                                                                                                                                0x0132b26d
                                                                                                                                                                                                                                0x0132b275
                                                                                                                                                                                                                                0x0132b27a
                                                                                                                                                                                                                                0x0132b282
                                                                                                                                                                                                                                0x0132b286
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b286
                                                                                                                                                                                                                                0x0132b237
                                                                                                                                                                                                                                0x0132b22b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b308
                                                                                                                                                                                                                                0x0132b308
                                                                                                                                                                                                                                0x0132b30d
                                                                                                                                                                                                                                0x0132b30e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132b221
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,A1D783FF), ref: 0132B2B2
                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 0132B2DB
                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 0132B302
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0132B33D
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0132B355
                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?,apn_pip_local\,013A11F0), ref: 0132B375
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,A1D783FF), ref: 0132B3B9
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0132B3CA
                                                                                                                                                                                                                                • SetTimer.USER32 ref: 0132B4E3
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0132B567
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0132B579
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0132B597
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0132B5AB
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0132B5BF
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0132B5CE
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0132B5DA
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0132B5E9
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0132B5FE
                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000,013A39E8,00000001,00000000,00000001,00000000,00000000,HideEula,00000001,?,00000000,?,HideEula), ref: 0132B6D9
                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,000000D2,00000000), ref: 0132B732
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                  • Part of subcall function 0131D888: _strlen.LIBCMT ref: 0131D894
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 01311524: _memmove.LIBCMT ref: 01311544
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Item$H_prolog3__setlocale_wcslen$DirectoryFileMessageRemove_memset$AttributesCurrentDeleteExceptionLocalPostProcessRaiseSendShowTimeTimerWindow__cftoe_memmove_strlenswprintf
                                                                                                                                                                                                                                • String ID: Setting timer for: $Timeout value: $Cancel$Deleting file $HideEula$Hiding eula disclosure based on setting$OnInitDialog......0$Reboot command: $apn_pip_local\
                                                                                                                                                                                                                                • API String ID: 1504972802-815155889
                                                                                                                                                                                                                                • Opcode ID: 758a084f16f6379193bc1e301f7b45c7a386e23975e40a70d77c2560f4ee9722
                                                                                                                                                                                                                                • Instruction ID: 3e75837807885b170ae2f768ecd15deab68003c586b62236c0484eeadc98e8fe
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 758a084f16f6379193bc1e301f7b45c7a386e23975e40a70d77c2560f4ee9722
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5DE1F471A00315AFDB25FB6CCC85BEEBBA8FF11708F044158E559672D8CBB06948CB92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01353AD8, Relevance: 45.6, APIs: 18, Strings: 8, Instructions: 145networkCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                C-Code - Quality: 30%
                                                                                                                                                                                                                                			E01353AD8(void* __ecx, void* __edx) {
				signed int _v8;
				char _v412;
				intOrPtr _v416;
				char _v420;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t23;
				char* _t25;
				char* _t26;
				char* _t27;
				char* _t29;
				char* _t31;
				char* _t34;
				signed int _t40;
				char* _t49;
				char* _t52;
				char* _t55;
				void* _t65;
				intOrPtr* _t66;
				char** _t67;
				void* _t69;
				signed int _t70;
				void* _t71;

				_t65 = __edx;
				_t23 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t23 ^ _t70;
				_t25 =  &_v412;
				_t69 = __ecx;
				_v420 = 0x3e8;
				_v416 = 1;
				__imp__#115(0x1010, _t25); // executed
				_t74 = _t25;
				if(_t25 == 0) {
					__imp__#53("icmp"); // executed
					__eflags = _t25;
					if(_t25 != 0) {
						_t26 = _t25[8];
						__imp__#23(2, 3, _t26); // executed
						 *(__ecx + 0x2020) = _t26;
						__eflags = _t26;
						if(_t26 >= 0) {
							_t66 = __imp__#21;
							_t58 =  &_v420;
							_t27 =  *_t66(_t26, 0xffff, 0x1006,  &_v420, 4); // executed
							__eflags = _t27;
							if(_t27 < 0) {
								__imp__#111();
								_push(_t27);
								_push("failed to set recv timeout: %d\n");
								_t52 = E01377737() + 0x40;
								__eflags = _t52;
								_push(_t52);
								E01379EBB(0xffff, _t66, __ecx, _t52);
								_t71 = _t71 + 0xc;
							}
							_t29 =  *_t66( *((intOrPtr*)(_t69 + 0x2020)), 0xffff, 0x1005,  &_v420, 4); // executed
							__eflags = _t29;
							if(_t29 < 0) {
								__imp__#111();
								_push(_t29);
								_push("failed to set send timeout: %d\n");
								_t49 = E01377737() + 0x40;
								__eflags = _t49;
								_push(_t49);
								E01379EBB(0xffff, _t66, _t69, _t49);
								_t71 = _t71 + 0xc;
							}
							_t67 = _t69 + 0x2000;
							E01376F40(_t67, 0, 0x10);
							_t31 = 2;
							_t55 = "pipoffers.apnpartners.com";
							 *_t67 = _t31; // executed
							__imp__#52(_t55); // executed
							_t68 = _t31;
							__eflags = _t68;
							if(_t68 == 0) {
								__imp__#11(_t55);
								asm("sbb eax, eax");
								_t34 =  ~( &(_t31[1])) + 1;
								__eflags = _t34;
								 *(_t69 + 0x2004) = _t34;
								if(_t34 == 0) {
									 *((intOrPtr*)(_t69 + 0x2024)) = GetCurrentProcessId();
									do {
										_v416 = _v416 + 1;
										E01353D2C(_t69);
										E01353D9C(_t58, _t69);
										__eflags = _v416 - 1 - _v416;
									} while (_v416 - 1 < _v416);
									goto L17;
								} else {
									_t68 = L"Unknown host";
									_t40 = E0131B7E3(_t69 + 0x2028, __eflags, L"Unknown host", E01376D83(L"Unknown host")) | 0xffffffff;
								}
							} else {
								E013748D0(_t69,  *(_t68[0xc]), _t68[0xa]);
								__imp__#51( *(_t68[0xc]), 4, 2); // executed
								L17:
								_t40 = 0;
								__eflags = 0;
							}
						} else {
							_t68 = L"Socket failed";
							goto L2;
						}
					} else {
						_t68 = L"Cannot get icmp protocol";
						goto L2;
					}
				} else {
					_t68 = L"WSA Startup error";
					L2:
					_t40 = E0131B7E3(_t69 + 0x2028, _t74, _t68, E01376D83(_t68));
					__imp__#111();
				}
				return E013748C1(_t40, _t55, _v8 ^ _t70, _t65, _t68, _t69);
			}




























                                                                                                                                                                                                                                0x01353ad8
                                                                                                                                                                                                                                0x01353ae1
                                                                                                                                                                                                                                0x01353ae8
                                                                                                                                                                                                                                0x01353aee
                                                                                                                                                                                                                                0x01353afa
                                                                                                                                                                                                                                0x01353afc
                                                                                                                                                                                                                                0x01353b06
                                                                                                                                                                                                                                0x01353b10
                                                                                                                                                                                                                                0x01353b16
                                                                                                                                                                                                                                0x01353b18
                                                                                                                                                                                                                                0x01353b43
                                                                                                                                                                                                                                0x01353b49
                                                                                                                                                                                                                                0x01353b4b
                                                                                                                                                                                                                                0x01353b54
                                                                                                                                                                                                                                0x01353b5d
                                                                                                                                                                                                                                0x01353b63
                                                                                                                                                                                                                                0x01353b69
                                                                                                                                                                                                                                0x01353b6b
                                                                                                                                                                                                                                0x01353b74
                                                                                                                                                                                                                                0x01353b7c
                                                                                                                                                                                                                                0x01353b8f
                                                                                                                                                                                                                                0x01353b91
                                                                                                                                                                                                                                0x01353b93
                                                                                                                                                                                                                                0x01353b95
                                                                                                                                                                                                                                0x01353b9b
                                                                                                                                                                                                                                0x01353b9c
                                                                                                                                                                                                                                0x01353ba6
                                                                                                                                                                                                                                0x01353ba6
                                                                                                                                                                                                                                0x01353ba9
                                                                                                                                                                                                                                0x01353baa
                                                                                                                                                                                                                                0x01353baf
                                                                                                                                                                                                                                0x01353baf
                                                                                                                                                                                                                                0x01353bc7
                                                                                                                                                                                                                                0x01353bc9
                                                                                                                                                                                                                                0x01353bcb
                                                                                                                                                                                                                                0x01353bcd
                                                                                                                                                                                                                                0x01353bd3
                                                                                                                                                                                                                                0x01353bd4
                                                                                                                                                                                                                                0x01353bde
                                                                                                                                                                                                                                0x01353bde
                                                                                                                                                                                                                                0x01353be1
                                                                                                                                                                                                                                0x01353be2
                                                                                                                                                                                                                                0x01353be7
                                                                                                                                                                                                                                0x01353be7
                                                                                                                                                                                                                                0x01353bec
                                                                                                                                                                                                                                0x01353bf5
                                                                                                                                                                                                                                0x01353bff
                                                                                                                                                                                                                                0x01353c00
                                                                                                                                                                                                                                0x01353c06
                                                                                                                                                                                                                                0x01353c09
                                                                                                                                                                                                                                0x01353c0f
                                                                                                                                                                                                                                0x01353c11
                                                                                                                                                                                                                                0x01353c13
                                                                                                                                                                                                                                0x01353c40
                                                                                                                                                                                                                                0x01353c49
                                                                                                                                                                                                                                0x01353c4b
                                                                                                                                                                                                                                0x01353c4b
                                                                                                                                                                                                                                0x01353c4c
                                                                                                                                                                                                                                0x01353c52
                                                                                                                                                                                                                                0x01353c77
                                                                                                                                                                                                                                0x01353c7d
                                                                                                                                                                                                                                0x01353c7d
                                                                                                                                                                                                                                0x01353c83
                                                                                                                                                                                                                                0x01353c88
                                                                                                                                                                                                                                0x01353c94
                                                                                                                                                                                                                                0x01353c94
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01353c54
                                                                                                                                                                                                                                0x01353c54
                                                                                                                                                                                                                                0x01353c6d
                                                                                                                                                                                                                                0x01353c6d
                                                                                                                                                                                                                                0x01353c15
                                                                                                                                                                                                                                0x01353c26
                                                                                                                                                                                                                                0x01353c37
                                                                                                                                                                                                                                0x01353c9c
                                                                                                                                                                                                                                0x01353c9c
                                                                                                                                                                                                                                0x01353c9c
                                                                                                                                                                                                                                0x01353c9c
                                                                                                                                                                                                                                0x01353b6d
                                                                                                                                                                                                                                0x01353b6d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01353b6d
                                                                                                                                                                                                                                0x01353b4d
                                                                                                                                                                                                                                0x01353b4d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01353b4d
                                                                                                                                                                                                                                0x01353b1a
                                                                                                                                                                                                                                0x01353b1a
                                                                                                                                                                                                                                0x01353b1f
                                                                                                                                                                                                                                0x01353b2e
                                                                                                                                                                                                                                0x01353b33
                                                                                                                                                                                                                                0x01353b33
                                                                                                                                                                                                                                0x01353cac

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WSAStartup.WS2_32(00001010,?), ref: 01353B10
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01353B20
                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(Socket failed,00000000,?,?,00000000), ref: 01353B33
                                                                                                                                                                                                                                • getprotobyname.WS2_32(icmp), ref: 01353B43
                                                                                                                                                                                                                                • socket.WS2_32(00000002,00000003,?), ref: 01353B5D
                                                                                                                                                                                                                                • setsockopt.WS2_32(00000000,0000FFFF,00001006,000003E8,00000004), ref: 01353B8F
                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(?,?,00000000), ref: 01353B95
                                                                                                                                                                                                                                • _fprintf.LIBCMT ref: 01353BAA
                                                                                                                                                                                                                                • setsockopt.WS2_32(?,0000FFFF,00001005,000003E8,00000004), ref: 01353BC7
                                                                                                                                                                                                                                • WSAGetLastError.WS2_32(?,?,00000000), ref: 01353BCD
                                                                                                                                                                                                                                • _fprintf.LIBCMT ref: 01353BE2
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 01353BF5
                                                                                                                                                                                                                                • gethostbyname.WS2_32(pipoffers.apnpartners.com), ref: 01353C09
                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 01353C26
                                                                                                                                                                                                                                • gethostbyaddr.WS2_32(?,00000004,00000002), ref: 01353C37
                                                                                                                                                                                                                                • inet_addr.WS2_32(pipoffers.apnpartners.com), ref: 01353C40
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01353C5A
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,00000000), ref: 01353C72
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$_fprintf_wcslensetsockopt$CurrentProcessStartup_memmove_memsetgethostbyaddrgethostbynamegetprotobynameinet_addrsocket
                                                                                                                                                                                                                                • String ID: Cannot get icmp protocol$Socket failed$Unknown host$WSA Startup error$failed to set recv timeout: %d$failed to set send timeout: %d$icmp$pipoffers.apnpartners.com
                                                                                                                                                                                                                                • API String ID: 3142960008-4006271222
                                                                                                                                                                                                                                • Opcode ID: e2013071ca3db94fd7cf9819c5b115fe500d05323b526b4bb093098d16398514
                                                                                                                                                                                                                                • Instruction ID: af7fd0d6fd4319f4f0053b04f1798483fc5065fc310bc5e7dcc5255c3d1038a0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2013071ca3db94fd7cf9819c5b115fe500d05323b526b4bb093098d16398514
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C41E6B2A00206AFE7316B69DC89FBA77BCFF15B48F000119EA09D7181EA719904CB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134B822, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 83networkCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1162 134b822-134b844 call 137c242 InternetOpenW 1165 134b846-134b84c 1162->1165 1166 134b870-134b873 1162->1166 1167 134b911-134b916 call 137c2c5 1165->1167 1168 134b852-134b86b call 1319638 call 134ba76 1165->1168 1169 134b875-134b89c call 1376d83 call 131b7e3 call 1376d83 call 131b7e3 1166->1169 1170 134b8a1-134b8a5 1166->1170 1168->1167 1169->1170 1172 134b8a7-134b8aa 1170->1172 1173 134b8ac 1170->1173 1177 134b8af-134b8cb InternetConnectW 1172->1177 1173->1177 1177->1167 1180 134b8cd-134b8d3 1177->1180 1180->1167 1184 134b8d5-134b90c GetLastError call 135bfb1 call 131d888 call 134ba76 call 1311524 1180->1184 1184->1167
                                                                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                                                                			E0134B822(void* __ebx, WCHAR* __edi, void* __esi, void* __eflags) {
				void* _t17;
				void* _t19;
				void* _t23;
				void* _t27;
				void* _t29;
				WCHAR* _t35;
				void* _t45;
				void* _t49;
				void* _t50;
				void* _t56;

				_t48 = __esi;
				_t46 = __edi;
				_push(0x24);
				E0137C242(0x1391e7d, __ebx, __edi, __esi);
				_t17 = InternetOpenW(L"APNInstaller", 0, 0, 0, 0);
				 *(__esi + 0x1c) = _t17;
				if(_t17 != 0) {
					__eflags =  *(__esi + 0x60);
					if( *(__esi + 0x60) == 0) {
						_t27 = E01376D83(L"pipoffers.apnpartners.com");
						_t4 = _t48 + 0x50; // 0x13c2b68
						E0131B7E3(_t4, __eflags, L"pipoffers.apnpartners.com", _t27);
						_t46 = L"/PIP2.5/OfferAccept.jhtml";
						_t29 = E01376D83(L"/PIP2.5/OfferAccept.jhtml");
						_t5 = _t48 + 0x6c; // 0x13c2b84
						E0131B7E3(_t5, __eflags, L"/PIP2.5/OfferAccept.jhtml", _t29);
					}
					__eflags =  *((intOrPtr*)(_t48 + 0x64)) - 8;
					if( *((intOrPtr*)(_t48 + 0x64)) < 8) {
						_t8 = _t48 + 0x50; // 0x13c2b68
						_t35 = _t8;
					} else {
						_t7 = _t48 + 0x50; // 0x2ce0000
						_t35 =  *_t7;
					}
					_t9 = _t48 + 0x1c; // 0x0, executed
					_t19 = InternetConnectW( *_t9, _t35, 0x50, " ", " ", 3, 0, 0); // executed
					 *(_t48 + 0x20) = _t19;
					__eflags = _t19;
					if(_t19 == 0) {
						__eflags =  *0x13c2a33; // 0x0
						if(__eflags != 0) {
							_push(GetLastError());
							_push(_t49 - 0x2c);
							_t23 = E0135BFB1(0, _t46, _t48, __eflags);
							_t51 = _t50 - 0x14;
							 *((intOrPtr*)(_t49 - 0x30)) = _t50 - 0x14;
							 *((intOrPtr*)(_t49 - 4)) = 0;
							E0131D888(_t50 - 0x14, _t51, "Logger::Initialize()... InternetConnect() failed. Error code:", _t23);
							E0134BA76(0, _t48, _t45, _t46, _t48, __eflags);
							E01311524(_t49 - 0x2c, 1, 0);
						}
					}
				} else {
					_t56 =  *0x13c2a33; // 0x0
					if(_t56 != 0) {
						 *((intOrPtr*)(_t49 - 0x30)) = _t50 - 0x1c;
						E01319638(_t50 - 0x1c, "InternetOpen Failed");
						E0134BA76(0, __esi, _t45, __edi, __esi, _t56);
					}
				}
				return E0137C2C5(0, _t46, _t48);
			}













                                                                                                                                                                                                                                0x0134b822
                                                                                                                                                                                                                                0x0134b822
                                                                                                                                                                                                                                0x0134b822
                                                                                                                                                                                                                                0x0134b829
                                                                                                                                                                                                                                0x0134b839
                                                                                                                                                                                                                                0x0134b83f
                                                                                                                                                                                                                                0x0134b844
                                                                                                                                                                                                                                0x0134b870
                                                                                                                                                                                                                                0x0134b873
                                                                                                                                                                                                                                0x0134b87b
                                                                                                                                                                                                                                0x0134b882
                                                                                                                                                                                                                                0x0134b886
                                                                                                                                                                                                                                0x0134b88b
                                                                                                                                                                                                                                0x0134b891
                                                                                                                                                                                                                                0x0134b899
                                                                                                                                                                                                                                0x0134b89c
                                                                                                                                                                                                                                0x0134b89c
                                                                                                                                                                                                                                0x0134b8a1
                                                                                                                                                                                                                                0x0134b8a5
                                                                                                                                                                                                                                0x0134b8ac
                                                                                                                                                                                                                                0x0134b8ac
                                                                                                                                                                                                                                0x0134b8a7
                                                                                                                                                                                                                                0x0134b8a7
                                                                                                                                                                                                                                0x0134b8a7
                                                                                                                                                                                                                                0x0134b8a7
                                                                                                                                                                                                                                0x0134b8bd
                                                                                                                                                                                                                                0x0134b8c0
                                                                                                                                                                                                                                0x0134b8c6
                                                                                                                                                                                                                                0x0134b8c9
                                                                                                                                                                                                                                0x0134b8cb
                                                                                                                                                                                                                                0x0134b8cd
                                                                                                                                                                                                                                0x0134b8d3
                                                                                                                                                                                                                                0x0134b8db
                                                                                                                                                                                                                                0x0134b8df
                                                                                                                                                                                                                                0x0134b8e0
                                                                                                                                                                                                                                0x0134b8e5
                                                                                                                                                                                                                                0x0134b8ea
                                                                                                                                                                                                                                0x0134b8f4
                                                                                                                                                                                                                                0x0134b8f7
                                                                                                                                                                                                                                0x0134b901
                                                                                                                                                                                                                                0x0134b90c
                                                                                                                                                                                                                                0x0134b90c
                                                                                                                                                                                                                                0x0134b8d3
                                                                                                                                                                                                                                0x0134b846
                                                                                                                                                                                                                                0x0134b846
                                                                                                                                                                                                                                0x0134b84c
                                                                                                                                                                                                                                0x0134b857
                                                                                                                                                                                                                                0x0134b85f
                                                                                                                                                                                                                                0x0134b866
                                                                                                                                                                                                                                0x0134b866
                                                                                                                                                                                                                                0x0134b84c
                                                                                                                                                                                                                                0x0134b916

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0134B829
                                                                                                                                                                                                                                • InternetOpenW.WININET(APNInstaller,00000000,00000000,00000000,00000000), ref: 0134B839
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0134B87B
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0134B891
                                                                                                                                                                                                                                • InternetConnectW.WININET(00000000,013C2B68,00000050,013A12A4,013A12A4,00000003,00000000,00000000), ref: 0134B8C0
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0134B8D5
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_Internet_wcslen$ConnectCurrentErrorLastLocalOpenProcessTime_memset_strlenswprintf
                                                                                                                                                                                                                                • String ID: /PIP2.5/OfferAccept.jhtml$APNInstaller$InternetOpen Failed$Logger::Initialize()... InternetConnect() failed. Error code:$pipoffers.apnpartners.com
                                                                                                                                                                                                                                • API String ID: 2976682571-1714214441
                                                                                                                                                                                                                                • Opcode ID: 47a755952a1a5ba9a025475d6268b97230bbc3741ee2e99acc22b0e3347ed703
                                                                                                                                                                                                                                • Instruction ID: f740bfd4dee67a6afb98c1ddf480f6210aaa77cf9a9460afca8fed6411db1f37
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47a755952a1a5ba9a025475d6268b97230bbc3741ee2e99acc22b0e3347ed703
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B21C1F1900605AFFB24BBB8DCC6D7FBAACEB5460CF44051DE54282249DA60ED048B61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131D656, Relevance: 18.1, APIs: 12, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1473 131d656-131d67a call 131800e FindResourceW 1476 131d680-131d699 FindResourceW 1473->1476 1477 131d713-131d719 1473->1477 1478 131d6a2-131d6ae LoadResource 1476->1478 1479 131d69b-131d6a0 LoadResource LockResource 1476->1479 1480 131d6b0-131d6b7 LockResource 1478->1480 1481 131d6fb-131d701 GetLastError 1478->1481 1479->1478 1480->1481 1482 131d6b9-131d6d7 call 1314c30 DialogBoxIndirectParamW 1480->1482 1483 131d704-131d708 1481->1483 1487 131d6d9-131d6dc 1482->1487 1488 131d6de-131d6e4 GetLastError 1482->1488 1483->1477 1485 131d70a-131d70d SetLastError 1483->1485 1485->1477 1487->1488 1489 131d6e7-131d6e9 1487->1489 1488->1489 1489->1483 1490 131d6eb-131d6f9 GlobalHandle GlobalFree 1489->1490 1490->1483
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E0131D656(struct HINSTANCE__* __ebx, WCHAR* _a4, struct HWND__* _a8) {
				long _v8;
				signed int _v12;
				struct HRSRC__* _v16;
				struct HRSRC__* _t17;
				struct HRSRC__* _t19;
				void* _t20;
				int _t24;
				struct HINSTANCE__* _t30;
				void* _t32;
				void* _t35;

				_t30 = __ebx;
				E0131800E();
				_v12 = _v12 | 0xffffffff;
				_t17 = FindResourceW(__ebx, _a4, 5);
				_v16 = _t17;
				if(_t17 == 0) {
					L13:
					return _v12;
				}
				_t19 = FindResourceW(__ebx, _a4, 0xf0);
				if(_t19 != 0) {
					LockResource(LoadResource(__ebx, _t19));
				}
				_v8 = _v8 & 0x00000000;
				_t20 = LoadResource(_t30, _v16);
				if(_t20 == 0) {
					L10:
					_v8 = GetLastError();
					L11:
					if(_v8 != 0) {
						SetLastError(_v8);
					}
					goto L13;
				}
				_t35 = LockResource(_t20);
				_t39 = _t35;
				if(_t35 == 0) {
					goto L10;
				}
				_t32 = E01314C30(_t22, _t39);
				_t24 = DialogBoxIndirectParamW(_t30, _t32, _a8, E0131D061, 0); // executed
				_v12 = _t24;
				if(_t24 == 0 || _t24 == 0xffffffff) {
					_v8 = GetLastError();
				}
				if(_t32 != _t35) {
					GlobalFree(GlobalHandle(_t32));
				}
				goto L11;
			}













                                                                                                                                                                                                                                0x0131d656
                                                                                                                                                                                                                                0x0131d65e
                                                                                                                                                                                                                                0x0131d669
                                                                                                                                                                                                                                0x0131d673
                                                                                                                                                                                                                                0x0131d675
                                                                                                                                                                                                                                0x0131d67a
                                                                                                                                                                                                                                0x0131d713
                                                                                                                                                                                                                                0x0131d719
                                                                                                                                                                                                                                0x0131d719
                                                                                                                                                                                                                                0x0131d689
                                                                                                                                                                                                                                0x0131d699
                                                                                                                                                                                                                                0x0131d6a0
                                                                                                                                                                                                                                0x0131d6a0
                                                                                                                                                                                                                                0x0131d6a5
                                                                                                                                                                                                                                0x0131d6aa
                                                                                                                                                                                                                                0x0131d6ae
                                                                                                                                                                                                                                0x0131d6fb
                                                                                                                                                                                                                                0x0131d701
                                                                                                                                                                                                                                0x0131d704
                                                                                                                                                                                                                                0x0131d708
                                                                                                                                                                                                                                0x0131d70d
                                                                                                                                                                                                                                0x0131d70d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131d708
                                                                                                                                                                                                                                0x0131d6b3
                                                                                                                                                                                                                                0x0131d6b5
                                                                                                                                                                                                                                0x0131d6b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131d6c8
                                                                                                                                                                                                                                0x0131d6cc
                                                                                                                                                                                                                                0x0131d6d2
                                                                                                                                                                                                                                0x0131d6d7
                                                                                                                                                                                                                                0x0131d6e4
                                                                                                                                                                                                                                0x0131d6e4
                                                                                                                                                                                                                                0x0131d6e9
                                                                                                                                                                                                                                0x0131d6f3
                                                                                                                                                                                                                                0x0131d6f3
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: EnterCriticalSection.KERNEL32(013C1788,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 0131801F
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: RegisterWindowMessageW.USER32(WM_ATLGETHOST,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 01318030
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: RegisterWindowMessageW.USER32(WM_ATLGETCONTROL,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 0131803C
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: GetClassInfoExW.USER32 ref: 0131805B
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: LoadCursorW.USER32 ref: 01318096
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: RegisterClassExW.USER32 ref: 013180B9
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: _memset.LIBCMT ref: 013180E7
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: GetClassInfoExW.USER32 ref: 01318104
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: LoadCursorW.USER32 ref: 01318145
                                                                                                                                                                                                                                  • Part of subcall function 0131800E: RegisterClassExW.USER32 ref: 01318168
                                                                                                                                                                                                                                • FindResourceW.KERNEL32(?,000000FF,00000005), ref: 0131D673
                                                                                                                                                                                                                                • FindResourceW.KERNEL32(?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D689
                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D69D
                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,00000000,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D6A0
                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,?,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D6AA
                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,?,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D6B1
                                                                                                                                                                                                                                • DialogBoxIndirectParamW.USER32 ref: 0131D6CC
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,Function_0000D061,00000000,?,?,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D6DE
                                                                                                                                                                                                                                • GlobalHandle.KERNEL32(00000000), ref: 0131D6EC
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 0131D6F3
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D6FB
                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,000000FF,000000F0,?,000000FF,00000005), ref: 0131D70D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Resource$ClassLoadRegister$ErrorLast$CursorFindGlobalInfoLockMessageWindow$CriticalDialogEnterFreeHandleIndirectParamSection_memset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3062633338-0
                                                                                                                                                                                                                                • Opcode ID: fa6dfc11b78fb1c3d55e30618c929589f15bc0504bb91b4d138fcf22f9917e1d
                                                                                                                                                                                                                                • Instruction ID: 3c4df2c11bf031bc2b3722f873205fc17cf306750de976b9b72c86200631d07c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa6dfc11b78fb1c3d55e30618c929589f15bc0504bb91b4d138fcf22f9917e1d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C218C71900219BBDF256FB99C8CAAE7F7CAB46724F005551E945B3189DB35CA408BA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131CFC4, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                			E0131CFC4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t17;
				intOrPtr _t18;
				void* _t23;
				intOrPtr _t43;
				void* _t44;

				_push(0x14);
				E0137C1D9(0x13904ae, __ebx, __edi, __esi);
				E01363841(_t44 - 0x14, 0);
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				_t43 =  *0x13c2f70; // 0x2ce1ac0
				 *((intOrPtr*)(_t44 - 0x10)) = _t43;
				_t17 = E01314493(0x13c1840);
				_t32 =  *((intOrPtr*)(_t44 + 8));
				_t18 = E01314564( *((intOrPtr*)(_t44 + 8)), _t17);
				_t41 = _t18;
				if(_t18 == 0) {
					if(_t43 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10); // executed
						_t23 = E013146AC(__ebx, _t32, __edx, _t41, _t43, __eflags); // executed
						__eflags = _t23 - 0xffffffff;
						if(_t23 == 0xffffffff) {
							E01374D20(_t44 - 0x20, "bad cast");
							E0137BD1E(_t44 - 0x20, 0x13b04e8);
						}
						_t41 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x13c2f70 =  *((intOrPtr*)(_t44 - 0x10));
						E013144C8(_t41);
						E0136355C(_t41, _t41);
					} else {
						_t41 = _t43;
					}
				}
				 *(_t44 - 4) =  *(_t44 - 4) | 0xffffffff;
				E01363869(_t44 - 0x14);
				return E0137C2B1(_t41);
			}








                                                                                                                                                                                                                                0x0131cfc4
                                                                                                                                                                                                                                0x0131cfcb
                                                                                                                                                                                                                                0x0131cfd5
                                                                                                                                                                                                                                0x0131cfda
                                                                                                                                                                                                                                0x0131cfde
                                                                                                                                                                                                                                0x0131cfe9
                                                                                                                                                                                                                                0x0131cfec
                                                                                                                                                                                                                                0x0131cff1
                                                                                                                                                                                                                                0x0131cff5
                                                                                                                                                                                                                                0x0131cffa
                                                                                                                                                                                                                                0x0131cffe
                                                                                                                                                                                                                                0x0131d002
                                                                                                                                                                                                                                0x0131d008
                                                                                                                                                                                                                                0x0131d00e
                                                                                                                                                                                                                                0x0131d00f
                                                                                                                                                                                                                                0x0131d016
                                                                                                                                                                                                                                0x0131d019
                                                                                                                                                                                                                                0x0131d023
                                                                                                                                                                                                                                0x0131d031
                                                                                                                                                                                                                                0x0131d031
                                                                                                                                                                                                                                0x0131d036
                                                                                                                                                                                                                                0x0131d03b
                                                                                                                                                                                                                                0x0131d041
                                                                                                                                                                                                                                0x0131d047
                                                                                                                                                                                                                                0x0131d004
                                                                                                                                                                                                                                0x0131d004
                                                                                                                                                                                                                                0x0131d004
                                                                                                                                                                                                                                0x0131d002
                                                                                                                                                                                                                                0x0131d04d
                                                                                                                                                                                                                                0x0131d054
                                                                                                                                                                                                                                0x0131d060

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0131CFCB
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0131CFD5
                                                                                                                                                                                                                                • int.LIBCPMT ref: 0131CFEC
                                                                                                                                                                                                                                  • Part of subcall function 01314493: std::_Lockit::_Lockit.LIBCPMT ref: 013144A4
                                                                                                                                                                                                                                • ctype.LIBCPMT ref: 0131D00F
                                                                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 0131D023
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 0131D031
                                                                                                                                                                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 0131D041
                                                                                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0131D047
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowctypestd::bad_exception::bad_exception
                                                                                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                                                                                • API String ID: 3349589501-3145022300
                                                                                                                                                                                                                                • Opcode ID: 203c6900995832ed8746b085064d1098e192dba4a9f185a79d71cd31d4b62e11
                                                                                                                                                                                                                                • Instruction ID: f913f21ed0e3f956b27da48f3092aaf8875a7cebffdb6338fe948e8fb05aec0c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 203c6900995832ed8746b085064d1098e192dba4a9f185a79d71cd31d4b62e11
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F001843194021BDBCF19EBA8D8509EE7739BF65768F140518D110771D8DF389906DB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013567DC, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 99registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                			E013567DC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t25;
				intOrPtr _t27;
				void* _t29;
				short* _t32;
				void* _t37;
				char _t45;
				void* _t60;
				void* _t66;
				void* _t67;
				intOrPtr _t68;
				intOrPtr _t69;
				void* _t72;
				void* _t73;

				_t72 = __eflags;
				_t60 = __edx;
				_push(0x48);
				E0137C242(0x1392a07, __ebx, __edi, __esi);
				_t45 = 0;
				E0131A995(0x13c2d70, 0x13befd4, 0, 0xffffffff);
				_t64 = L"Software\\APN PIP\\ipc";
				E01319B30(_t66 - 0x2c, L"Software\\APN PIP\\ipc");
				 *((intOrPtr*)(_t66 - 4)) = 0;
				_t25 = E01376D83(_t64);
				_t65 = 0x13c2dc4;
				_t51 = 0x13c2dc4;
				E0131B7E3(0x13c2dc4, _t72, _t64, _t25);
				_t73 =  *0x13befe4 - _t45; // 0x0
				if(_t73 == 0) {
					L3:
					_t27 =  *((intOrPtr*)(_t66 - 0x2c));
					if( *((intOrPtr*)(_t66 - 0x18)) < 8) {
						_t27 = _t66 - 0x2c;
					}
					_t29 = E013123FB(0x13c2db0, _t51, 0x80000001, _t27); // executed
					if(_t29 == 0) {
						_t32 =  *0x13bed98; // 0x13a0458
						_t65 = 0;
						while(_t32 != _t45) {
							RegDeleteValueW( *0x13c2db0, _t32); // executed
							_t32 =  *(0x13bed9c + _t65 * 4);
							_t65 = _t65 + 1;
							__eflags = _t65;
						}
					}
				} else {
					_push(0);
					_t68 = _t67 - 0x1c;
					 *((intOrPtr*)(_t66 - 0x54)) = _t68;
					E01319B08(_t68, 0x13befd4);
					_t69 = _t68 - 0x1c;
					 *((char*)(_t66 - 4)) = 1;
					 *((intOrPtr*)(_t66 - 0x50)) = _t69;
					E01319B30(_t69, L"{partnerid}");
					_t70 = _t69 - 0x1c;
					 *((intOrPtr*)(_t66 - 0x4c)) = _t69 - 0x1c;
					 *((char*)(_t66 - 4)) = 2;
					E01319B30(_t70, L"Software\\APN PIP\\{partnerid}");
					 *((char*)(_t66 - 4)) = 0;
					_t37 = E0135C1E5(0, _t66 - 0x48, _t60, 0x13befd4, 0x13c2dc4, _t73);
					 *((char*)(_t66 - 4)) = 3;
					E0131A941(_t66 - 0x2c, _t37);
					 *((char*)(_t66 - 4)) = 0;
					E0131AA87(_t66 - 0x48, 1, 0);
					_t74 =  *((intOrPtr*)(_t66 - 0x1c));
					if( *((intOrPtr*)(_t66 - 0x1c)) != 0) {
						_t46 = "\\";
						E0131B74B(E01376D83("\\"), 0x13c2dc4, _t74, _t46);
						_t51 = 0x13c2dc4;
						E0131B6A8(0x13c2dc4, 0x13befd4, 0, 0xffffffff);
						_t65 = 0x13c2db0;
						E013123E4(0x13c2db0);
						_t45 = 0;
						goto L3;
					}
				}
				E0131AA87(_t66 - 0x2c, 1, _t45);
				return E0137C2C5(_t45, 0x13befd4, _t65);
			}
















                                                                                                                                                                                                                                0x013567dc
                                                                                                                                                                                                                                0x013567dc
                                                                                                                                                                                                                                0x013567dc
                                                                                                                                                                                                                                0x013567e3
                                                                                                                                                                                                                                0x013567ea
                                                                                                                                                                                                                                0x013567f8
                                                                                                                                                                                                                                0x013567fd
                                                                                                                                                                                                                                0x01356806
                                                                                                                                                                                                                                0x0135680c
                                                                                                                                                                                                                                0x0135680f
                                                                                                                                                                                                                                0x01356817
                                                                                                                                                                                                                                0x0135681c
                                                                                                                                                                                                                                0x0135681e
                                                                                                                                                                                                                                0x01356823
                                                                                                                                                                                                                                0x01356829
                                                                                                                                                                                                                                0x013568c4
                                                                                                                                                                                                                                0x013568c8
                                                                                                                                                                                                                                0x013568cb
                                                                                                                                                                                                                                0x013568cd
                                                                                                                                                                                                                                0x013568cd
                                                                                                                                                                                                                                0x013568db
                                                                                                                                                                                                                                0x013568e2
                                                                                                                                                                                                                                0x013568e4
                                                                                                                                                                                                                                0x013568e9
                                                                                                                                                                                                                                0x01356902
                                                                                                                                                                                                                                0x013568f4
                                                                                                                                                                                                                                0x013568fa
                                                                                                                                                                                                                                0x01356901
                                                                                                                                                                                                                                0x01356901
                                                                                                                                                                                                                                0x01356901
                                                                                                                                                                                                                                0x01356902
                                                                                                                                                                                                                                0x0135682f
                                                                                                                                                                                                                                0x0135682f
                                                                                                                                                                                                                                0x01356830
                                                                                                                                                                                                                                0x01356835
                                                                                                                                                                                                                                0x01356839
                                                                                                                                                                                                                                0x0135683e
                                                                                                                                                                                                                                0x01356841
                                                                                                                                                                                                                                0x01356847
                                                                                                                                                                                                                                0x0135684f
                                                                                                                                                                                                                                0x01356854
                                                                                                                                                                                                                                0x01356859
                                                                                                                                                                                                                                0x01356861
                                                                                                                                                                                                                                0x01356865
                                                                                                                                                                                                                                0x0135686d
                                                                                                                                                                                                                                0x01356870
                                                                                                                                                                                                                                0x0135687c
                                                                                                                                                                                                                                0x01356880
                                                                                                                                                                                                                                0x0135688b
                                                                                                                                                                                                                                0x0135688e
                                                                                                                                                                                                                                0x01356893
                                                                                                                                                                                                                                0x01356896
                                                                                                                                                                                                                                0x01356898
                                                                                                                                                                                                                                0x013568a7
                                                                                                                                                                                                                                0x013568b1
                                                                                                                                                                                                                                0x013568b3
                                                                                                                                                                                                                                0x013568b8
                                                                                                                                                                                                                                0x013568bd
                                                                                                                                                                                                                                0x013568c2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013568c2
                                                                                                                                                                                                                                0x01356896
                                                                                                                                                                                                                                0x0135690c
                                                                                                                                                                                                                                0x01356916

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 013567E3
                                                                                                                                                                                                                                  • Part of subcall function 0131A995: std::_Xinvalid_argument.LIBCPMT ref: 0131A9AF
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0135680F
                                                                                                                                                                                                                                  • Part of subcall function 0135C1E5: __EH_prolog3.LIBCMT ref: 0135C1EC
                                                                                                                                                                                                                                  • Part of subcall function 0131A941: _memmove.LIBCMT ref: 0131A968
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0135689E
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: std::_Xinvalid_argument.LIBCPMT ref: 0131B6BF
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: std::_Xinvalid_argument.LIBCPMT ref: 0131B6E1
                                                                                                                                                                                                                                  • Part of subcall function 0131B6A8: _memmove.LIBCMT ref: 0131B725
                                                                                                                                                                                                                                  • Part of subcall function 013123E4: RegCloseKey.ADVAPI32(?,01312490,?,?,013137C7,00000002,00000000), ref: 013123ED
                                                                                                                                                                                                                                • RegDeleteValueW.KERNEL32(013A0458,80000001,013185A7,Software\APN PIP\ipc,00000000,Software\APN PIP\ipc,013BEFD4,00000000,000000FF,00000048,013185A7,00000001,00000000,00000000), ref: 013568F4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Xinvalid_argument_memmove_wcslenstd::_$CloseDeleteH_prolog3H_prolog3_Value
                                                                                                                                                                                                                                • String ID: Software\APN PIP\ipc$Software\APN PIP\{partnerid}${partnerid}
                                                                                                                                                                                                                                • API String ID: 802844828-1530214970
                                                                                                                                                                                                                                • Opcode ID: 59469756b5a725ae0f1b140232b8669db9caffb48ffddca3ec875753998a90cc
                                                                                                                                                                                                                                • Instruction ID: c56eb913599097548c1c6f675b8004df86ede7a5697022006857ce1db2edaf71
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59469756b5a725ae0f1b140232b8669db9caffb48ffddca3ec875753998a90cc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7431F7B1D00156ABDB18FBFC8C91EEEBA78EF2571CF94402CE51167289DE645E088762
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135BE26, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                C-Code - Quality: 66%
                                                                                                                                                                                                                                			E0135BE26(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr _t33;
				void* _t40;
				void* _t52;
				intOrPtr* _t56;
				void* _t59;
				void* _t62;

				_t62 = __eflags;
				_t39 = __ebx;
				_push(0x2c);
				E0137C242(0x1391c8d, __ebx, __edi, __esi);
				_push(0);
				_push(0);
				 *((intOrPtr*)(_t59 - 0x30)) =  *((intOrPtr*)(_t59 + 8));
				_t56 = __ecx;
				 *((intOrPtr*)(_t59 - 0x34)) = 0;
				E01319638(_t59 - 0x2c, E0137BA0A(__ebx, _t52, 0, __ecx, _t62));
				_push("chs");
				_push(0);
				 *((intOrPtr*)(_t59 - 4)) = 0;
				E0137BA0A(_t39, _t52, 0, _t56, _t62); // executed
				_t63 =  *((intOrPtr*)(_t56 + 0x14)) - 8;
				if( *((intOrPtr*)(_t56 + 0x14)) < 8) {
					 *((intOrPtr*)(_t59 - 0x38)) = _t56;
				} else {
					 *((intOrPtr*)(_t59 - 0x38)) =  *_t56;
				}
				_t58 =  *((intOrPtr*)(_t56 + 0x10)) +  *((intOrPtr*)(_t56 + 0x10)) + 1;
				_push( *((intOrPtr*)(_t56 + 0x10)) +  *((intOrPtr*)(_t56 + 0x10)) + 1); // executed
				_t27 = E013638C3(0, _t58, _t63); // executed
				_t40 = _t27;
				E01376F40(_t40, 0, _t58);
				 *((intOrPtr*)(_t59 - 0x34)) = 0;
				E0137ABD7(_t59 - 0x34, _t40, _t58,  *((intOrPtr*)(_t59 - 0x38)), _t58);
				E01319638( *((intOrPtr*)(_t59 - 0x30)), _t40);
				_push(_t40); // executed
				E0137534A(); // executed
				_t64 =  *((intOrPtr*)(_t59 - 0x18)) - 0x10;
				_t33 =  *((intOrPtr*)(_t59 - 0x2c));
				if( *((intOrPtr*)(_t59 - 0x18)) < 0x10) {
					_t33 = _t59 - 0x2c;
				}
				_push(_t33);
				_push(0);
				E0137BA0A(_t40, _t52, 0, _t58, _t64);
				E01311524(_t59 - 0x2c, 1, 0);
				return E0137C2C5(_t40, 0, _t58);
			}










                                                                                                                                                                                                                                0x0135be26
                                                                                                                                                                                                                                0x0135be26
                                                                                                                                                                                                                                0x0135be26
                                                                                                                                                                                                                                0x0135be2d
                                                                                                                                                                                                                                0x0135be37
                                                                                                                                                                                                                                0x0135be38
                                                                                                                                                                                                                                0x0135be39
                                                                                                                                                                                                                                0x0135be3c
                                                                                                                                                                                                                                0x0135be3e
                                                                                                                                                                                                                                0x0135be4c
                                                                                                                                                                                                                                0x0135be51
                                                                                                                                                                                                                                0x0135be56
                                                                                                                                                                                                                                0x0135be57
                                                                                                                                                                                                                                0x0135be5a
                                                                                                                                                                                                                                0x0135be5f
                                                                                                                                                                                                                                0x0135be65
                                                                                                                                                                                                                                0x0135be6e
                                                                                                                                                                                                                                0x0135be67
                                                                                                                                                                                                                                0x0135be69
                                                                                                                                                                                                                                0x0135be69
                                                                                                                                                                                                                                0x0135be74
                                                                                                                                                                                                                                0x0135be78
                                                                                                                                                                                                                                0x0135be79
                                                                                                                                                                                                                                0x0135be7f
                                                                                                                                                                                                                                0x0135be83
                                                                                                                                                                                                                                0x0135be92
                                                                                                                                                                                                                                0x0135be95
                                                                                                                                                                                                                                0x0135bea1
                                                                                                                                                                                                                                0x0135bea6
                                                                                                                                                                                                                                0x0135bea7
                                                                                                                                                                                                                                0x0135beac
                                                                                                                                                                                                                                0x0135beb0
                                                                                                                                                                                                                                0x0135beb4
                                                                                                                                                                                                                                0x0135beb6
                                                                                                                                                                                                                                0x0135beb6
                                                                                                                                                                                                                                0x0135beb9
                                                                                                                                                                                                                                0x0135beba
                                                                                                                                                                                                                                0x0135bebb
                                                                                                                                                                                                                                0x0135bec8
                                                                                                                                                                                                                                0x0135bed5

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                • _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                • _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __getptd.LIBCMT ref: 0137BA37
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __calloc_crt.LIBCMT ref: 0137BA57
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __lock.LIBCMT ref: 0137BA6D
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __copytlocinfo_nolock.LIBCMT ref: 0137BA7B
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __setlocale_nolock.LIBCMT ref: 0137BA91
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __lock.LIBCMT ref: 0137BAC3
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __updatetlocinfoEx_nolock.LIBCMT ref: 0137BAD5
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: ___removelocaleref.LIBCMT ref: 0137BADB
                                                                                                                                                                                                                                  • Part of subcall function 0137BA0A: __updatetlocinfoEx_nolock.LIBCMT ref: 0137BAF9
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                • __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                • _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _setlocale$Ex_nolock__lock__updatetlocinfo$H_prolog3____removelocaleref__calloc_crt__cftoe__copytlocinfo_nolock__getptd__setlocale_nolock_memset_strlen
                                                                                                                                                                                                                                • String ID: chs
                                                                                                                                                                                                                                • API String ID: 622581282-3522719042
                                                                                                                                                                                                                                • Opcode ID: c992e915f16bdd4955430d5950577f0e7708875384e913206b1a58c4954ab8e4
                                                                                                                                                                                                                                • Instruction ID: b118e5bb2c998afc1fb4d4520c6609fb50207475df173f9236055ced4ec6190d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c992e915f16bdd4955430d5950577f0e7708875384e913206b1a58c4954ab8e4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A114F7180120AEFDB24EBA9EC80CEEFBBDEF58629F10041AF505A7144DA74A944CB65
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01345D86, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1595 1345d86-1345da1 GetWindowLongW 1596 1345da3-1345da8 SetWindowLongW 1595->1596 1597 1345dae-1345dc9 call 1320dec 1595->1597 1596->1597 1599 1345dce-1345dd8 IsWindow 1597->1599 1600 1345e05-1345e0a 1599->1600 1601 1345dda-1345dde 1599->1601 1602 1345e0c-1345e10 1600->1602 1603 1345e38-1345e3b 1600->1603 1601->1600 1604 1345de0-1345e00 SendMessageW call 1345ced 1601->1604 1602->1603 1605 1345e12-1345e2b ImageList_GetIconSize 1602->1605 1604->1600 1605->1603 1607 1345e2d-1345e33 call 1329254 1605->1607 1607->1603
                                                                                                                                                                                                                                C-Code - Quality: 90%
                                                                                                                                                                                                                                			E01345D86(void* __ebx, void* __ecx) {
				int _v8;
				int _v12;
				void* __esi;
				signed int _t17;
				void* _t21;
				void* _t26;
				long _t29;
				struct HWND__** _t40;
				struct HWND__** _t43;
				intOrPtr* _t45;

				_t26 = __ebx;
				_push(__ecx);
				_push(__ecx);
				_t43 = __ebx + 4;
				_t17 = GetWindowLongW( *_t43, 0xfffffff0);
				_t29 = _t17 | 0x0000000b;
				if(_t17 != _t29) {
					SetWindowLongW( *_t43, 0xfffffff0, _t29);
				}
				_t30 =  *_t43;
				 *_t45 = 0;
				_t40 = _t26 + 0x3c;
				 *_t45 = 0; // executed
				E01320DEC(_t40, L"tooltips_class32",  *_t43, _t30, 0, 0, 0, _t30); // executed
				if(IsWindow( *_t40) != 0 &&  *((intOrPtr*)(_t26 + 0x40)) != 0) {
					SendMessageW( *_t40, 0x401, 1, 0);
					 *_t45 =  *((intOrPtr*)(_t26 + 0x40));
					E01345CED(_t26,  *_t43, _t40, _t30, 0, 0);
				}
				_t21 =  *(_t26 + 0x28);
				if(_t21 != 0 && ( *(_t26 + 0x24) & 0x00000008) != 0) {
					_v12 = _v12 & 0x00000000;
					_v8 = _v8 & 0x00000000;
					_t21 = ImageList_GetIconSize(_t21,  &_v12,  &_v8);
					if(_t21 != 0) {
						_t21 = E01329254(_v8, _v12, _t43);
					}
				}
				return _t21;
			}













                                                                                                                                                                                                                                0x01345d86
                                                                                                                                                                                                                                0x01345d89
                                                                                                                                                                                                                                0x01345d8a
                                                                                                                                                                                                                                0x01345d8f
                                                                                                                                                                                                                                0x01345d94
                                                                                                                                                                                                                                0x01345d9c
                                                                                                                                                                                                                                0x01345da1
                                                                                                                                                                                                                                0x01345da8
                                                                                                                                                                                                                                0x01345da8
                                                                                                                                                                                                                                0x01345dae
                                                                                                                                                                                                                                0x01345db9
                                                                                                                                                                                                                                0x01345dc3
                                                                                                                                                                                                                                0x01345dc7
                                                                                                                                                                                                                                0x01345dc9
                                                                                                                                                                                                                                0x01345dd8
                                                                                                                                                                                                                                0x01345deb
                                                                                                                                                                                                                                0x01345dfb
                                                                                                                                                                                                                                0x01345e00
                                                                                                                                                                                                                                0x01345e00
                                                                                                                                                                                                                                0x01345e05
                                                                                                                                                                                                                                0x01345e0a
                                                                                                                                                                                                                                0x01345e12
                                                                                                                                                                                                                                0x01345e16
                                                                                                                                                                                                                                0x01345e23
                                                                                                                                                                                                                                0x01345e2b
                                                                                                                                                                                                                                0x01345e33
                                                                                                                                                                                                                                0x01345e33
                                                                                                                                                                                                                                0x01345e2b
                                                                                                                                                                                                                                0x01345e3b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 01345D94
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 01345DA8
                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 01345DD0
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000001,00000000), ref: 01345DEB
                                                                                                                                                                                                                                • ImageList_GetIconSize.COMCTL32(?,00000000,00000000), ref: 01345E23
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Long$IconImageList_MessageSendSize
                                                                                                                                                                                                                                • String ID: tooltips_class32
                                                                                                                                                                                                                                • API String ID: 1981972318-1918224756
                                                                                                                                                                                                                                • Opcode ID: 3bc579bc5c952096300d9dea906d673ffdd570f310089379b0e092973ba69ce2
                                                                                                                                                                                                                                • Instruction ID: 6215346ce5e6689301d0578166215cd54f60497b0114f53faa0421dc8a113128
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3bc579bc5c952096300d9dea906d673ffdd570f310089379b0e092973ba69ce2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15216FB1610200BFEB299F58CC89FAA7BFDEF49714F10425CFA05A6294DB71AD45CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01362D08, Relevance: 10.6, APIs: 7, Instructions: 58memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1609 1362d08 1611 1362c75-1362c7c call 1362bea 1609->1611 1612 1362c7e-1362c86 1609->1612 1611->1612 1616 1362cc3-1362cc5 1611->1616 1614 1362c9f-1362caa InterlockedPopEntrySList 1612->1614 1615 1362c88-1362c9b GetProcessHeap HeapAlloc 1612->1615 1618 1362d05-1362d07 1614->1618 1619 1362cac-1362cc1 VirtualAlloc 1614->1619 1615->1616 1617 1362c9d 1615->1617 1616->1618 1617->1618 1619->1616 1621 1362cc7-1362cd5 InterlockedPopEntrySList 1619->1621 1622 1362cd7-1362ce7 VirtualFree 1621->1622 1623 1362ce9 1621->1623 1622->1618 1624 1362cef-1362d01 InterlockedPushEntrySList 1623->1624 1624->1624 1625 1362d03 1624->1625 1625->1618
                                                                                                                                                                                                                                C-Code - Quality: 53%
                                                                                                                                                                                                                                			E01362D08() {
				intOrPtr _t2;
				void* _t3;
				void* _t5;
				void* _t13;
				intOrPtr* _t15;
				void* _t16;
				void* _t17;
				void* _t18;

				if( *0x13c1720 == 0 && E01362BEA() == 0) {
					L8:
					return 0;
				}
				_t2 =  *0x13c1720; // 0xefcb40
				if(_t2 == 1) {
					_t13 = HeapAlloc(GetProcessHeap(), 0, 0xd);
					if(_t13 == 0) {
						goto L8;
					}
					return _t13;
				}
				_t15 = __imp__InterlockedPopEntrySList;
				_t3 =  *_t15(_t2);
				if(_t3 == 0) {
					_t5 = VirtualAlloc(0, 0x1000, 0x1000, 0x40); // executed
					_t18 = _t5;
					if(_t18 != 0) {
						_t16 =  *_t15( *0x13c1720);
						if(_t16 == 0) {
							_t1 = _t18 + 0xff0; // 0xff0
							_t17 = _t1;
							do {
								__imp__InterlockedPushEntrySList( *0x13c1720, _t18);
								_t18 = _t18 + 0x10;
							} while (_t18 < _t17);
							return _t18;
						}
						VirtualFree(_t18, 0, 0x8000);
						return _t16;
					}
					goto L8;
				}
				return _t3;
			}











                                                                                                                                                                                                                                0x01362c73
                                                                                                                                                                                                                                0x01362cc3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01362cc3
                                                                                                                                                                                                                                0x01362c7e
                                                                                                                                                                                                                                0x01362c86
                                                                                                                                                                                                                                0x01362c93
                                                                                                                                                                                                                                0x01362c9b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01362c9b
                                                                                                                                                                                                                                0x01362c9f
                                                                                                                                                                                                                                0x01362ca6
                                                                                                                                                                                                                                0x01362caa
                                                                                                                                                                                                                                0x01362cb7
                                                                                                                                                                                                                                0x01362cbd
                                                                                                                                                                                                                                0x01362cc1
                                                                                                                                                                                                                                0x01362cd1
                                                                                                                                                                                                                                0x01362cd5
                                                                                                                                                                                                                                0x01362ce9
                                                                                                                                                                                                                                0x01362ce9
                                                                                                                                                                                                                                0x01362cef
                                                                                                                                                                                                                                0x01362cf6
                                                                                                                                                                                                                                0x01362cfc
                                                                                                                                                                                                                                0x01362cff
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01362d03
                                                                                                                                                                                                                                0x01362cdf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01362ce5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01362cc1
                                                                                                                                                                                                                                0x01362d07

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,0000000D,?,?,01314F4B), ref: 01362C8C
                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,01314F4B), ref: 01362C93
                                                                                                                                                                                                                                  • Part of subcall function 01362BEA: IsProcessorFeaturePresent.KERNEL32(0000000C,01362C7A,?,?,01314F4B), ref: 01362BEC
                                                                                                                                                                                                                                • InterlockedPopEntrySList.KERNEL32(00EFCB40,?,?,01314F4B), ref: 01362CA6
                                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,?,01314F4B), ref: 01362CB7
                                                                                                                                                                                                                                • InterlockedPopEntrySList.KERNEL32(?,?,01314F4B), ref: 01362CCF
                                                                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,01314F4B), ref: 01362CDF
                                                                                                                                                                                                                                • InterlockedPushEntrySList.KERNEL32(00000000,?,?,01314F4B), ref: 01362CF6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EntryInterlockedList$AllocHeapVirtual$FeatureFreePresentProcessProcessorPush
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2304957937-0
                                                                                                                                                                                                                                • Opcode ID: fc5b7fb51e9ca9b5ab1cea45a9e5b4643c066f1ea80f2788e62d26035a517602
                                                                                                                                                                                                                                • Instruction ID: b549d32f9f08a69e6526c61e5de6529494d3d501845f24f1cfcdb961a249b170
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc5b7fb51e9ca9b5ab1cea45a9e5b4643c066f1ea80f2788e62d26035a517602
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9511D632200611EBDF311AFCAC08B67766CFB48785F138420FA85D729CDB62E8018BB4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135C7D4, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 126registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1626 135c7d4-135c805 call 137c242 1629 135c8a8-135c8ab 1626->1629 1630 135c80b-135c8a2 call 135be26 * 2 call 131d888 call 1347f01 call 1347fce call 134ba76 call 1311524 * 4 1626->1630 1632 135c8b1-135c8b4 1629->1632 1633 135c988 1629->1633 1630->1629 1632->1633 1636 135c8ba-135c8bd 1632->1636 1634 135c98a-135c98f call 137c2c5 1633->1634 1636->1633 1639 135c8c3-135c8d9 1636->1639 1642 135c8df 1639->1642 1643 135c8db-135c8dd 1639->1643 1645 135c8e1-135c8f7 call 13123fb 1642->1645 1643->1645 1650 135c903 1645->1650 1651 135c8f9-135c901 1645->1651 1653 135c909-135c913 1650->1653 1651->1653 1655 135c915-135c917 1653->1655 1656 135c919 1653->1656 1658 135c91b-135c91f 1655->1658 1656->1658 1660 135c921 1658->1660 1661 135c923-135c949 call 13123fb 1658->1661 1660->1661 1668 135c95e-135c96a 1661->1668 1669 135c94b-135c959 call 13124a4 1661->1669 1672 135c974-135c97a 1668->1672 1673 135c96c-135c972 RegCloseKey 1668->1673 1669->1668 1675 135c984-135c986 1672->1675 1676 135c97c-135c982 RegCloseKey 1672->1676 1673->1672 1675->1634 1676->1675
                                                                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                                                                			E0135C7D4(void* __ebx, intOrPtr __ecx, intOrPtr* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t52;
				intOrPtr* _t55;
				void* _t57;
				void* _t65;
				void* _t67;
				void* _t69;
				void* _t71;
				void* _t84;
				intOrPtr* _t99;
				intOrPtr* _t100;
				void* _t101;
				void* _t102;
				intOrPtr _t106;

				_t91 = __edx;
				_t81 = __ecx;
				_push(0x9c);
				E0137C242(0x1395b6d, __ebx, __edi, __esi);
				_t99 =  *((intOrPtr*)(_t101 + 0xc));
				_t93 = __edx;
				 *((intOrPtr*)(_t101 - 0x8c)) =  *((intOrPtr*)(_t101 + 8));
				 *((intOrPtr*)(_t101 - 0x84)) = __edx;
				 *((intOrPtr*)(_t101 - 0x88)) = __ecx;
				_t106 =  *0x13c2a33; // 0x0
				if(_t106 != 0) {
					_push(_t101 - 0x2c);
					_t65 = E0135BE26(0, __ecx, __edx, _t99, _t106);
					_push(_t101 - 0x48);
					 *((intOrPtr*)(_t101 - 4)) = 0;
					_t67 = E0135BE26(0, _t99, _t65, _t99, _t106);
					_pop(_t84);
					 *((char*)(_t101 - 4)) = 1;
					_t69 = E0131D888(_t84, _t101 - 0x80, "WriteRegister()...  name:", _t67);
					 *((char*)(_t101 - 4)) = 2;
					_t71 = E01347F01(_t84, _t101 - 0x64, _t69, " value:");
					_t104 = _t102 + 0xc - 0x10;
					 *((char*)(_t101 - 4)) = 3;
					 *((intOrPtr*)(_t101 - 0xa8)) = _t102 + 0xc - 0x10;
					E01347FCE(_t65, _t71, _t102 + 0xc - 0x10);
					E0134BA76(0, 0x13c2b18, _t91, _t104, _t99, _t106);
					E01311524(_t101 - 0x64, 1, 0);
					E01311524(_t101 - 0x80, 1, 0);
					E01311524(_t101 - 0x48, 1, 0);
					E01311524(_t101 - 0x2c, 1, 0);
					_t93 =  *((intOrPtr*)(_t101 - 0x84));
					_t81 =  *((intOrPtr*)(_t101 - 0x88));
				}
				if( *((intOrPtr*)(_t93 + 0x10)) == 0 ||  *((intOrPtr*)(_t81 + 0x10)) == 0 ||  *((intOrPtr*)(_t99 + 0x10)) == 0) {
					__eflags = 0;
				} else {
					 *(_t101 - 0xa4) = 0;
					 *((intOrPtr*)(_t101 - 0xa0)) = 0;
					 *((intOrPtr*)(_t101 - 0x9c)) = 0;
					if( *((intOrPtr*)(_t93 + 0x14)) < 8) {
						_t52 = _t93;
					} else {
						_t52 =  *_t93;
					}
					E013123FB(_t101 - 0xa4, _t81,  *((intOrPtr*)(_t101 - 0x8c)), _t52); // executed
					if( *((intOrPtr*)(_t99 + 0x14)) < 8) {
						 *((intOrPtr*)(_t101 - 0x84)) = _t99;
					} else {
						 *((intOrPtr*)(_t101 - 0x84)) =  *_t99;
					}
					_t55 =  *((intOrPtr*)(_t101 - 0x88));
					if( *((intOrPtr*)(_t55 + 0x14)) < 8) {
						_t100 = _t55;
					} else {
						_t100 =  *_t55;
					}
					if( *((intOrPtr*)(_t93 + 0x14)) >= 8) {
						_t93 =  *_t93;
					}
					 *(_t101 - 0x98) = 0;
					 *((intOrPtr*)(_t101 - 0x94)) = 0;
					 *((intOrPtr*)(_t101 - 0x90)) = 0;
					_t57 = E013123FB(_t101 - 0x98, _t81,  *((intOrPtr*)(_t101 - 0x8c)), _t93); // executed
					if(_t57 == 0) {
						E013124A4(_t101 - 0x98,  *((intOrPtr*)(_t101 - 0x84)), _t100); // executed
					}
					_t99 = RegCloseKey;
					if( *(_t101 - 0x98) != 0) {
						RegCloseKey( *(_t101 - 0x98));
					}
					if( *(_t101 - 0xa4) != 0) {
						RegCloseKey( *(_t101 - 0xa4));
					}
				}
				return E0137C2C5(0, _t93, _t99);
			}
















                                                                                                                                                                                                                                0x0135c7d4
                                                                                                                                                                                                                                0x0135c7d4
                                                                                                                                                                                                                                0x0135c7d4
                                                                                                                                                                                                                                0x0135c7de
                                                                                                                                                                                                                                0x0135c7e6
                                                                                                                                                                                                                                0x0135c7eb
                                                                                                                                                                                                                                0x0135c7ed
                                                                                                                                                                                                                                0x0135c7f3
                                                                                                                                                                                                                                0x0135c7f9
                                                                                                                                                                                                                                0x0135c7ff
                                                                                                                                                                                                                                0x0135c805
                                                                                                                                                                                                                                0x0135c80e
                                                                                                                                                                                                                                0x0135c80f
                                                                                                                                                                                                                                0x0135c81a
                                                                                                                                                                                                                                0x0135c81d
                                                                                                                                                                                                                                0x0135c820
                                                                                                                                                                                                                                0x0135c825
                                                                                                                                                                                                                                0x0135c830
                                                                                                                                                                                                                                0x0135c834
                                                                                                                                                                                                                                0x0135c846
                                                                                                                                                                                                                                0x0135c84a
                                                                                                                                                                                                                                0x0135c851
                                                                                                                                                                                                                                0x0135c858
                                                                                                                                                                                                                                0x0135c85c
                                                                                                                                                                                                                                0x0135c862
                                                                                                                                                                                                                                0x0135c86c
                                                                                                                                                                                                                                0x0135c879
                                                                                                                                                                                                                                0x0135c883
                                                                                                                                                                                                                                0x0135c88d
                                                                                                                                                                                                                                0x0135c897
                                                                                                                                                                                                                                0x0135c89c
                                                                                                                                                                                                                                0x0135c8a2
                                                                                                                                                                                                                                0x0135c8a2
                                                                                                                                                                                                                                0x0135c8ab
                                                                                                                                                                                                                                0x0135c988
                                                                                                                                                                                                                                0x0135c8c3
                                                                                                                                                                                                                                0x0135c8c7
                                                                                                                                                                                                                                0x0135c8cd
                                                                                                                                                                                                                                0x0135c8d3
                                                                                                                                                                                                                                0x0135c8d9
                                                                                                                                                                                                                                0x0135c8df
                                                                                                                                                                                                                                0x0135c8db
                                                                                                                                                                                                                                0x0135c8db
                                                                                                                                                                                                                                0x0135c8db
                                                                                                                                                                                                                                0x0135c8ee
                                                                                                                                                                                                                                0x0135c8f7
                                                                                                                                                                                                                                0x0135c903
                                                                                                                                                                                                                                0x0135c8f9
                                                                                                                                                                                                                                0x0135c8fb
                                                                                                                                                                                                                                0x0135c8fb
                                                                                                                                                                                                                                0x0135c909
                                                                                                                                                                                                                                0x0135c913
                                                                                                                                                                                                                                0x0135c919
                                                                                                                                                                                                                                0x0135c915
                                                                                                                                                                                                                                0x0135c915
                                                                                                                                                                                                                                0x0135c915
                                                                                                                                                                                                                                0x0135c91f
                                                                                                                                                                                                                                0x0135c921
                                                                                                                                                                                                                                0x0135c921
                                                                                                                                                                                                                                0x0135c930
                                                                                                                                                                                                                                0x0135c936
                                                                                                                                                                                                                                0x0135c93c
                                                                                                                                                                                                                                0x0135c942
                                                                                                                                                                                                                                0x0135c949
                                                                                                                                                                                                                                0x0135c959
                                                                                                                                                                                                                                0x0135c959
                                                                                                                                                                                                                                0x0135c95e
                                                                                                                                                                                                                                0x0135c96a
                                                                                                                                                                                                                                0x0135c972
                                                                                                                                                                                                                                0x0135c972
                                                                                                                                                                                                                                0x0135c97a
                                                                                                                                                                                                                                0x0135c982
                                                                                                                                                                                                                                0x0135c982
                                                                                                                                                                                                                                0x0135c984
                                                                                                                                                                                                                                0x0135c98f

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135C7DE
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,00000000,?,00000000,?,0000009C,0135C5A3,00000000,00000001,00000001,00000000,00000000,?,00000001,013A11F0,?), ref: 0135C972
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,?,00000000,?,0000009C,0135C5A3,00000000,00000001,00000001,00000000,00000000,?,00000001,013A11F0,?), ref: 0135C982
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                  • Part of subcall function 0131D888: _strlen.LIBCMT ref: 0131D894
                                                                                                                                                                                                                                  • Part of subcall function 01347F01: _strlen.LIBCMT ref: 01347F0C
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 01311524: _memmove.LIBCMT ref: 01311544
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3__setlocale$Close_memset_strlen$CurrentLocalProcessTime__cftoe_memmoveswprintf
                                                                                                                                                                                                                                • String ID: value:$WriteRegister()... name:
                                                                                                                                                                                                                                • API String ID: 2329745090-2921753706
                                                                                                                                                                                                                                • Opcode ID: 6748c5ee2b613ea4dc5ca9c5c8d57fb17a7ebcf419f377098dea50ac20fe6289
                                                                                                                                                                                                                                • Instruction ID: 42ba993cc2da06952ee29ef520630276b2af8f56188c5d48f02c2cadb14690c9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6748c5ee2b613ea4dc5ca9c5c8d57fb17a7ebcf419f377098dea50ac20fe6289
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE413A71D0021ADFDF649F68C880BDABBB9BF4561CF1450A9D549A7200DA709E84CF61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131B6A8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1680 131b6a8-131b6b8 1681 131b6c4-131b6cc 1680->1681 1682 131b6ba-131b6bf call 1363221 1680->1682 1684 131b6d0-131b6da 1681->1684 1685 131b6ce 1681->1685 1682->1681 1686 131b6e6-131b6e8 1684->1686 1687 131b6dc-131b6e1 call 13631d4 1684->1687 1685->1684 1689 131b743-131b748 1686->1689 1690 131b6ea-131b6f3 call 131b8e0 1686->1690 1687->1686 1692 131b6f8-131b6fa 1690->1692 1693 131b742 1692->1693 1694 131b6fc-131b703 1692->1694 1693->1689 1695 131b705 1694->1695 1696 131b707-131b70b 1694->1696 1695->1696 1697 131b711 1696->1697 1698 131b70d-131b70f 1696->1698 1699 131b713-131b734 call 13748d0 1697->1699 1698->1699 1702 131b736-131b738 1699->1702 1703 131b73a 1699->1703 1704 131b73c-131b73e 1702->1704 1703->1704 1704->1693
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E0131B6A8(signed int __ecx, intOrPtr* _a4, signed int _a8, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t31;
				signed int _t33;
				signed int _t35;
				intOrPtr* _t39;
				intOrPtr _t45;
				intOrPtr* _t46;

				_t35 = __ecx;
				_t23 =  *((intOrPtr*)(_a4 + 0x10));
				_t46 = __ecx;
				if(_t23 < _a8) {
					_t23 = E01363221("invalid string position");
				}
				_t24 = _t23 - _a8;
				_t45 = _a12;
				if(_t24 < _t45) {
					_t45 = _t24;
				}
				_t25 =  *(_t46 + 0x10);
				if((_t35 | 0xffffffff) - _t25 <= _t45) {
					_t25 = E013631D4("string too long");
				}
				if(_t45 != 0) {
					_t33 = _t25 + _t45;
					_t27 = E0131B8E0(_t33, _t46, _t45, _t33, 0); // executed
					if(_t27 != 0) {
						_t39 = _a4;
						if( *((intOrPtr*)(_t39 + 0x14)) >= 8) {
							_t39 =  *_t39;
						}
						if( *((intOrPtr*)(_t46 + 0x14)) < 8) {
							_t28 = _t46;
						} else {
							_t28 =  *_t46;
						}
						E013748D0(_t28 +  *(_t46 + 0x10) * 2, _t39 + _a8 * 2, _t45 + _t45);
						 *(_t46 + 0x10) = _t33;
						if( *((intOrPtr*)(_t46 + 0x14)) < 8) {
							_t31 = _t46;
						} else {
							_t31 =  *_t46;
						}
						 *((short*)(_t31 + _t33 * 2)) = 0;
					}
				}
				return _t46;
			}
















                                                                                                                                                                                                                                0x0131b6a8
                                                                                                                                                                                                                                0x0131b6ae
                                                                                                                                                                                                                                0x0131b6b3
                                                                                                                                                                                                                                0x0131b6b8
                                                                                                                                                                                                                                0x0131b6bf
                                                                                                                                                                                                                                0x0131b6bf
                                                                                                                                                                                                                                0x0131b6c4
                                                                                                                                                                                                                                0x0131b6c7
                                                                                                                                                                                                                                0x0131b6cc
                                                                                                                                                                                                                                0x0131b6ce
                                                                                                                                                                                                                                0x0131b6ce
                                                                                                                                                                                                                                0x0131b6d0
                                                                                                                                                                                                                                0x0131b6da
                                                                                                                                                                                                                                0x0131b6e1
                                                                                                                                                                                                                                0x0131b6e1
                                                                                                                                                                                                                                0x0131b6e8
                                                                                                                                                                                                                                0x0131b6eb
                                                                                                                                                                                                                                0x0131b6f3
                                                                                                                                                                                                                                0x0131b6fa
                                                                                                                                                                                                                                0x0131b6fc
                                                                                                                                                                                                                                0x0131b703
                                                                                                                                                                                                                                0x0131b705
                                                                                                                                                                                                                                0x0131b705
                                                                                                                                                                                                                                0x0131b70b
                                                                                                                                                                                                                                0x0131b711
                                                                                                                                                                                                                                0x0131b70d
                                                                                                                                                                                                                                0x0131b70d
                                                                                                                                                                                                                                0x0131b70d
                                                                                                                                                                                                                                0x0131b725
                                                                                                                                                                                                                                0x0131b731
                                                                                                                                                                                                                                0x0131b734
                                                                                                                                                                                                                                0x0131b73a
                                                                                                                                                                                                                                0x0131b736
                                                                                                                                                                                                                                0x0131b736
                                                                                                                                                                                                                                0x0131b736
                                                                                                                                                                                                                                0x0131b73e
                                                                                                                                                                                                                                0x0131b73e
                                                                                                                                                                                                                                0x0131b742
                                                                                                                                                                                                                                0x0131b748

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0131B6BF
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 01363236
                                                                                                                                                                                                                                  • Part of subcall function 01363221: __CxxThrowException@8.LIBCMT ref: 0136324B
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 0136325C
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0131B6E1
                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0131B725
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                                                                                                                                                                • String ID: invalid string position$string too long
                                                                                                                                                                                                                                • API String ID: 3404309857-4289949731
                                                                                                                                                                                                                                • Opcode ID: 76773998dd9bf67c4428e1c2910b5d6b5eb9e82163628fa02be864f2525990f2
                                                                                                                                                                                                                                • Instruction ID: db8e2529b6d4ed858ea291ffe2dcd0b229599e2403006bb620c361200e684c89
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76773998dd9bf67c4428e1c2910b5d6b5eb9e82163628fa02be864f2525990f2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2611DF312002099BCB28DF2CD880C5AF7B9FF8472C728091DE8468B658EB30E915CBA4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131D0A8, Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1705 131d0a8-131d0f0 call 1314b1d call 132a369 1709 131d0f2-131d0fa 1705->1709 1710 131d166-131d16b 1705->1710 1711 131d114-131d144 GetWindowLongW CallWindowProcW 1709->1711 1712 131d0fc-131d112 CallWindowProcW 1709->1712 1713 131d18d-131d190 1710->1713 1714 131d16d-131d172 1710->1714 1717 131d161 1711->1717 1718 131d146-131d151 GetWindowLongW 1711->1718 1716 131d165 1712->1716 1715 131d193-131d199 1713->1715 1714->1713 1719 131d174-131d18b 1714->1719 1716->1710 1717->1716 1718->1717 1720 131d153-131d15b SetWindowLongW 1718->1720 1719->1715 1720->1717
                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                			E0131D0A8(void* __eflags, long _a4, int _a8, int _a12, long _a16) {
				long _v8;
				char _v44;
				void* _t53;
				signed int _t54;
				long _t65;
				long _t67;
				int _t77;
				intOrPtr* _t79;

				_t79 = _a4;
				_t77 = _a8;
				E01314B1D( &_v44,  *(_t79 + 4), _t77, _a12, _a16);
				_a4 = _a4 & 0x00000000;
				_a8 =  *(_t79 + 0x18);
				 *(_t79 + 0x18) =  &_v44;
				_t53 =  *((intOrPtr*)( *_t79))( *(_t79 + 4), _t77, _a12, _a16,  &_a4, 0); // executed
				if(_t53 == 0) {
					if(_t77 == 0x82) {
						_v8 = GetWindowLongW( *(_t79 + 4), 0xfffffffc);
						_a4 = CallWindowProcW( *(_t79 + 0x20),  *(_t79 + 4), 0x82, _a12, _a16);
						__eflags =  *(_t79 + 0x20) - __imp__DefWindowProcW; // 0x7731d1d0
						if(__eflags != 0) {
							_t65 = GetWindowLongW( *(_t79 + 4), 0xfffffffc);
							__eflags = _t65 - _v8;
							if(_t65 == _v8) {
								SetWindowLongW( *(_t79 + 4), 0xfffffffc,  *(_t79 + 0x20));
							}
						}
						_t34 = _t79 + 0x1c;
						 *_t34 =  *(_t79 + 0x1c) | 0x00000001;
						__eflags =  *_t34;
					} else {
						_t67 = CallWindowProcW( *(_t79 + 0x20),  *(_t79 + 4), _t77, _a12, _a16); // executed
						_a4 = _t67;
					}
				}
				_t54 =  *(_t79 + 0x1c);
				if((_t54 & 0x00000001) == 0 || _a8 != 0) {
					 *(_t79 + 0x18) = _a8;
				} else {
					 *(_t79 + 0x1c) = _t54 & 0xfffffffe;
					 *(_t79 + 4) = 0;
					 *(_t79 + 0x18) = 0;
					 *((intOrPtr*)( *_t79 + 0xc))( *(_t79 + 4));
				}
				return _a4;
			}











                                                                                                                                                                                                                                0x0131d0af
                                                                                                                                                                                                                                0x0131d0b9
                                                                                                                                                                                                                                0x0131d0c3
                                                                                                                                                                                                                                0x0131d0cb
                                                                                                                                                                                                                                0x0131d0d8
                                                                                                                                                                                                                                0x0131d0e5
                                                                                                                                                                                                                                0x0131d0ec
                                                                                                                                                                                                                                0x0131d0f0
                                                                                                                                                                                                                                0x0131d0fa
                                                                                                                                                                                                                                0x0131d125
                                                                                                                                                                                                                                0x0131d138
                                                                                                                                                                                                                                0x0131d13e
                                                                                                                                                                                                                                0x0131d144
                                                                                                                                                                                                                                0x0131d14c
                                                                                                                                                                                                                                0x0131d14e
                                                                                                                                                                                                                                0x0131d151
                                                                                                                                                                                                                                0x0131d15b
                                                                                                                                                                                                                                0x0131d15b
                                                                                                                                                                                                                                0x0131d151
                                                                                                                                                                                                                                0x0131d161
                                                                                                                                                                                                                                0x0131d161
                                                                                                                                                                                                                                0x0131d161
                                                                                                                                                                                                                                0x0131d0fc
                                                                                                                                                                                                                                0x0131d109
                                                                                                                                                                                                                                0x0131d10f
                                                                                                                                                                                                                                0x0131d10f
                                                                                                                                                                                                                                0x0131d165
                                                                                                                                                                                                                                0x0131d166
                                                                                                                                                                                                                                0x0131d16b
                                                                                                                                                                                                                                0x0131d190
                                                                                                                                                                                                                                0x0131d174
                                                                                                                                                                                                                                0x0131d17a
                                                                                                                                                                                                                                0x0131d182
                                                                                                                                                                                                                                0x0131d185
                                                                                                                                                                                                                                0x0131d188
                                                                                                                                                                                                                                0x0131d188
                                                                                                                                                                                                                                0x0131d199

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 0131D109
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 0131D120
                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 0131D132
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 0131D14C
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 0131D15B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Long$CallProc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 513923721-0
                                                                                                                                                                                                                                • Opcode ID: d962c07b1f24300b9bbd1b3fed4f09a31cedd6d566b1717d4c3ad14842aecb68
                                                                                                                                                                                                                                • Instruction ID: f81f6fecd69717716eba10db8313f272dead8678d5c64e8df5b3f1404f1ab931
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d962c07b1f24300b9bbd1b3fed4f09a31cedd6d566b1717d4c3ad14842aecb68
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41313831500608AFCB25CF69C8849AABBF9FF49714B108929F9A697660D731E950DF90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135BED6, Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1723 135bed6-135bef7 call 137c242 1726 135befc-135bf15 MultiByteToWideChar 1723->1726 1727 135bef9 1723->1727 1728 135bf17 1726->1728 1729 135bf1b-135bf37 call 13638c3 1726->1729 1727->1726 1728->1729 1732 135bf39-135bf46 call 1319b30 1729->1732 1733 135bf48-135bf5f call 1376f40 1729->1733 1738 135bf9d-135bfb0 call 1311524 call 137c2c5 1732->1738 1739 135bf64-135bf80 MultiByteToWideChar call 1319b30 call 137534a 1733->1739 1740 135bf61 1733->1740 1748 135bf85-135bf98 call 1319b61 call 131aa87 1739->1748 1740->1739 1748->1738
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E0135BED6(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char* _t39;
				short* _t43;
				char* _t47;
				short* _t59;
				signed int _t71;
				void* _t74;
				void* _t77;
				intOrPtr _t83;

				_push(0x28);
				E0137C242(0x1392877, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t77 - 0x34)) =  *((intOrPtr*)(_t77 + 8));
				 *(_t77 - 0x30) = 0;
				 *((intOrPtr*)(_t77 - 4)) = 0;
				_t39 =  *(_t77 + 0xc);
				if( *((intOrPtr*)(_t77 + 0x20)) < 0x10) {
					_t39 = _t77 + 0xc;
				}
				_t74 = MultiByteToWideChar;
				 *(_t77 - 0x30) = MultiByteToWideChar( *(_t77 + 0x28), 0, _t39,  *(_t77 + 0x30), 0, 0);
				if( *(_t77 + 0x30) != 0xffffffff) {
					_t12 = _t77 - 0x30;
					 *_t12 =  *(_t77 - 0x30) + 2;
					_t83 =  *_t12;
				}
				_t71 = 2;
				_push( ~(0 | _t83 > 0x00000000) |  *(_t77 - 0x30) * _t71); // executed
				_t43 = E013638C3(_t74, 0, _t83); // executed
				_t59 = _t43;
				if(_t59 != 0) {
					E01376F40(_t59, 0,  *(_t77 - 0x30) +  *(_t77 - 0x30));
					_t47 =  *(_t77 + 0xc);
					__eflags =  *((intOrPtr*)(_t77 + 0x20)) - 0x10;
					if( *((intOrPtr*)(_t77 + 0x20)) < 0x10) {
						_t47 = _t77 + 0xc;
					}
					MultiByteToWideChar( *(_t77 + 0x2c), 0, _t47,  *(_t77 + 0x30), _t59,  *(_t77 - 0x30));
					E01319B30(_t77 - 0x2c, _t59); // executed
					_push(_t59);
					 *((char*)(_t77 - 4)) = 1;
					E0137534A(); // executed
					E01319B61( *((intOrPtr*)(_t77 - 0x34)), _t77 - 0x2c);
					E0131AA87(_t77 - 0x2c, 1, 0);
				} else {
					E01319B30( *((intOrPtr*)(_t77 - 0x34)), 0x13a0d00);
				}
				E01311524(_t77 + 0xc, 1, 0); // executed
				return E0137C2C5(_t59, _t74, 0);
			}











                                                                                                                                                                                                                                0x0135bed6
                                                                                                                                                                                                                                0x0135bedd
                                                                                                                                                                                                                                0x0135bee7
                                                                                                                                                                                                                                0x0135beea
                                                                                                                                                                                                                                0x0135beed
                                                                                                                                                                                                                                0x0135bef4
                                                                                                                                                                                                                                0x0135bef7
                                                                                                                                                                                                                                0x0135bef9
                                                                                                                                                                                                                                0x0135bef9
                                                                                                                                                                                                                                0x0135befc
                                                                                                                                                                                                                                0x0135bf12
                                                                                                                                                                                                                                0x0135bf15
                                                                                                                                                                                                                                0x0135bf17
                                                                                                                                                                                                                                0x0135bf17
                                                                                                                                                                                                                                0x0135bf17
                                                                                                                                                                                                                                0x0135bf17
                                                                                                                                                                                                                                0x0135bf22
                                                                                                                                                                                                                                0x0135bf2c
                                                                                                                                                                                                                                0x0135bf2d
                                                                                                                                                                                                                                0x0135bf32
                                                                                                                                                                                                                                0x0135bf37
                                                                                                                                                                                                                                0x0135bf50
                                                                                                                                                                                                                                0x0135bf55
                                                                                                                                                                                                                                0x0135bf5b
                                                                                                                                                                                                                                0x0135bf5f
                                                                                                                                                                                                                                0x0135bf61
                                                                                                                                                                                                                                0x0135bf61
                                                                                                                                                                                                                                0x0135bf70
                                                                                                                                                                                                                                0x0135bf76
                                                                                                                                                                                                                                0x0135bf7b
                                                                                                                                                                                                                                0x0135bf7c
                                                                                                                                                                                                                                0x0135bf80
                                                                                                                                                                                                                                0x0135bf8d
                                                                                                                                                                                                                                0x0135bf98
                                                                                                                                                                                                                                0x0135bf39
                                                                                                                                                                                                                                0x0135bf41
                                                                                                                                                                                                                                0x0135bf41
                                                                                                                                                                                                                                0x0135bfa3
                                                                                                                                                                                                                                0x0135bfb0

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135BEDD
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(0135D1A8,00000000,?,00000000,00000000,00000000,00000028,0135D1A8,?), ref: 0135BF0C
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0135BF50
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,00000000,00000000,?), ref: 0135BF70
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$H_prolog3__memset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2885787191-0
                                                                                                                                                                                                                                • Opcode ID: 723f8230d3633189287586b5234845ae022ee818f5070fabcdc1d3cc3ce69dc3
                                                                                                                                                                                                                                • Instruction ID: e7693460992e4017e22b46cba510cac8e6421a1ceeda683c6e6410e965c34132
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 723f8230d3633189287586b5234845ae022ee818f5070fabcdc1d3cc3ce69dc3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8217A71911118BFDF14EFA8DC84DEEBBB9FF08368F508119F809AA194C7719904CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013753A6, Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 1752 13753a6-13753ae 1753 13753bd-13753c8 call 1376c17 1752->1753 1756 13753b0-13753bb call 137f2ce 1753->1756 1757 13753ca-13753cb 1753->1757 1756->1753 1760 13753cc-13753dd 1756->1760 1761 13753df-1375405 call 1374c31 call 1376ec1 1760->1761 1762 137540b-1375425 call 1374d3e call 137bd1e 1760->1762 1769 137540a 1761->1769 1769->1762
                                                                                                                                                                                                                                C-Code - Quality: 90%
                                                                                                                                                                                                                                			E013753A6(void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v4;
				char* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				void* _t14;
				signed int _t15;
				void* _t29;
				void* _t30;
				void* _t32;

				_t32 = __esi;
				_t30 = __edi;
				while(1) {
					_t14 = E01376C17(_t29, _t30, _t32, _a4); // executed
					if(_t14 != 0) {
						break;
					}
					_t15 = E0137F2CE(_t14, _a4);
					__eflags = _t15;
					if(_t15 == 0) {
						__eflags =  *0x13c1b18 & 0x00000001;
						if(( *0x13c1b18 & 0x00000001) == 0) {
							 *0x13c1b18 =  *0x13c1b18 | 0x00000001;
							__eflags =  *0x13c1b18;
							_push(1);
							_v8 = "bad allocation";
							E01374C31(0x13c1b0c,  &_v8);
							 *0x13c1b0c = 0x139c8ac;
							E01376EC1( *0x13c1b18, E0139B65C);
						}
						E01374D3E( &_v20, 0x13c1b0c);
						_v20 = 0x139c8ac;
						E0137BD1E( &_v20, 0x13b041c);
						asm("int3");
						return E01377F9F(_v16, _v12, _v8, 0,  &_v4);
					} else {
						continue;
					}
					L8:
				}
				return _t14;
				goto L8;
			}













                                                                                                                                                                                                                                0x013753a6
                                                                                                                                                                                                                                0x013753a6
                                                                                                                                                                                                                                0x013753bd
                                                                                                                                                                                                                                0x013753c0
                                                                                                                                                                                                                                0x013753c8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013753b3
                                                                                                                                                                                                                                0x013753b9
                                                                                                                                                                                                                                0x013753bb
                                                                                                                                                                                                                                0x013753cc
                                                                                                                                                                                                                                0x013753dd
                                                                                                                                                                                                                                0x013753df
                                                                                                                                                                                                                                0x013753df
                                                                                                                                                                                                                                0x013753e6
                                                                                                                                                                                                                                0x013753ee
                                                                                                                                                                                                                                0x013753f5
                                                                                                                                                                                                                                0x013753ff
                                                                                                                                                                                                                                0x01375405
                                                                                                                                                                                                                                0x0137540a
                                                                                                                                                                                                                                0x0137540f
                                                                                                                                                                                                                                0x0137541d
                                                                                                                                                                                                                                0x01375420
                                                                                                                                                                                                                                0x01375425
                                                                                                                                                                                                                                0x01375443
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013753bb
                                                                                                                                                                                                                                0x013753cb
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 013753C0
                                                                                                                                                                                                                                  • Part of subcall function 01376C17: __FF_MSGBANNER.LIBCMT ref: 01376C30
                                                                                                                                                                                                                                  • Part of subcall function 01376C17: __NMSG_WRITE.LIBCMT ref: 01376C37
                                                                                                                                                                                                                                  • Part of subcall function 01376C17: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,0137C61D,?,00000001,?,?,013822FD,00000018,013B0180,0000000C,0138238D), ref: 01376C5C
                                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 013753F5
                                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 0137540F
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 01375420
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 615853336-0
                                                                                                                                                                                                                                • Opcode ID: d64f1fb3dfa1ad91ccf8afcbdfb2d2e6433fa771023b891a343b0a25e55c4f2d
                                                                                                                                                                                                                                • Instruction ID: bf3cca81eddc65f278c847df53abfb6fe1d5b78a5f90508acda7ec8c34515783
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d64f1fb3dfa1ad91ccf8afcbdfb2d2e6433fa771023b891a343b0a25e55c4f2d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61F02D7550010EABEF38EB5DD841E9D7FBC6B5031CF100019E414A60D1EBB9AA44DF91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135CB2A, Relevance: 4.6, APIs: 3, Instructions: 93registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 97%
                                                                                                                                                                                                                                			E0135CB2A(void* __ebx, intOrPtr* __ecx, intOrPtr* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t53;
				intOrPtr* _t57;
				intOrPtr _t59;
				intOrPtr* _t76;
				intOrPtr* _t79;
				void* _t81;

				_t74 = __edx;
				_push(0x450);
				E0137C242(0x139273a, __ebx, __edi, __esi);
				_t76 =  *((intOrPtr*)(_t81 + 0x10));
				 *(_t81 - 0x45c) =  *(_t81 - 0x45c) & 0x00000000;
				 *((intOrPtr*)(_t81 - 0x440)) =  *((intOrPtr*)(_t81 + 8));
				_t65 = __ecx;
				 *((intOrPtr*)(_t81 - 0x444)) = __ecx;
				_t79 = __edx;
				 *((intOrPtr*)(_t81 - 0x458)) =  *((intOrPtr*)(_t81 + 0xc));
				 *((intOrPtr*)(_t81 - 0x448)) = _t76;
				if(_t76 != 0) {
					 *_t76 = 0x57;
				}
				E01319B30(_t81 - 0x43c, 0x13a0d00);
				 *((intOrPtr*)(_t81 - 4)) = 0;
				if( *((intOrPtr*)(_t65 + 0x10)) == 0) {
					L17:
					E01319B61( *((intOrPtr*)(_t81 - 0x440)), _t81 - 0x43c);
					goto L18;
				} else {
					_t85 =  *((intOrPtr*)(_t79 + 0x10));
					if( *((intOrPtr*)(_t79 + 0x10)) == 0) {
						goto L17;
					}
					_t70 =  *((intOrPtr*)(_t81 - 0x444));
					_t65 = _t81 - 0x444;
					if(E0135C6CB(_t81 - 0x444,  *((intOrPtr*)(_t81 - 0x444)), _t74, _t76, _t79, _t85) == 0) {
						goto L17;
					}
					 *(_t81 - 0x454) = 0;
					 *((intOrPtr*)(_t81 - 0x450)) = 0;
					 *((intOrPtr*)(_t81 - 0x44c)) = 0;
					 *((char*)(_t81 - 4)) = 1;
					if( *((intOrPtr*)(_t79 + 0x14)) >= 8) {
						_t79 =  *_t79;
					}
					_t65 = _t81 - 0x454;
					_t53 = E01312452(0x20019, _t81 - 0x454, _t70,  *((intOrPtr*)(_t81 - 0x444)), _t79); // executed
					_t79 = _t53;
					if(_t79 == 0) {
						_t57 =  *((intOrPtr*)(_t81 - 0x458));
						 *((intOrPtr*)(_t81 - 0x444)) = 0x208;
						if( *((intOrPtr*)(_t57 + 0x14)) >= 8) {
							_t57 =  *_t57;
						}
						_t77 = _t81 - 0x420;
						_t59 = E013291B1(_t70, _t81 - 0x420, _t81 - 0x444, _t81 - 0x454, _t57); // executed
						_t79 = _t59;
						_t90 = _t79;
						if(_t79 == 0) {
							E0131B7E3(_t81 - 0x43c, _t90, _t77, E01376D83(_t77));
						}
						_t76 =  *((intOrPtr*)(_t81 - 0x448));
					}
					if(_t76 != 0) {
						 *_t76 = _t79;
					}
					E01319B61( *((intOrPtr*)(_t81 - 0x440)), _t81 - 0x43c);
					if( *(_t81 - 0x454) != 0) {
						RegCloseKey( *(_t81 - 0x454)); // executed
					}
					L18:
					E0131AA87(_t81 - 0x43c, 1, 0);
					return E0137C2C5(_t65, _t76, _t79);
				}
			}









                                                                                                                                                                                                                                0x0135cb2a
                                                                                                                                                                                                                                0x0135cb2a
                                                                                                                                                                                                                                0x0135cb34
                                                                                                                                                                                                                                0x0135cb3c
                                                                                                                                                                                                                                0x0135cb3f
                                                                                                                                                                                                                                0x0135cb46
                                                                                                                                                                                                                                0x0135cb4f
                                                                                                                                                                                                                                0x0135cb51
                                                                                                                                                                                                                                0x0135cb57
                                                                                                                                                                                                                                0x0135cb59
                                                                                                                                                                                                                                0x0135cb5f
                                                                                                                                                                                                                                0x0135cb67
                                                                                                                                                                                                                                0x0135cb69
                                                                                                                                                                                                                                0x0135cb69
                                                                                                                                                                                                                                0x0135cb7a
                                                                                                                                                                                                                                0x0135cb81
                                                                                                                                                                                                                                0x0135cb87
                                                                                                                                                                                                                                0x0135cc70
                                                                                                                                                                                                                                0x0135cc7d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135cb8d
                                                                                                                                                                                                                                0x0135cb8d
                                                                                                                                                                                                                                0x0135cb90
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135cb96
                                                                                                                                                                                                                                0x0135cb9c
                                                                                                                                                                                                                                0x0135cba9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135cbb1
                                                                                                                                                                                                                                0x0135cbb7
                                                                                                                                                                                                                                0x0135cbbd
                                                                                                                                                                                                                                0x0135cbc3
                                                                                                                                                                                                                                0x0135cbcb
                                                                                                                                                                                                                                0x0135cbcd
                                                                                                                                                                                                                                0x0135cbcd
                                                                                                                                                                                                                                0x0135cbdb
                                                                                                                                                                                                                                0x0135cbe1
                                                                                                                                                                                                                                0x0135cbe6
                                                                                                                                                                                                                                0x0135cbea
                                                                                                                                                                                                                                0x0135cbec
                                                                                                                                                                                                                                0x0135cbf6
                                                                                                                                                                                                                                0x0135cc00
                                                                                                                                                                                                                                0x0135cc02
                                                                                                                                                                                                                                0x0135cc02
                                                                                                                                                                                                                                0x0135cc12
                                                                                                                                                                                                                                0x0135cc18
                                                                                                                                                                                                                                0x0135cc1d
                                                                                                                                                                                                                                0x0135cc1f
                                                                                                                                                                                                                                0x0135cc21
                                                                                                                                                                                                                                0x0135cc36
                                                                                                                                                                                                                                0x0135cc36
                                                                                                                                                                                                                                0x0135cc3b
                                                                                                                                                                                                                                0x0135cc3b
                                                                                                                                                                                                                                0x0135cc43
                                                                                                                                                                                                                                0x0135cc45
                                                                                                                                                                                                                                0x0135cc45
                                                                                                                                                                                                                                0x0135cc54
                                                                                                                                                                                                                                0x0135cc60
                                                                                                                                                                                                                                0x0135cc68
                                                                                                                                                                                                                                0x0135cc68
                                                                                                                                                                                                                                0x0135cc82
                                                                                                                                                                                                                                0x0135cc8c
                                                                                                                                                                                                                                0x0135cc9c
                                                                                                                                                                                                                                0x0135cc9c

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135CB34
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0135CC26
                                                                                                                                                                                                                                • RegCloseKey.KERNEL32(00000000,?,?,?,013A0D00), ref: 0135CC68
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseH_prolog3__wcslen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2351855038-0
                                                                                                                                                                                                                                • Opcode ID: 84ffd398370bc198abdc73eec6f6b9850cc678a6f8e853dd7be49014d4b576d4
                                                                                                                                                                                                                                • Instruction ID: aff973f51f1a26d51162f6e76ea7fbce130452583ccfeff648f3ddf6e8419a30
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84ffd398370bc198abdc73eec6f6b9850cc678a6f8e853dd7be49014d4b576d4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0541F6B19006298BCF64DB28CD84B89B7B8AF4470DF4010E9DA0DA7241DB70AE85CF99
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135CC9D, Relevance: 4.6, APIs: 3, Instructions: 63COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 28%
                                                                                                                                                                                                                                			E0135CC9D(intOrPtr* __ecx) {
				signed int _v8;
				char _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				char* _t15;
				intOrPtr* _t16;
				void* _t17;
				char* _t23;
				intOrPtr _t28;
				intOrPtr* _t31;
				intOrPtr _t32;
				intOrPtr* _t33;
				signed int _t34;

				_t13 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t13 ^ _t34;
				_t15 =  &_v24;
				_t33 = __ecx;
				_t32 = 0; // executed
				__imp__UuidCreate(_t15); // executed
				if(_t15 == 0) {
					_t23 =  &_v24;
					__imp__UuidToStringW(_t23,  &_v28); // executed
					if(_t23 == 0) {
						E01319B90(__ecx, _v28);
						__imp__RpcStringFreeW( &_v28);
						_t32 = 1;
					}
				}
				_t7 = _t33 + 0x14; // 0x7
				_t28 =  *_t7;
				if(_t28 < 8) {
					_t31 = _t33;
				} else {
					_t31 =  *_t33;
				}
				if(_t28 < 8) {
					_t16 = _t33;
				} else {
					_t16 =  *_t33;
				}
				_t8 = _t33 + 0x10; // 0x0
				_t26 =  *_t8;
				_t17 = _t16 +  *_t8 * 2;
				if(_t28 >= 8) {
					_t33 =  *_t33;
				}
				E01327736( &_v28, _t33, _t17, _t31, 0x137ad0d);
				return E013748C1(_t32, _t26, _v8 ^ _t34, _t31, _t32, _t33);
			}



















                                                                                                                                                                                                                                0x0135cca3
                                                                                                                                                                                                                                0x0135ccaa
                                                                                                                                                                                                                                0x0135ccb0
                                                                                                                                                                                                                                0x0135ccb4
                                                                                                                                                                                                                                0x0135ccb6
                                                                                                                                                                                                                                0x0135ccb8
                                                                                                                                                                                                                                0x0135ccc0
                                                                                                                                                                                                                                0x0135ccc6
                                                                                                                                                                                                                                0x0135ccca
                                                                                                                                                                                                                                0x0135ccd2
                                                                                                                                                                                                                                0x0135ccd8
                                                                                                                                                                                                                                0x0135cce1
                                                                                                                                                                                                                                0x0135cce7
                                                                                                                                                                                                                                0x0135cce7
                                                                                                                                                                                                                                0x0135ccd2
                                                                                                                                                                                                                                0x0135cce8
                                                                                                                                                                                                                                0x0135cce8
                                                                                                                                                                                                                                0x0135ccee
                                                                                                                                                                                                                                0x0135ccf4
                                                                                                                                                                                                                                0x0135ccf0
                                                                                                                                                                                                                                0x0135ccf0
                                                                                                                                                                                                                                0x0135ccf0
                                                                                                                                                                                                                                0x0135ccf9
                                                                                                                                                                                                                                0x0135ccff
                                                                                                                                                                                                                                0x0135ccfb
                                                                                                                                                                                                                                0x0135ccfb
                                                                                                                                                                                                                                0x0135ccfb
                                                                                                                                                                                                                                0x0135cd01
                                                                                                                                                                                                                                0x0135cd01
                                                                                                                                                                                                                                0x0135cd04
                                                                                                                                                                                                                                0x0135cd0a
                                                                                                                                                                                                                                0x0135cd0c
                                                                                                                                                                                                                                0x0135cd0c
                                                                                                                                                                                                                                0x0135cd1a
                                                                                                                                                                                                                                0x0135cd32

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • UuidCreate.RPCRT4(?), ref: 0135CCB8
                                                                                                                                                                                                                                • UuidToStringW.RPCRT4(?,?), ref: 0135CCCA
                                                                                                                                                                                                                                  • Part of subcall function 01319B90: _wcslen.LIBCMT ref: 01319B96
                                                                                                                                                                                                                                • RpcStringFreeW.RPCRT4(?), ref: 0135CCE1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: StringUuid$CreateFree_wcslen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3476631635-0
                                                                                                                                                                                                                                • Opcode ID: 7bbb8aea692734e40ee87d7de4a2a0b796a97c4701672d5f665f493e88d2ef37
                                                                                                                                                                                                                                • Instruction ID: f1de13917fbd09442ed2ebdbeab89f0befce81b6046416cc63ea145c644193ac
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7bbb8aea692734e40ee87d7de4a2a0b796a97c4701672d5f665f493e88d2ef37
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF1154716002099BCB24DFADD8C4DAFB7FDFF44609750146AEA42E3104D624E90687A0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01321082, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                			E01321082(struct HWND__** __ecx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				intOrPtr _t18;
				long _t23;
				struct HWND__* _t24;
				struct HWND__** _t32;
				signed int _t33;
				intOrPtr* _t34;

				_t14 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t14 ^ _t33;
				_t31 = __ecx;
				_t32 = __ecx + 0x24;
				_t30 = 0;
				if( *_t32 == 0) {
					_t18 = 0xd;
					_t28 = _t34;
					_v12 = _t18;
					_v16 = _t18;
					_v20 = 0;
					_v24 = 0;
					 *_t34 = 0;
					_t30 =  &_v24;
					 *_t34 =  &_v24; // executed
					E01320DEC(_t32, L"BUTTON",  *((intOrPtr*)(__ecx + 4)), _t28, 0x13a0d00, 0x50000003, 0, __ecx); // executed
					_t24 =  *_t32;
					if(_t24 != 0) {
						_t32 =  &(_t31[0x33]);
						_t31 =  &(_t32[1]);
						if(E01314F3A(0x1321499,  &(_t32[1]), _t32) != 0) {
							_t23 = SetWindowLongW(_t24, 0xfffffffc, _t32[4]);
							if(_t23 != 0) {
								_t32[6] = _t23;
								 *_t32 = _t24;
							}
						}
					}
				}
				return E013748C1(0, _t24, _v8 ^ _t33, _t30, _t31, _t32);
			}


















                                                                                                                                                                                                                                0x01321088
                                                                                                                                                                                                                                0x0132108f
                                                                                                                                                                                                                                0x01321095
                                                                                                                                                                                                                                0x01321097
                                                                                                                                                                                                                                0x0132109a
                                                                                                                                                                                                                                0x0132109e
                                                                                                                                                                                                                                0x013210a2
                                                                                                                                                                                                                                0x013210a4
                                                                                                                                                                                                                                0x013210b1
                                                                                                                                                                                                                                0x013210b4
                                                                                                                                                                                                                                0x013210bb
                                                                                                                                                                                                                                0x013210be
                                                                                                                                                                                                                                0x013210c1
                                                                                                                                                                                                                                0x013210cb
                                                                                                                                                                                                                                0x013210cf
                                                                                                                                                                                                                                0x013210d1
                                                                                                                                                                                                                                0x013210d6
                                                                                                                                                                                                                                0x013210da
                                                                                                                                                                                                                                0x013210dc
                                                                                                                                                                                                                                0x013210e3
                                                                                                                                                                                                                                0x013210f2
                                                                                                                                                                                                                                0x013210fa
                                                                                                                                                                                                                                0x01321102
                                                                                                                                                                                                                                0x01321104
                                                                                                                                                                                                                                0x01321107
                                                                                                                                                                                                                                0x01321107
                                                                                                                                                                                                                                0x01321102
                                                                                                                                                                                                                                0x013210f2
                                                                                                                                                                                                                                0x013210da
                                                                                                                                                                                                                                0x01321119

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01320DEC: CreateWindowExW.USER32 ref: 01320E2C
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: GetCurrentProcess.KERNEL32(00000000,0000000D), ref: 01314F70
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: FlushInstructionCache.KERNEL32(00000000), ref: 01314F77
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 013210FA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$CacheCreateCurrentFlushInstructionLongProcess
                                                                                                                                                                                                                                • String ID: BUTTON
                                                                                                                                                                                                                                • API String ID: 3833653893-3405671355
                                                                                                                                                                                                                                • Opcode ID: 3f7aecd601b6a8e036c25ce539a6ca301ec7c6068f2010b17f537c3a2a72a4d1
                                                                                                                                                                                                                                • Instruction ID: c5721ac7fc95c0e0a56daf0d2a02ff2e1d563f2835b7196a3e233499d3641577
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f7aecd601b6a8e036c25ce539a6ca301ec7c6068f2010b17f537c3a2a72a4d1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B114271A00315AFD724EF6ADD5096ABBFCFF58304B20452DE559E7240E770A904CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131B8E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E0131B8E0(void* __ebx, short* __ecx, void* __edi, signed int _a4, char _a8) {
				void* __esi;
				void* __ebp;
				intOrPtr _t8;
				signed int _t12;
				void* _t16;
				short* _t17;
				void* _t18;
				signed int _t19;

				_t18 = __edi;
				_t17 = __ecx;
				_t16 = __ebx;
				_t19 = _a4;
				if(_t19 > 0x7ffffffe) {
					E013631D4("string too long");
				}
				_t8 =  *((intOrPtr*)(_t17 + 0x14));
				_t21 = _t8 - _t19;
				if(_t8 >= _t19) {
					__eflags = _a8;
					if(_a8 == 0) {
						L9:
						__eflags = _t19;
						if(_t19 == 0) {
							 *(_t17 + 0x10) =  *(_t17 + 0x10) & _t19;
							__eflags = _t8 - 8;
							if(_t8 >= 8) {
								_t17 =  *_t17;
							}
							__eflags = 0;
							 *_t17 = 0;
						}
						goto L13;
					}
					__eflags = _t19 - 8;
					if(_t19 >= 8) {
						goto L9;
					}
					_t12 =  *(_t17 + 0x10);
					__eflags = _t19 - _t12;
					if(_t19 < _t12) {
						_t12 = _t19;
					}
					E0131AA87(_t17, 1, _t12);
					goto L13;
				} else {
					_push( *(_t17 + 0x10));
					_push(_t19); // executed
					E0131C601(_t16, _t17, _t18, _t19, _t21); // executed
					L13:
					asm("sbb eax, eax");
					return  ~0x00000000;
				}
			}











                                                                                                                                                                                                                                0x0131b8e0
                                                                                                                                                                                                                                0x0131b8e0
                                                                                                                                                                                                                                0x0131b8e0
                                                                                                                                                                                                                                0x0131b8e4
                                                                                                                                                                                                                                0x0131b8ed
                                                                                                                                                                                                                                0x0131b8f4
                                                                                                                                                                                                                                0x0131b8f4
                                                                                                                                                                                                                                0x0131b8f9
                                                                                                                                                                                                                                0x0131b8fc
                                                                                                                                                                                                                                0x0131b8fe
                                                                                                                                                                                                                                0x0131b90b
                                                                                                                                                                                                                                0x0131b90f
                                                                                                                                                                                                                                0x0131b929
                                                                                                                                                                                                                                0x0131b929
                                                                                                                                                                                                                                0x0131b92b
                                                                                                                                                                                                                                0x0131b92d
                                                                                                                                                                                                                                0x0131b930
                                                                                                                                                                                                                                0x0131b933
                                                                                                                                                                                                                                0x0131b935
                                                                                                                                                                                                                                0x0131b935
                                                                                                                                                                                                                                0x0131b937
                                                                                                                                                                                                                                0x0131b939
                                                                                                                                                                                                                                0x0131b939
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131b92b
                                                                                                                                                                                                                                0x0131b911
                                                                                                                                                                                                                                0x0131b914
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131b916
                                                                                                                                                                                                                                0x0131b919
                                                                                                                                                                                                                                0x0131b91b
                                                                                                                                                                                                                                0x0131b91d
                                                                                                                                                                                                                                0x0131b91d
                                                                                                                                                                                                                                0x0131b922
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131b900
                                                                                                                                                                                                                                0x0131b900
                                                                                                                                                                                                                                0x0131b903
                                                                                                                                                                                                                                0x0131b904
                                                                                                                                                                                                                                0x0131b93c
                                                                                                                                                                                                                                0x0131b940
                                                                                                                                                                                                                                0x0131b946
                                                                                                                                                                                                                                0x0131b946

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0131B8F4
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: std::exception::exception.LIBCMT ref: 013631E9
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: __CxxThrowException@8.LIBCMT ref: 013631FE
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: std::exception::exception.LIBCMT ref: 0136320F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                                                                • API String ID: 1823113695-2556327735
                                                                                                                                                                                                                                • Opcode ID: 5257be7d53d472c7beb8bc9255081e87adfa123afd24ff1352798965c5de6f85
                                                                                                                                                                                                                                • Instruction ID: 219f11d1e8f8ca558a2dbbe140a204471d29357e547694665efa6ded68e1b5fb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5257be7d53d472c7beb8bc9255081e87adfa123afd24ff1352798965c5de6f85
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BF04C31A143645BCF1EBA7DC840AB9F67AAF0666DB200959E891CF09EC721CC4383E1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013117AF, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E013117AF(void* __ebx, char* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				void* __ebp;
				intOrPtr _t7;
				intOrPtr _t10;
				void* _t14;
				char* _t15;
				void* _t17;
				intOrPtr _t18;

				_t17 = __edi;
				_t15 = __ecx;
				_t14 = __ebx;
				_t18 = _a4;
				if(_t18 > 0xfffffffe) {
					E013631D4("string too long");
				}
				_t7 =  *((intOrPtr*)(_t15 + 0x14));
				_t20 = _t7 - _t18;
				if(_t7 >= _t18) {
					__eflags = _a8;
					if(_a8 == 0) {
						L9:
						__eflags = _t18;
						if(_t18 == 0) {
							 *((intOrPtr*)(_t15 + 0x10)) = 0;
							__eflags = _t7 - 0x10;
							if(_t7 >= 0x10) {
								_t15 =  *_t15;
							}
							 *_t15 = 0;
						}
						goto L13;
					}
					__eflags = _t18 - 0x10;
					if(_t18 >= 0x10) {
						goto L9;
					}
					_t10 =  *((intOrPtr*)(_t15 + 0x10));
					__eflags = _t18 - _t10;
					if(_t18 < _t10) {
						_t10 = _t18;
					}
					E01311524(_t15, 1, _t10);
					goto L13;
				} else {
					_push( *((intOrPtr*)(_t15 + 0x10)));
					_push(_t18); // executed
					E013118C6(_t14, _t15, _t17, _t18, _t20); // executed
					L13:
					asm("sbb eax, eax");
					return  ~0x00000000;
				}
			}











                                                                                                                                                                                                                                0x013117af
                                                                                                                                                                                                                                0x013117af
                                                                                                                                                                                                                                0x013117af
                                                                                                                                                                                                                                0x013117b3
                                                                                                                                                                                                                                0x013117b9
                                                                                                                                                                                                                                0x013117c0
                                                                                                                                                                                                                                0x013117c0
                                                                                                                                                                                                                                0x013117c5
                                                                                                                                                                                                                                0x013117c8
                                                                                                                                                                                                                                0x013117ca
                                                                                                                                                                                                                                0x013117d9
                                                                                                                                                                                                                                0x013117dc
                                                                                                                                                                                                                                0x013117f6
                                                                                                                                                                                                                                0x013117f6
                                                                                                                                                                                                                                0x013117f8
                                                                                                                                                                                                                                0x013117fa
                                                                                                                                                                                                                                0x013117fd
                                                                                                                                                                                                                                0x01311800
                                                                                                                                                                                                                                0x01311802
                                                                                                                                                                                                                                0x01311802
                                                                                                                                                                                                                                0x01311804
                                                                                                                                                                                                                                0x01311804
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013117f8
                                                                                                                                                                                                                                0x013117de
                                                                                                                                                                                                                                0x013117e1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013117e3
                                                                                                                                                                                                                                0x013117e6
                                                                                                                                                                                                                                0x013117e8
                                                                                                                                                                                                                                0x013117ea
                                                                                                                                                                                                                                0x013117ea
                                                                                                                                                                                                                                0x013117ef
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013117cc
                                                                                                                                                                                                                                0x013117cc
                                                                                                                                                                                                                                0x013117cf
                                                                                                                                                                                                                                0x013117d0
                                                                                                                                                                                                                                0x01311806
                                                                                                                                                                                                                                0x0131180a
                                                                                                                                                                                                                                0x01311810
                                                                                                                                                                                                                                0x01311810

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 013117C0
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: std::exception::exception.LIBCMT ref: 013631E9
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: __CxxThrowException@8.LIBCMT ref: 013631FE
                                                                                                                                                                                                                                  • Part of subcall function 013631D4: std::exception::exception.LIBCMT ref: 0136320F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                                                                • API String ID: 1823113695-2556327735
                                                                                                                                                                                                                                • Opcode ID: 396eb715e23cae19ff0a06fe0148dcc3beb8e1ea4795670e77c234a91bb1e4d8
                                                                                                                                                                                                                                • Instruction ID: b2ffefa31d49fe954747c84779a8a36cda09067629318cc640031d06a6f86264
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 396eb715e23cae19ff0a06fe0148dcc3beb8e1ea4795670e77c234a91bb1e4d8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9F0F631A042295BDF1DEA7C4C808FA7E99AB0261C7348965EFB1DF2CAD622C8418391
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013570B1, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E013570B1(void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				long _v8;
				void* __ebx;
				void* __ebp;
				void* _t8;
				void* _t9;
				void* _t19;
				void* _t22;

				_t19 = __edx;
				E0131A995(0x13c2de8, 0x13beff0, 0, 0xffffffff);
				 *0x13c2e20 = _a4;
				_v8 = 0;
				_t8 = CreateThread(0, 0, E01357125, 0x13c2d28, 0,  &_v8); // executed
				 *0x13c2de4 = _t8;
				if(_t8 != 0) {
					__eflags =  *0x13c2a33; // 0x0
					if(__eflags != 0) {
						_t23 = _t22 - 0x1c;
						_a4 = _t22 - 0x1c;
						E01319638(_t23, "Monitor started");
						E0134BA76(0, 0x13c2b18, _t19, __edi, __esi, __eflags);
					}
					_t9 = 1;
				} else {
					_t9 = 0;
				}
				return _t9;
			}










                                                                                                                                                                                                                                0x013570b1
                                                                                                                                                                                                                                0x013570c6
                                                                                                                                                                                                                                0x013570ce
                                                                                                                                                                                                                                0x013570e4
                                                                                                                                                                                                                                0x013570e7
                                                                                                                                                                                                                                0x013570ed
                                                                                                                                                                                                                                0x013570f4
                                                                                                                                                                                                                                0x013570fa
                                                                                                                                                                                                                                0x01357100
                                                                                                                                                                                                                                0x01357102
                                                                                                                                                                                                                                0x01357107
                                                                                                                                                                                                                                0x0135710f
                                                                                                                                                                                                                                0x01357119
                                                                                                                                                                                                                                0x01357119
                                                                                                                                                                                                                                0x0135711e
                                                                                                                                                                                                                                0x013570f6
                                                                                                                                                                                                                                0x013570f6
                                                                                                                                                                                                                                0x013570f6
                                                                                                                                                                                                                                0x01357122

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0131A995: std::_Xinvalid_argument.LIBCPMT ref: 0131A9AF
                                                                                                                                                                                                                                • CreateThread.KERNEL32 ref: 013570E7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateThreadXinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: Monitor started
                                                                                                                                                                                                                                • API String ID: 1709647009-441388819
                                                                                                                                                                                                                                • Opcode ID: b46420e5df379f93ec0fe9c74eb11ca4f52538b51b85d77eb4544cb44372104a
                                                                                                                                                                                                                                • Instruction ID: 102946b0867219d7a4425c21c0e54d19c506605fa54d0fd9e88fe231f48588f5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b46420e5df379f93ec0fe9c74eb11ca4f52538b51b85d77eb4544cb44372104a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ADF02BB460020C7FE710AFBECCC6CAB3B9DD615A9CB40052DF90247344E9716E044771
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131C601, Relevance: 3.1, APIs: 2, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                			E0131C601(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t32;
				signed int _t34;
				signed int _t36;
				signed int _t41;
				signed int _t42;
				unsigned int _t44;
				unsigned int _t52;
				signed int _t55;
				signed int _t57;
				void* _t58;

				_push(0xc);
				E0137C20C(0x1391856, __ebx, __edi, __esi);
				_t57 = __ecx;
				 *((intOrPtr*)(_t58 - 0x18)) = __ecx;
				_t55 =  *(_t58 + 8) | 0x00000007;
				if(_t55 <= 0x7ffffffe) {
					_t41 = 3;
					_t44 =  *(__ecx + 0x14);
					 *(_t58 - 0x14) = _t44;
					 *(_t58 - 0x14) =  *(_t58 - 0x14) >> 1;
					_t52 =  *(_t58 - 0x14);
					if(_t52 > _t55 / _t41) {
						_t55 = 0x7ffffffe;
						if(_t44 <= 0x7ffffffe - _t52) {
							_t55 = _t52 + _t44;
						}
					}
				} else {
					_t55 =  *(_t58 + 8);
				}
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				_t16 = _t55 + 1; // 0x7fffffff
				_push(0);
				_t32 = E0131DA60(_t16); // executed
				 *(_t58 + 8) = _t32;
				_t42 =  *(_t58 + 0xc);
				if(_t42 != 0) {
					if( *(_t57 + 0x14) < 8) {
						_t36 = _t57;
					} else {
						_t36 =  *_t57;
					}
					E013748D0( *(_t58 + 8), _t36, _t42 + _t42);
				}
				E0131AA87(_t57, 1, 0); // executed
				_t34 =  *(_t58 + 8);
				 *_t57 = _t34;
				 *(_t57 + 0x14) = _t55;
				 *(_t57 + 0x10) = _t42;
				if(_t55 < 8) {
					_t34 = _t57;
				}
				 *((short*)(_t34 + _t42 * 2)) = 0;
				return E0137C2B1(_t34);
			}













                                                                                                                                                                                                                                0x0131c601
                                                                                                                                                                                                                                0x0131c608
                                                                                                                                                                                                                                0x0131c60d
                                                                                                                                                                                                                                0x0131c60f
                                                                                                                                                                                                                                0x0131c615
                                                                                                                                                                                                                                0x0131c61e
                                                                                                                                                                                                                                0x0131c62b
                                                                                                                                                                                                                                0x0131c62e
                                                                                                                                                                                                                                0x0131c631
                                                                                                                                                                                                                                0x0131c634
                                                                                                                                                                                                                                0x0131c637
                                                                                                                                                                                                                                0x0131c63c
                                                                                                                                                                                                                                0x0131c63e
                                                                                                                                                                                                                                0x0131c649
                                                                                                                                                                                                                                0x0131c64b
                                                                                                                                                                                                                                0x0131c64b
                                                                                                                                                                                                                                0x0131c649
                                                                                                                                                                                                                                0x0131c620
                                                                                                                                                                                                                                0x0131c620
                                                                                                                                                                                                                                0x0131c620
                                                                                                                                                                                                                                0x0131c64e
                                                                                                                                                                                                                                0x0131c652
                                                                                                                                                                                                                                0x0131c655
                                                                                                                                                                                                                                0x0131c658
                                                                                                                                                                                                                                0x0131c65f
                                                                                                                                                                                                                                0x0131c68b
                                                                                                                                                                                                                                0x0131c690
                                                                                                                                                                                                                                0x0131c696
                                                                                                                                                                                                                                0x0131c69c
                                                                                                                                                                                                                                0x0131c698
                                                                                                                                                                                                                                0x0131c698
                                                                                                                                                                                                                                0x0131c698
                                                                                                                                                                                                                                0x0131c6a6
                                                                                                                                                                                                                                0x0131c6ab
                                                                                                                                                                                                                                0x0131c6b4
                                                                                                                                                                                                                                0x0131c6b9
                                                                                                                                                                                                                                0x0131c6bc
                                                                                                                                                                                                                                0x0131c6be
                                                                                                                                                                                                                                0x0131c6c1
                                                                                                                                                                                                                                0x0131c6c7
                                                                                                                                                                                                                                0x0131c6c9
                                                                                                                                                                                                                                0x0131c6c9
                                                                                                                                                                                                                                0x0131c6cd
                                                                                                                                                                                                                                0x0131c6d6

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_catch_memmove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3914490576-0
                                                                                                                                                                                                                                • Opcode ID: 688dd9796caf1438dd3be85024659d22b76d8fa34d51f6b4b7827c59bb158692
                                                                                                                                                                                                                                • Instruction ID: 878682a73a08ab01c9ce9b716c3e285deab7e838a8e0bd7249807dade729145f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 688dd9796caf1438dd3be85024659d22b76d8fa34d51f6b4b7827c59bb158692
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B21A571B442059BDB28CF58C88076DB7B5BF94728F24691DE4069B694CB70BA40CB95
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013118C6, Relevance: 3.1, APIs: 2, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                			E013118C6(void* __ebx, unsigned int __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t30;
				signed int _t32;
				signed int _t34;
				signed int _t39;
				intOrPtr _t40;
				unsigned int _t47;
				signed int _t50;
				signed int _t52;
				void* _t53;

				_t41 = __ecx;
				_push(0xc);
				E0137C20C(0x1391456, __ebx, __edi, __esi);
				_t52 = __ecx;
				 *((intOrPtr*)(_t53 - 0x18)) = __ecx;
				_t50 =  *(_t53 + 8) | 0x0000000f;
				if(_t50 <= 0xfffffffe) {
					_t39 = 3;
					_t41 =  *(__ecx + 0x14);
					 *(_t53 - 0x14) = _t41;
					 *(_t53 - 0x14) =  *(_t53 - 0x14) >> 1;
					_t47 =  *(_t53 - 0x14);
					if(_t47 > _t50 / _t39) {
						_t50 = 0xfffffffe;
						if(_t41 <= _t50 - _t47) {
							_t50 = _t47 + _t41;
						}
					}
				} else {
					_t50 =  *(_t53 + 8);
				}
				 *(_t53 - 4) =  *(_t53 - 4) & 0x00000000;
				_t16 = _t50 + 1; // 0xff
				_push(0);
				_t30 = E01311A3F(_t41, _t16); // executed
				 *(_t53 + 8) = _t30;
				_t40 =  *((intOrPtr*)(_t53 + 0xc));
				if(_t40 != 0) {
					if( *(_t52 + 0x14) < 0x10) {
						_t34 = _t52;
					} else {
						_t34 =  *_t52;
					}
					E013748D0( *(_t53 + 8), _t34, _t40);
				}
				E01311524(_t52, 1, 0);
				_t32 =  *(_t53 + 8);
				 *_t52 = _t32;
				 *(_t52 + 0x14) = _t50;
				 *((intOrPtr*)(_t52 + 0x10)) = _t40;
				if(_t50 < 0x10) {
					_t32 = _t52;
				}
				 *((char*)(_t32 + _t40)) = 0;
				return E0137C2B1(_t32);
			}












                                                                                                                                                                                                                                0x013118c6
                                                                                                                                                                                                                                0x013118c6
                                                                                                                                                                                                                                0x013118cd
                                                                                                                                                                                                                                0x013118d2
                                                                                                                                                                                                                                0x013118d4
                                                                                                                                                                                                                                0x013118da
                                                                                                                                                                                                                                0x013118e0
                                                                                                                                                                                                                                0x013118ed
                                                                                                                                                                                                                                0x013118f0
                                                                                                                                                                                                                                0x013118f3
                                                                                                                                                                                                                                0x013118f6
                                                                                                                                                                                                                                0x013118f9
                                                                                                                                                                                                                                0x013118fe
                                                                                                                                                                                                                                0x01311902
                                                                                                                                                                                                                                0x01311909
                                                                                                                                                                                                                                0x0131190b
                                                                                                                                                                                                                                0x0131190b
                                                                                                                                                                                                                                0x01311909
                                                                                                                                                                                                                                0x013118e2
                                                                                                                                                                                                                                0x013118e2
                                                                                                                                                                                                                                0x013118e2
                                                                                                                                                                                                                                0x0131190e
                                                                                                                                                                                                                                0x01311912
                                                                                                                                                                                                                                0x01311915
                                                                                                                                                                                                                                0x01311918
                                                                                                                                                                                                                                0x0131191f
                                                                                                                                                                                                                                0x0131194b
                                                                                                                                                                                                                                0x01311950
                                                                                                                                                                                                                                0x01311956
                                                                                                                                                                                                                                0x0131195c
                                                                                                                                                                                                                                0x01311958
                                                                                                                                                                                                                                0x01311958
                                                                                                                                                                                                                                0x01311958
                                                                                                                                                                                                                                0x01311963
                                                                                                                                                                                                                                0x01311968
                                                                                                                                                                                                                                0x01311971
                                                                                                                                                                                                                                0x01311976
                                                                                                                                                                                                                                0x01311979
                                                                                                                                                                                                                                0x0131197b
                                                                                                                                                                                                                                0x0131197e
                                                                                                                                                                                                                                0x01311984
                                                                                                                                                                                                                                0x01311986
                                                                                                                                                                                                                                0x01311986
                                                                                                                                                                                                                                0x01311988
                                                                                                                                                                                                                                0x01311991

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_catch_memmove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3914490576-0
                                                                                                                                                                                                                                • Opcode ID: f59f56c2b34fb07fe1a28eb90a4aacd8a88b85aa7d6b8571f66d7a0db117adc9
                                                                                                                                                                                                                                • Instruction ID: 1000bb0704fe37aee9381e745b625591791d035cca7f5c84451f01b0fa2d0cad
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f59f56c2b34fb07fe1a28eb90a4aacd8a88b85aa7d6b8571f66d7a0db117adc9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6211DA31B0020A9BEB28DF6CC84079DBBB7AB94714F104119E665AF2C4C771AE40C7D5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01347E09, Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E01347E09(struct HMENU__* __ebx, void* __eflags, struct HWND__* _a4, int* _a8, WCHAR* _a12, signed int _a16, long _a20, struct HMENU__* _a24, signed short _a28) {
				void* __edi;
				void* __esi;
				int* _t24;
				struct HWND__* _t28;

				_t34 = __ebx + 8;
				if(E01314F3A(0, __ebx + 8, 0) != 0) {
					if(_a28 == 0) {
						L2:
						return 0;
					}
					E01311DB3(__ebx, _t34);
					if(_a24 == 0 && (_a16 & 0x40000000) != 0) {
						_a24 = __ebx;
					}
					_t24 = _a8;
					if(_t24 == 0) {
						_t24 = 0x13bdefc;
						_a8 = 0x13bdefc;
					}
					_t10 =  &(_t24[1]); // 0x80000000
					_t11 =  &(_t24[3]); // 0x0
					_t12 =  &(_t24[2]); // 0x0
					_t28 = CreateWindowExW(_a20, _a28 & 0x0000ffff, _a12, _a16,  *_t24,  *_t10,  *_t12 -  *_t24,  *_t11 -  *_t10, _a4, _a24,  *0x13c1728, 0); // executed
					return _t28;
				}
				SetLastError(0xe);
				goto L2;
			}







                                                                                                                                                                                                                                0x01347e0e
                                                                                                                                                                                                                                0x01347e1e
                                                                                                                                                                                                                                0x01347e32
                                                                                                                                                                                                                                0x01347e28
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01347e28
                                                                                                                                                                                                                                0x01347e36
                                                                                                                                                                                                                                0x01347e3e
                                                                                                                                                                                                                                0x01347e49
                                                                                                                                                                                                                                0x01347e49
                                                                                                                                                                                                                                0x01347e4c
                                                                                                                                                                                                                                0x01347e51
                                                                                                                                                                                                                                0x01347e53
                                                                                                                                                                                                                                0x01347e58
                                                                                                                                                                                                                                0x01347e58
                                                                                                                                                                                                                                0x01347e5b
                                                                                                                                                                                                                                0x01347e5e
                                                                                                                                                                                                                                0x01347e63
                                                                                                                                                                                                                                0x01347e89
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01347e89
                                                                                                                                                                                                                                0x01347e22
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: GetCurrentProcess.KERNEL32(00000000,0000000D), ref: 01314F70
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: FlushInstructionCache.KERNEL32(00000000), ref: 01314F77
                                                                                                                                                                                                                                • SetLastError.KERNEL32(0000000E,00000000,?,?,01315163,00000000,00000000,AXWIN Frame Window,00CF0000,00000000,00000000,?), ref: 01347E22
                                                                                                                                                                                                                                • CreateWindowExW.USER32 ref: 01347E89
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CacheCreateCurrentErrorFlushInstructionLastProcessWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 852167079-0
                                                                                                                                                                                                                                • Opcode ID: b08663610b2a3aee25890751e8c1935e5f7ceb1f6df4cbc2467a27301ff0d610
                                                                                                                                                                                                                                • Instruction ID: f9d1a0489f641e3774ca73af006bf04777885ee4d88844f9032fb81a7962c2dc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b08663610b2a3aee25890751e8c1935e5f7ceb1f6df4cbc2467a27301ff0d610
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0611A136100109EFDB218F6ADD44EEB3BE9EB88354F058219FE099B121D735ED91DBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131DA60, Relevance: 3.0, APIs: 2, Instructions: 27COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 34%
                                                                                                                                                                                                                                			E0131DA60(signed int _a4) {
				char _v16;
				void* _t9;
				signed int _t15;
				void* _t18;
				void* _t19;

				_t15 = _a4;
				_t9 = 0;
				if(_t15 != 0) {
					_t23 = _t15 - 0x7fffffff;
					if(_t15 > 0x7fffffff) {
						L3:
						_a4 = _a4 & 0x00000000;
						E01374CB9( &_v16,  &_a4);
						_v16 = 0x139c8ac;
						return E0137BD1E( &_v16, 0x13b041c);
					}
					_push(_t15 + _t15); // executed
					_t9 = E013753A6(_t18, _t19, _t23); // executed
					if(0 == 0) {
						goto L3;
					}
				}
				return _t9;
			}








                                                                                                                                                                                                                                0x0131da63
                                                                                                                                                                                                                                0x0131da69
                                                                                                                                                                                                                                0x0131da6d
                                                                                                                                                                                                                                0x0131da6f
                                                                                                                                                                                                                                0x0131da75
                                                                                                                                                                                                                                0x0131da85
                                                                                                                                                                                                                                0x0131da85
                                                                                                                                                                                                                                0x0131da90
                                                                                                                                                                                                                                0x0131da9e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131daa5
                                                                                                                                                                                                                                0x0131da7a
                                                                                                                                                                                                                                0x0131da7b
                                                                                                                                                                                                                                0x0131da83
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131da83
                                                                                                                                                                                                                                0x0131daab

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 0131DA90
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 0131DAA5
                                                                                                                                                                                                                                  • Part of subcall function 013753A6: _malloc.LIBCMT ref: 013753C0
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4063778783-0
                                                                                                                                                                                                                                • Opcode ID: eb9d74f1e3bf39ca52c942a18bb4b4e817f2c93e1b50694a2c16424923dacdf2
                                                                                                                                                                                                                                • Instruction ID: 814f0e050e714cb5e953a47145f0f1aeb1c5c423acf1a6c5e9796a1c0a912522
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb9d74f1e3bf39ca52c942a18bb4b4e817f2c93e1b50694a2c16424923dacdf2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7DE0653590020EABEF28EBA9D454ADE77EC5F1525CF10426DE911D5048EB74E2048A91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01311A3F, Relevance: 3.0, APIs: 2, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 33%
                                                                                                                                                                                                                                			E01311A3F(void* __ecx, signed int _a4) {
				char _v16;
				void* _t10;
				void* _t18;
				void* _t19;

				_t10 = 0;
				if(_a4 > 0) {
					_t23 = _a4 - 0xffffffff;
					if(_a4 > 0xffffffff) {
						L3:
						_a4 = _a4 & 0x00000000;
						E01374CB9( &_v16,  &_a4);
						_v16 = 0x139c8ac;
						return E0137BD1E( &_v16, 0x13b041c);
					}
					_push(_a4);
					_t10 = E013753A6(_t18, _t19, _t23); // executed
					if(0 == 0) {
						goto L3;
					}
				}
				return _t10;
			}







                                                                                                                                                                                                                                0x01311a42
                                                                                                                                                                                                                                0x01311a4a
                                                                                                                                                                                                                                0x01311a4c
                                                                                                                                                                                                                                0x01311a50
                                                                                                                                                                                                                                0x01311a5f
                                                                                                                                                                                                                                0x01311a5f
                                                                                                                                                                                                                                0x01311a6a
                                                                                                                                                                                                                                0x01311a78
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01311a7f
                                                                                                                                                                                                                                0x01311a52
                                                                                                                                                                                                                                0x01311a55
                                                                                                                                                                                                                                0x01311a5d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01311a5d
                                                                                                                                                                                                                                0x01311a85

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::exception::exception.LIBCMT ref: 01311A6A
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 01311A7F
                                                                                                                                                                                                                                  • Part of subcall function 013753A6: _malloc.LIBCMT ref: 013753C0
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4063778783-0
                                                                                                                                                                                                                                • Opcode ID: 8ae283abbe226050098a98f31daeadaecc09fba04c65da4da17588c71baa8540
                                                                                                                                                                                                                                • Instruction ID: 761aa03b2d155a8a885d1cd3412b4eecc82756e5ae8a68317e1c7bb0110d0bcd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ae283abbe226050098a98f31daeadaecc09fba04c65da4da17588c71baa8540
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ABE0123590020EBBDF28EF79D845ACD7FFC9B102ADF10C169EA1495194EB74D644CB92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013124A4, Relevance: 3.0, APIs: 2, Instructions: 20registrystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E013124A4(void** _a4, short* _a8, char* _a12) {
				long _t11;
				void* _t12;

				if(_a12 != 0) {
					_t11 = RegSetValueExW( *_a4, _a8, 0, 1, _a12, lstrlenW(_a12) + _t8 + 2); // executed
					return _t11;
				}
				_t12 = 0xd;
				return _t12;
			}





                                                                                                                                                                                                                                0x013124ab
                                                                                                                                                                                                                                0x013124cf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013124cf
                                                                                                                                                                                                                                0x013124af
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00000000,?,01313034,?,?,?,A1D783FF,00000000,?,00000000,?,?,01391934,000000FF,?,01313776), ref: 013124B5
                                                                                                                                                                                                                                • RegSetValueExW.KERNEL32(?,?,00000000,00000001,00000000,?,?,01313034,?,?,?,A1D783FF,00000000,?,00000000,?), ref: 013124CF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Valuelstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 799288031-0
                                                                                                                                                                                                                                • Opcode ID: 9aab595353b3c88ea7e4985d164fd3a10c5264bb41fc01e322513493d2467768
                                                                                                                                                                                                                                • Instruction ID: 945d45fd6af626a40576a8759a8fd1d5838e490420a110cd1aadf8a3b8abc1c4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9aab595353b3c88ea7e4985d164fd3a10c5264bb41fc01e322513493d2467768
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91E0EC3514024EFFDF218F80DC49FAA3BB9FB18714F108415FA15995A5DBB2D5A0DBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01378F2D, Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E01378F2D(int _a4) {

				E01378F02(_a4);
				ExitProcess(_a4);
			}



                                                                                                                                                                                                                                0x01378f35
                                                                                                                                                                                                                                0x01378f3e

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___crtCorExitProcess.LIBCMT ref: 01378F35
                                                                                                                                                                                                                                  • Part of subcall function 01378F02: GetModuleHandleW.KERNEL32(mscoree.dll,?,01378F3A,?,?,01376C46,000000FF,0000001E,00000001,00000000,00000000,?,0137C61D,?,00000001,?), ref: 01378F0C
                                                                                                                                                                                                                                  • Part of subcall function 01378F02: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 01378F1C
                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 01378F3E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2427264223-0
                                                                                                                                                                                                                                • Opcode ID: 50bbbf5204a4c69a5b983531aaeb5ab5e7ecd310a0fcea31fe382a09d2bd6e62
                                                                                                                                                                                                                                • Instruction ID: 0791385d6496c5d4105c1add58d521ee25976f24b1303badb74702ec6014aca2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50bbbf5204a4c69a5b983531aaeb5ab5e7ecd310a0fcea31fe382a09d2bd6e62
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7B0923100410DBFCF222F5AEC0EC893F2AEB803A0B108060F90809020DF72AD929AA4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135C990, Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 92%
                                                                                                                                                                                                                                			E0135C990(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t48;
				void* _t50;
				void* _t51;
				void* _t55;
				void* _t57;
				void* _t60;
				void* _t62;
				void* _t68;
				void* _t110;

				_t99 = __edx;
				_push(0x98);
				E0137C242(0x13927a5, __ebx, __edi, __esi);
				_t104 = 0;
				_t102 = __edx;
				_t82 = __ecx;
				 *((intOrPtr*)(_t110 - 0xa0)) = __ecx;
				 *((intOrPtr*)(_t110 - 0xa4)) = 0;
				if( *((intOrPtr*)(__edx + 0x10)) != 0) {
					_t48 = 7;
					 *((intOrPtr*)(_t110 - 0x88)) = _t48;
					 *((intOrPtr*)(_t110 - 0x8c)) = 0;
					 *((short*)(_t110 - 0x9c)) = 0;
					 *((intOrPtr*)(_t110 - 4)) = 0;
					 *((intOrPtr*)(_t110 - 0x18)) = _t48;
					 *((intOrPtr*)(_t110 - 0x1c)) = 0;
					 *((short*)(_t110 - 0x2c)) = 0;
					 *((intOrPtr*)(_t110 - 0x6c)) = _t48;
					 *((intOrPtr*)(_t110 - 0x70)) = 0;
					 *((short*)(_t110 - 0x80)) = 0;
					 *((intOrPtr*)(_t110 - 0x50)) = _t48;
					 *((intOrPtr*)(_t110 - 0x54)) = 0;
					 *((short*)(_t110 - 0x64)) = 0;
					 *((char*)(_t110 - 4)) = 3;
					_t50 = E0132618B(0, 0, __edx, __eflags, "\\");
					_t105 = _t110 - 0x48;
					_t51 = E01319C49(0, _t110 - 0x48, _t102, 0, _t50);
					 *((char*)(_t110 - 4)) = 4;
					E0131A941(_t110 - 0x9c, _t51);
					 *((char*)(_t110 - 4)) = 3;
					E0131AA87(_t110 - 0x48, 1, 0);
					_t55 = E0132618B(0, _t105, _t102, __eflags, "\\");
					_t106 = _t110 - 0x48;
					_t57 = E01319C49(_t105, _t110 - 0x48, _t102, _t55 + 1,  *((intOrPtr*)(_t102 + 0x10)));
					 *((char*)(_t110 - 4)) = 5;
					E0131A941(_t110 - 0x2c, _t57);
					 *((char*)(_t110 - 4)) = 3;
					E0131AA87(_t110 - 0x48, 1, 0);
					_t82 = _t110 - 0x2c;
					_t60 = E01319BC7(_t110 - 0x2c, _t106, _t99, __eflags, "\\");
					_t102 = 0;
					_t107 = _t110 - 0x48;
					_t62 = E01319C49(_t106, _t110 - 0x48, _t110 - 0x2c, 0, _t60);
					 *((char*)(_t110 - 4)) = 6;
					E0131A941(_t110 - 0x80, _t62);
					 *((char*)(_t110 - 4)) = 3;
					E0131AA87(_t110 - 0x48, 1, 0);
					_t68 = E01319C49(_t107, _t110 - 0x48, _t110 - 0x2c, E01319BC7(_t110 - 0x2c, _t107, _t99, __eflags, "\\") + 1,  *((intOrPtr*)(_t110 - 0x1c)));
					 *((char*)(_t110 - 4)) = 7;
					E0131A941(_t110 - 0x64, _t68);
					_t104 = 1;
					__eflags = 1;
					 *((char*)(_t110 - 4)) = 3;
					E0131AA87(_t110 - 0x48, 1, 0);
					_push(0);
					_push(_t110 - 0x64);
					_push( *((intOrPtr*)(_t110 - 0xa0)));
					E0135CB2A(_t82, _t110 - 0x9c, _t110 - 0x80, 0, 1, __eflags); // executed
					E0131AA87(_t110 - 0x64, 1, 0);
					E0131AA87(_t110 - 0x80, 1, 0);
					E0131AA87(_t82, 1, 0);
					E0131AA87(_t110 - 0x9c, 1, 0);
				} else {
					E01319B30(__ecx, 0x13a0d00);
				}
				return E0137C2C5(_t82, _t102, _t104);
			}












                                                                                                                                                                                                                                0x0135c990
                                                                                                                                                                                                                                0x0135c990
                                                                                                                                                                                                                                0x0135c99a
                                                                                                                                                                                                                                0x0135c99f
                                                                                                                                                                                                                                0x0135c9a1
                                                                                                                                                                                                                                0x0135c9a3
                                                                                                                                                                                                                                0x0135c9a5
                                                                                                                                                                                                                                0x0135c9ab
                                                                                                                                                                                                                                0x0135c9b4
                                                                                                                                                                                                                                0x0135c9c9
                                                                                                                                                                                                                                0x0135c9cc
                                                                                                                                                                                                                                0x0135c9d2
                                                                                                                                                                                                                                0x0135c9d8
                                                                                                                                                                                                                                0x0135c9df
                                                                                                                                                                                                                                0x0135c9e2
                                                                                                                                                                                                                                0x0135c9e5
                                                                                                                                                                                                                                0x0135c9e8
                                                                                                                                                                                                                                0x0135c9ec
                                                                                                                                                                                                                                0x0135c9ef
                                                                                                                                                                                                                                0x0135c9f2
                                                                                                                                                                                                                                0x0135c9f6
                                                                                                                                                                                                                                0x0135c9fb
                                                                                                                                                                                                                                0x0135c9fe
                                                                                                                                                                                                                                0x0135ca08
                                                                                                                                                                                                                                0x0135ca0c
                                                                                                                                                                                                                                0x0135ca14
                                                                                                                                                                                                                                0x0135ca17
                                                                                                                                                                                                                                0x0135ca23
                                                                                                                                                                                                                                0x0135ca27
                                                                                                                                                                                                                                0x0135ca32
                                                                                                                                                                                                                                0x0135ca36
                                                                                                                                                                                                                                0x0135ca41
                                                                                                                                                                                                                                0x0135ca49
                                                                                                                                                                                                                                0x0135ca4c
                                                                                                                                                                                                                                0x0135ca55
                                                                                                                                                                                                                                0x0135ca59
                                                                                                                                                                                                                                0x0135ca64
                                                                                                                                                                                                                                0x0135ca68
                                                                                                                                                                                                                                0x0135ca6e
                                                                                                                                                                                                                                0x0135ca71
                                                                                                                                                                                                                                0x0135ca77
                                                                                                                                                                                                                                0x0135ca7d
                                                                                                                                                                                                                                0x0135ca80
                                                                                                                                                                                                                                0x0135ca89
                                                                                                                                                                                                                                0x0135ca8d
                                                                                                                                                                                                                                0x0135ca97
                                                                                                                                                                                                                                0x0135ca9b
                                                                                                                                                                                                                                0x0135cab5
                                                                                                                                                                                                                                0x0135cabe
                                                                                                                                                                                                                                0x0135cac2
                                                                                                                                                                                                                                0x0135caca
                                                                                                                                                                                                                                0x0135caca
                                                                                                                                                                                                                                0x0135cacf
                                                                                                                                                                                                                                0x0135cad3
                                                                                                                                                                                                                                0x0135cad8
                                                                                                                                                                                                                                0x0135cadc
                                                                                                                                                                                                                                0x0135cadd
                                                                                                                                                                                                                                0x0135caec
                                                                                                                                                                                                                                0x0135caf9
                                                                                                                                                                                                                                0x0135cb03
                                                                                                                                                                                                                                0x0135cb0c
                                                                                                                                                                                                                                0x0135cb19
                                                                                                                                                                                                                                0x0135c9b6
                                                                                                                                                                                                                                0x0135c9bb
                                                                                                                                                                                                                                0x0135c9c0
                                                                                                                                                                                                                                0x0135cb29

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135C99A
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3__wcslen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3251556500-0
                                                                                                                                                                                                                                • Opcode ID: 62a098c3226a8189609521d44b336a7ebc75fb629429af52ce4916cc758db2e8
                                                                                                                                                                                                                                • Instruction ID: 41cfcb47f86cee9334a2cff86cb7d158f8bf9d469247215f6a655225b1f72847
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62a098c3226a8189609521d44b336a7ebc75fb629429af52ce4916cc758db2e8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD419071D012A9EAEB14EBACCD50FEEBBBCEF65708F104159E44AB3144CA701E05CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131B7E3, Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                			E0131B7E3(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* __ebx;
				void* __edi;
				void* _t12;
				intOrPtr* _t14;
				intOrPtr* _t16;
				intOrPtr* _t17;
				void* _t19;
				void* _t20;
				intOrPtr _t27;
				intOrPtr* _t30;

				_t26 = _a4;
				_t30 = __ecx;
				if(E0131C6EE(__ecx, _a4) == 0) {
					_t27 = _a8;
					_t12 = E0131B8E0(_t19, __ecx, _t27, _t27, 0); // executed
					if(_t12 != 0) {
						if( *((intOrPtr*)(__ecx + 0x14)) < 8) {
							_t14 = __ecx;
						} else {
							_t14 =  *__ecx;
						}
						_push(_t19);
						_t20 = _t27 + _t27;
						E013748D0(_t14, _a4, _t20);
						 *((intOrPtr*)(_t30 + 0x10)) = _t27;
						if( *((intOrPtr*)(_t30 + 0x14)) < 8) {
							_t16 = _t30;
						} else {
							_t16 =  *_t30;
						}
						 *((short*)(_t20 + _t16)) = 0;
					}
					return _t30;
				}
				if( *((intOrPtr*)(__ecx + 0x14)) < 8) {
					_t17 = __ecx;
				} else {
					_t17 =  *__ecx;
				}
				return E0131A995(_t30, _t30, _t26 - _t17 >> 1, _a8);
			}













                                                                                                                                                                                                                                0x0131b7e8
                                                                                                                                                                                                                                0x0131b7ec
                                                                                                                                                                                                                                0x0131b7f5
                                                                                                                                                                                                                                0x0131b815
                                                                                                                                                                                                                                0x0131b81d
                                                                                                                                                                                                                                0x0131b824
                                                                                                                                                                                                                                0x0131b82a
                                                                                                                                                                                                                                0x0131b830
                                                                                                                                                                                                                                0x0131b82c
                                                                                                                                                                                                                                0x0131b82c
                                                                                                                                                                                                                                0x0131b82c
                                                                                                                                                                                                                                0x0131b832
                                                                                                                                                                                                                                0x0131b833
                                                                                                                                                                                                                                0x0131b83b
                                                                                                                                                                                                                                0x0131b847
                                                                                                                                                                                                                                0x0131b84a
                                                                                                                                                                                                                                0x0131b850
                                                                                                                                                                                                                                0x0131b84c
                                                                                                                                                                                                                                0x0131b84c
                                                                                                                                                                                                                                0x0131b84c
                                                                                                                                                                                                                                0x0131b854
                                                                                                                                                                                                                                0x0131b858
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131b859
                                                                                                                                                                                                                                0x0131b7fb
                                                                                                                                                                                                                                0x0131b801
                                                                                                                                                                                                                                0x0131b7fd
                                                                                                                                                                                                                                0x0131b7fd
                                                                                                                                                                                                                                0x0131b7fd
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                                                                                                                • Opcode ID: 18e0d73221fd0a2e9210dea2c949ca43fe149a9c1bdd5001d0a583fa4c59fbf7
                                                                                                                                                                                                                                • Instruction ID: e13d848a58fa7c7ceba68217deaf72a48b79e1ac35273c692322ef78b518b8cd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18e0d73221fd0a2e9210dea2c949ca43fe149a9c1bdd5001d0a583fa4c59fbf7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9001C432600248EFCB289E5D9C44956FFB9EF45E69704081EFD4587208D731E915CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01311568, Relevance: 1.6, APIs: 1, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E01311568(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* __ebx;
				void* __edi;
				void* _t10;
				intOrPtr* _t12;
				intOrPtr* _t14;
				intOrPtr* _t15;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t17 = _a4;
				_t25 = __ecx;
				if(E01311813(__ecx, _a4) == 0) {
					_t23 = _a8;
					_t10 = E013117AF(_t17, __ecx, _t23, _t23, 0); // executed
					if(_t10 != 0) {
						if( *((intOrPtr*)(__ecx + 0x14)) < 0x10) {
							_t12 = __ecx;
						} else {
							_t12 =  *__ecx;
						}
						E013748D0(_t12, _t17, _t23);
						 *((intOrPtr*)(_t25 + 0x10)) = _t23;
						if( *((intOrPtr*)(_t25 + 0x14)) < 0x10) {
							_t14 = _t25;
						} else {
							_t14 =  *_t25;
						}
						 *((char*)(_t14 + _t23)) = 0;
					}
					return _t25;
				}
				if( *((intOrPtr*)(__ecx + 0x14)) < 0x10) {
					_t15 = __ecx;
				} else {
					_t15 =  *__ecx;
				}
				return E01311716(_t25, _t25, _t17 - _t15, _a8);
			}











                                                                                                                                                                                                                                0x0131156c
                                                                                                                                                                                                                                0x01311571
                                                                                                                                                                                                                                0x0131157a
                                                                                                                                                                                                                                0x01311599
                                                                                                                                                                                                                                0x013115a1
                                                                                                                                                                                                                                0x013115a8
                                                                                                                                                                                                                                0x013115ae
                                                                                                                                                                                                                                0x013115b4
                                                                                                                                                                                                                                0x013115b0
                                                                                                                                                                                                                                0x013115b0
                                                                                                                                                                                                                                0x013115b0
                                                                                                                                                                                                                                0x013115b9
                                                                                                                                                                                                                                0x013115c5
                                                                                                                                                                                                                                0x013115c8
                                                                                                                                                                                                                                0x013115ce
                                                                                                                                                                                                                                0x013115ca
                                                                                                                                                                                                                                0x013115ca
                                                                                                                                                                                                                                0x013115ca
                                                                                                                                                                                                                                0x013115d0
                                                                                                                                                                                                                                0x013115d0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013115d6
                                                                                                                                                                                                                                0x01311580
                                                                                                                                                                                                                                0x01311586
                                                                                                                                                                                                                                0x01311582
                                                                                                                                                                                                                                0x01311582
                                                                                                                                                                                                                                0x01311582
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                                                                                                                • Opcode ID: 4ab8fcff7e3eaf130ba3d070f8a9f4904444e49529b62113dac60e3f3611e277
                                                                                                                                                                                                                                • Instruction ID: 836792e94cf183eb77ce4dd8128a1bb3ee95f5095b911380cc34124aab8e7151
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ab8fcff7e3eaf130ba3d070f8a9f4904444e49529b62113dac60e3f3611e277
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC01B131300218EBDB389E6E98409EBBFADDB51668B080519F74787644DBA2D90087E5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135C50C, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                			E0135C50C(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t29;
				void* _t31;
				void* _t34;
				void* _t40;
				void* _t51;
				void* _t53;
				void* _t54;

				_t54 = __eflags;
				_t52 = __esi;
				_t41 = __ecx;
				_push(0x4c);
				E0137C242(0x1395be2, __ebx, __edi, __esi);
				 *(_t53 - 0x1c) =  *(_t53 - 0x1c) & 0x00000000;
				 *((intOrPtr*)(_t53 - 0x4c)) =  *((intOrPtr*)(_t53 + 8));
				 *((intOrPtr*)(_t53 - 0x54)) =  *((intOrPtr*)(_t53 + 0xc));
				_t51 = __ecx;
				 *((intOrPtr*)(_t53 - 0x18)) = 7;
				 *((short*)(_t53 - 0x2c)) = 0;
				 *(_t53 - 4) =  *(_t53 - 4) & 0;
				_t39 = _t53 - 0x50;
				if(E0135C6CB(_t53 - 0x50, __ecx, __edx, __ecx, __esi, _t54) != 0) {
					_t29 = E0132618B(0, _t41, _t51, __eflags, "\\");
					_t52 = _t53 - 0x48;
					_t31 = E01319C49(_t41, _t53 - 0x48, _t51, _t29 + 1,  *((intOrPtr*)(_t51 + 0x10)));
					 *(_t53 - 4) = 1;
					E0131A941(_t53 - 0x2c, _t31);
					 *(_t53 - 4) = 0;
					E0131AA87(_t52, 1, 0);
					_push( *((intOrPtr*)(_t53 - 0x54)));
					_push( *((intOrPtr*)(_t53 - 0x50)));
					_t34 = E0135C7D4(_t39,  *((intOrPtr*)(_t53 - 0x4c)), _t53 - 0x2c, _t51, _t52, __eflags); // executed
					_t40 = _t34;
				} else {
					_t40 = 0;
				}
				E0131AA87(_t53 - 0x2c, 1, 0);
				return E0137C2C5(_t40, _t51, _t52);
			}










                                                                                                                                                                                                                                0x0135c50c
                                                                                                                                                                                                                                0x0135c50c
                                                                                                                                                                                                                                0x0135c50c
                                                                                                                                                                                                                                0x0135c50c
                                                                                                                                                                                                                                0x0135c513
                                                                                                                                                                                                                                0x0135c51b
                                                                                                                                                                                                                                0x0135c51f
                                                                                                                                                                                                                                0x0135c525
                                                                                                                                                                                                                                0x0135c52a
                                                                                                                                                                                                                                0x0135c52c
                                                                                                                                                                                                                                0x0135c533
                                                                                                                                                                                                                                0x0135c537
                                                                                                                                                                                                                                0x0135c53a
                                                                                                                                                                                                                                0x0135c544
                                                                                                                                                                                                                                0x0135c566
                                                                                                                                                                                                                                0x0135c56e
                                                                                                                                                                                                                                0x0135c571
                                                                                                                                                                                                                                0x0135c57a
                                                                                                                                                                                                                                0x0135c57e
                                                                                                                                                                                                                                0x0135c589
                                                                                                                                                                                                                                0x0135c58d
                                                                                                                                                                                                                                0x0135c592
                                                                                                                                                                                                                                0x0135c598
                                                                                                                                                                                                                                0x0135c59e
                                                                                                                                                                                                                                0x0135c5a5
                                                                                                                                                                                                                                0x0135c546
                                                                                                                                                                                                                                0x0135c546
                                                                                                                                                                                                                                0x0135c546
                                                                                                                                                                                                                                0x0135c54f
                                                                                                                                                                                                                                0x0135c55b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135C513
                                                                                                                                                                                                                                  • Part of subcall function 0135C6CB: __EH_prolog3_GS.LIBCMT ref: 0135C6D2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2427045233-0
                                                                                                                                                                                                                                • Opcode ID: c214b62746bc05fe80b0014eb698cc584a2ab85a9c815e1a333d793c7473b180
                                                                                                                                                                                                                                • Instruction ID: 5c90abda81cb2e1f47c62147f5a7a2e9c5cd126e75c5049207ff84fa8ae8862c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c214b62746bc05fe80b0014eb698cc584a2ab85a9c815e1a333d793c7473b180
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19117071E44249EEDF04EBECC841BEDB7B4AF1470DF109015D815BB184CAB56A08CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0137EE5A, Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                			E0137EE5A(signed int _a4, signed int _a8, long _a12) {
				void* _t10;
				long _t11;
				long _t12;
				signed int _t13;
				signed int _t17;
				long _t19;
				long _t24;

				_t17 = _a4;
				if(_t17 == 0) {
					L3:
					_t24 = _t17 * _a8;
					__eflags = _t24;
					if(_t24 == 0) {
						_t24 = _t24 + 1;
						__eflags = _t24;
					}
					goto L5;
					L6:
					_t10 = RtlAllocateHeap( *0x13c1e9c, 8, _t24); // executed
					__eflags = 0;
					if(0 == 0) {
						goto L7;
					}
					L14:
					return _t10;
					goto L15;
					L7:
					__eflags =  *0x13c24e0;
					if( *0x13c24e0 == 0) {
						_t19 = _a12;
						__eflags = _t19;
						if(_t19 != 0) {
							 *_t19 = 0xc;
						}
					} else {
						_t11 = E0137F2CE(_t10, _t24);
						__eflags = _t11;
						if(_t11 != 0) {
							L5:
							_t10 = 0;
							__eflags = _t24 - 0xffffffe0;
							if(_t24 > 0xffffffe0) {
								goto L7;
							} else {
								goto L6;
							}
						} else {
							_t12 = _a12;
							__eflags = _t12;
							if(_t12 != 0) {
								 *_t12 = 0xc;
							}
							_t10 = 0;
						}
					}
					goto L14;
				} else {
					_t13 = 0xffffffe0;
					_t27 = _t13 / _t17 - _a8;
					if(_t13 / _t17 >= _a8) {
						goto L3;
					} else {
						 *((intOrPtr*)(E0137BDAC(_t27))) = 0xc;
						return 0;
					}
				}
				L15:
			}










                                                                                                                                                                                                                                0x0137ee5f
                                                                                                                                                                                                                                0x0137ee64
                                                                                                                                                                                                                                0x0137ee81
                                                                                                                                                                                                                                0x0137ee86
                                                                                                                                                                                                                                0x0137ee88
                                                                                                                                                                                                                                0x0137ee8a
                                                                                                                                                                                                                                0x0137ee8c
                                                                                                                                                                                                                                0x0137ee8c
                                                                                                                                                                                                                                0x0137ee8c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137ee94
                                                                                                                                                                                                                                0x0137ee9d
                                                                                                                                                                                                                                0x0137eea3
                                                                                                                                                                                                                                0x0137eea5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137eed9
                                                                                                                                                                                                                                0x0137eedb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137eea7
                                                                                                                                                                                                                                0x0137eea7
                                                                                                                                                                                                                                0x0137eeae
                                                                                                                                                                                                                                0x0137eecc
                                                                                                                                                                                                                                0x0137eecf
                                                                                                                                                                                                                                0x0137eed1
                                                                                                                                                                                                                                0x0137eed3
                                                                                                                                                                                                                                0x0137eed3
                                                                                                                                                                                                                                0x0137eeb0
                                                                                                                                                                                                                                0x0137eeb1
                                                                                                                                                                                                                                0x0137eeb7
                                                                                                                                                                                                                                0x0137eeb9
                                                                                                                                                                                                                                0x0137ee8d
                                                                                                                                                                                                                                0x0137ee8d
                                                                                                                                                                                                                                0x0137ee8f
                                                                                                                                                                                                                                0x0137ee92
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137eebb
                                                                                                                                                                                                                                0x0137eebb
                                                                                                                                                                                                                                0x0137eebe
                                                                                                                                                                                                                                0x0137eec0
                                                                                                                                                                                                                                0x0137eec2
                                                                                                                                                                                                                                0x0137eec2
                                                                                                                                                                                                                                0x0137eec8
                                                                                                                                                                                                                                0x0137eec8
                                                                                                                                                                                                                                0x0137eeb9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137ee66
                                                                                                                                                                                                                                0x0137ee6a
                                                                                                                                                                                                                                0x0137ee6d
                                                                                                                                                                                                                                0x0137ee70
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137ee72
                                                                                                                                                                                                                                0x0137ee77
                                                                                                                                                                                                                                0x0137ee80
                                                                                                                                                                                                                                0x0137ee80
                                                                                                                                                                                                                                0x0137ee70
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0137C667,01381389,?,00000000,00000000,00000000,?,01381389,00000001,00000214,?,01357857), ref: 0137EE9D
                                                                                                                                                                                                                                  • Part of subcall function 0137BDAC: __getptd_noexit.LIBCMT ref: 0137BDAC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeap__getptd_noexit
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 328603210-0
                                                                                                                                                                                                                                • Opcode ID: f4fc35e5616123835d2d9ebed05d835146d03542f8107e9667fef10a6348afd4
                                                                                                                                                                                                                                • Instruction ID: 08fe7def3198a2414f4ed079b09e7923aa84a9583c7509d0d3416feffcf017cb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4fc35e5616123835d2d9ebed05d835146d03542f8107e9667fef10a6348afd4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E01D4312012159BFB399E7DDC44B6B37A9AB81368F044EB9E81EDB990D778D800C780
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013291B1, Relevance: 1.5, APIs: 1, Instructions: 45registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E013291B1(void* __ecx, char* __edi, signed int* __esi, void** _a4, int _a8) {
				int _v8;
				long _t19;
				unsigned int _t20;
				void* _t23;
				char* _t28;
				unsigned int* _t29;

				_t29 = __esi;
				_t28 = __edi;
				 *__esi =  *__esi & 0x00000000;
				_v8 =  *__esi +  *__esi;
				_t19 = RegQueryValueExW( *_a4, _a8, 0,  &_a8, __edi,  &_v8); // executed
				if(_t19 == 0) {
					if(_a8 == 1 || _a8 == 2) {
						_t20 = _v8;
						if(_t28 == 0) {
							L10:
							 *_t29 = _t20 >> 1;
							return 0;
						}
						if(_t20 == 0) {
							 *_t28 = 0;
							goto L10;
						}
						if((_t20 & 0x00000001) != 0) {
							goto L3;
						}
						if(_t28[(_t20 >> 1) * 2 - 2] == 0) {
							goto L10;
						}
						goto L3;
					} else {
						L3:
						_t23 = 0xd;
						return _t23;
					}
				}
				return _t19;
			}









                                                                                                                                                                                                                                0x013291b1
                                                                                                                                                                                                                                0x013291b1
                                                                                                                                                                                                                                0x013291b7
                                                                                                                                                                                                                                0x013291bc
                                                                                                                                                                                                                                0x013291d2
                                                                                                                                                                                                                                0x013291da
                                                                                                                                                                                                                                0x013291e0
                                                                                                                                                                                                                                0x013291ed
                                                                                                                                                                                                                                0x013291f2
                                                                                                                                                                                                                                0x0132920f
                                                                                                                                                                                                                                0x01329211
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329213
                                                                                                                                                                                                                                0x013291f6
                                                                                                                                                                                                                                0x0132920c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132920c
                                                                                                                                                                                                                                0x013291fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329206
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013291e8
                                                                                                                                                                                                                                0x013291e8
                                                                                                                                                                                                                                0x013291ea
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013291ea
                                                                                                                                                                                                                                0x013291e0
                                                                                                                                                                                                                                0x01329216

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000098,013A11F0,00000000,013A11F0,?,013343F1,?,?,0135CC1D,?,?,?,?,013A0D00), ref: 013291D2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                                                                                • Opcode ID: 47dd440f37e44aab32f0678a8cea97c7f9c1ba02c7a2c95e11f2381ba0dbe1d8
                                                                                                                                                                                                                                • Instruction ID: 358e07c68d8ca45192df5a402e1f0cd352693ec8bc0acb7bdea45d257593c9d1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47dd440f37e44aab32f0678a8cea97c7f9c1ba02c7a2c95e11f2381ba0dbe1d8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1701A231200229EFDB25DF5DC905BAA77F8AF1674CF20806DEA59D6180E730D650CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01319F97, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                			E01319F97(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t29;
				intOrPtr* _t34;
				intOrPtr* _t37;
				intOrPtr* _t41;
				void* _t42;
				void* _t43;

				_t43 = __eflags;
				_t35 = __ecx;
				_push(8);
				E0137C1D9(0x1394616, __ebx, __edi, __esi);
				_t34 = __ecx;
				_t37 =  *((intOrPtr*)(_t42 + 8));
				 *(_t42 - 0x10) =  *(_t42 - 0x10) & 0x00000000;
				 *_t37 = 0x13a3550;
				 *((intOrPtr*)(_t37 + 0x10)) = 0x13a1540;
				 *((intOrPtr*)(_t37 + 0x60)) = 0x13a149c;
				 *(_t42 - 4) =  *(_t42 - 4) & 0x00000000;
				_push(_t37 + 0x18);
				_push(_t37);
				 *(_t42 - 0x10) = 1;
				E0131AAD0(__ecx, 1, _t43); // executed
				 *(_t42 - 4) = 1;
				_t41 = _t37 + 0x18;
				 *((intOrPtr*)(_t37 +  *((intOrPtr*)( *_t37 + 4)))) = 0x13a153c;
				 *((intOrPtr*)(_t42 - 0x14)) = _t41;
				E0131B65C(__ecx, _t37, _t41, _t43, _t41);
				 *(_t42 - 4) = 2;
				 *_t41 = 0x13a14fc;
				_t29 =  *((intOrPtr*)(_t34 + 0x10));
				if( *((intOrPtr*)(_t34 + 0x14)) >= 8) {
					_t34 =  *_t34;
				}
				 *(_t41 + 0x3c) =  *(_t41 + 0x3c) & 0x00000000;
				 *(_t41 + 0x40) =  *(_t41 + 0x40) & 0x00000000;
				if(_t29 != 0) {
					E0131B949(_t29, _t35, _t41, _t34);
				}
				return E0137C2B1(_t37);
			}









                                                                                                                                                                                                                                0x01319f97
                                                                                                                                                                                                                                0x01319f97
                                                                                                                                                                                                                                0x01319f97
                                                                                                                                                                                                                                0x01319f9e
                                                                                                                                                                                                                                0x01319fa3
                                                                                                                                                                                                                                0x01319fa5
                                                                                                                                                                                                                                0x01319fa8
                                                                                                                                                                                                                                0x01319fac
                                                                                                                                                                                                                                0x01319fb2
                                                                                                                                                                                                                                0x01319fb9
                                                                                                                                                                                                                                0x01319fc0
                                                                                                                                                                                                                                0x01319fc9
                                                                                                                                                                                                                                0x01319fcb
                                                                                                                                                                                                                                0x01319fcc
                                                                                                                                                                                                                                0x01319fcf
                                                                                                                                                                                                                                0x01319fd4
                                                                                                                                                                                                                                0x01319fdc
                                                                                                                                                                                                                                0x01319fe0
                                                                                                                                                                                                                                0x01319fe7
                                                                                                                                                                                                                                0x01319fea
                                                                                                                                                                                                                                0x01319fef
                                                                                                                                                                                                                                0x01319ff3
                                                                                                                                                                                                                                0x01319ffd
                                                                                                                                                                                                                                0x0131a000
                                                                                                                                                                                                                                0x0131a002
                                                                                                                                                                                                                                0x0131a002
                                                                                                                                                                                                                                0x0131a004
                                                                                                                                                                                                                                0x0131a008
                                                                                                                                                                                                                                0x0131a00e
                                                                                                                                                                                                                                0x0131a011
                                                                                                                                                                                                                                0x0131a011
                                                                                                                                                                                                                                0x0131a01d

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 01319F9E
                                                                                                                                                                                                                                  • Part of subcall function 0131AAD0: __EH_prolog3.LIBCMT ref: 0131AAD7
                                                                                                                                                                                                                                  • Part of subcall function 0131B65C: __EH_prolog3.LIBCMT ref: 0131B663
                                                                                                                                                                                                                                  • Part of subcall function 0131B65C: std::_Mutex::_Mutex.LIBCPMT ref: 0131B674
                                                                                                                                                                                                                                  • Part of subcall function 0131B65C: std::locale::locale.LIBCPMT ref: 0131B68B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3$MutexMutex::_std::_std::locale::locale
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2655237191-0
                                                                                                                                                                                                                                • Opcode ID: 067445e42d6297ee28aa4505051a359814bb75072c1a2b0e4405736af27bf5fe
                                                                                                                                                                                                                                • Instruction ID: 89176a43a721066c26cff06f2ac541781dae51dd2cf29a8a7b5344bf795c4ead
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 067445e42d6297ee28aa4505051a359814bb75072c1a2b0e4405736af27bf5fe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09118CB5A10216DBCB18DF59C9447AABBF4FF2436AF400509D5406B205C3B4E619CBD0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013123FB, Relevance: 1.5, APIs: 1, Instructions: 39registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 16%
                                                                                                                                                                                                                                			E013123FB(intOrPtr* __eax, void* __ecx, void* _a4, short* _a8) {
				char _v8;
				void* __edi;
				void* __esi;
				long _t14;
				intOrPtr* _t24;

				_t24 = __eax;
				_t21 =  *((intOrPtr*)(__eax + 8));
				_push( &_a8);
				_v8 = 0;
				_push( &_v8);
				if( *((intOrPtr*)(__eax + 8)) == 0) {
					_t14 = RegCreateKeyExW(_a4, _a8, 0, 0, 0, 0x2001f, 0, ??, ??); // executed
				} else {
					_push(_a8);
					_push(_a4);
					_t14 = E01311CD3(_t21);
				}
				if(_t14 == 0) {
					_t14 = E013123E4(_t24);
					 *_t24 = _v8;
					 *((intOrPtr*)(_t24 + 4)) = 0;
				}
				return _t14;
			}








                                                                                                                                                                                                                                0x01312401
                                                                                                                                                                                                                                0x01312404
                                                                                                                                                                                                                                0x0131240c
                                                                                                                                                                                                                                0x01312410
                                                                                                                                                                                                                                0x01312413
                                                                                                                                                                                                                                0x01312416
                                                                                                                                                                                                                                0x01312434
                                                                                                                                                                                                                                0x01312418
                                                                                                                                                                                                                                0x01312418
                                                                                                                                                                                                                                0x0131241b
                                                                                                                                                                                                                                0x0131241e
                                                                                                                                                                                                                                0x0131241e
                                                                                                                                                                                                                                0x0131243c
                                                                                                                                                                                                                                0x0131243e
                                                                                                                                                                                                                                0x01312446
                                                                                                                                                                                                                                0x01312448
                                                                                                                                                                                                                                0x01312448
                                                                                                                                                                                                                                0x0131244f

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegCreateKeyExW.KERNEL32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,00000000,?,?,?,?,0131386B,?), ref: 01312434
                                                                                                                                                                                                                                  • Part of subcall function 01311CD3: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 01311CE2
                                                                                                                                                                                                                                  • Part of subcall function 01311CD3: GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 01311CF2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressCreateHandleModuleProc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1964897782-0
                                                                                                                                                                                                                                • Opcode ID: e540b4ef697679bd2a1e4f97957f36093f0ba4c083e4d85392ce9cd07ecd0f40
                                                                                                                                                                                                                                • Instruction ID: 84948eda3c61dec62a1b16a8f42cb6a3c6a2036f2620bedfcbf178f78edf2b17
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e540b4ef697679bd2a1e4f97957f36093f0ba4c083e4d85392ce9cd07ecd0f40
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4F030B250011DBFEF159F99DCC0CAFBBBDFB5839CB10842AF606A6114D6719E149BA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131B5EC, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                			E0131B5EC(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				short _t24;
				signed int _t29;
				intOrPtr* _t36;
				void* _t39;
				void* _t40;
				void* _t41;

				_t41 = __eflags;
				_push(4);
				E0137C1D9(0x13945a6, __ebx, __edi, __esi);
				_t36 =  *((intOrPtr*)(_t40 + 8));
				 *((intOrPtr*)(_t40 - 0x10)) = 0;
				 *((intOrPtr*)(_t36 +  *((intOrPtr*)( *_t36 + 4)))) = 0x13a14e4;
				 *((intOrPtr*)(_t36 + 8)) = 0;
				 *((intOrPtr*)(_t36 + 0xc)) = 0;
				_t39 =  *((intOrPtr*)( *_t36 + 4)) + _t36;
				E01314A45(0, __ecx, _t39);
				_push(0x20);
				 *((intOrPtr*)(_t39 + 0x38)) =  *((intOrPtr*)(_t40 + 0xc));
				 *((intOrPtr*)(_t39 + 0x3c)) = 0;
				_t24 = E0131CE84(0, _t39, _t36, _t39, _t41); // executed
				 *((short*)(_t39 + 0x40)) = _t24;
				if( *((intOrPtr*)(_t39 + 0x38)) == 0) {
					_t29 = ( *(_t39 + 0xc) | 0x00000004) & 0x00000017;
					 *(_t39 + 0xc) = _t29;
					if(( *(_t39 + 0x10) & _t29) != 0) {
						E013149B3(0);
					}
				}
				return E0137C2B1(_t36);
			}









                                                                                                                                                                                                                                0x0131b5ec
                                                                                                                                                                                                                                0x0131b5ec
                                                                                                                                                                                                                                0x0131b5f3
                                                                                                                                                                                                                                0x0131b5f8
                                                                                                                                                                                                                                0x0131b5fd
                                                                                                                                                                                                                                0x0131b605
                                                                                                                                                                                                                                0x0131b60e
                                                                                                                                                                                                                                0x0131b611
                                                                                                                                                                                                                                0x0131b617
                                                                                                                                                                                                                                0x0131b619
                                                                                                                                                                                                                                0x0131b621
                                                                                                                                                                                                                                0x0131b625
                                                                                                                                                                                                                                0x0131b628
                                                                                                                                                                                                                                0x0131b62b
                                                                                                                                                                                                                                0x0131b630
                                                                                                                                                                                                                                0x0131b637
                                                                                                                                                                                                                                0x0131b63f
                                                                                                                                                                                                                                0x0131b642
                                                                                                                                                                                                                                0x0131b648
                                                                                                                                                                                                                                0x0131b64d
                                                                                                                                                                                                                                0x0131b64d
                                                                                                                                                                                                                                0x0131b648
                                                                                                                                                                                                                                0x0131b659

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0131B5F3
                                                                                                                                                                                                                                  • Part of subcall function 01314A45: std::locale::locale.LIBCPMT ref: 01314A7F
                                                                                                                                                                                                                                  • Part of subcall function 0131CE84: __EH_prolog3.LIBCMT ref: 0131CE8B
                                                                                                                                                                                                                                  • Part of subcall function 013149B3: __CxxThrowException@8.LIBCMT ref: 013149C4
                                                                                                                                                                                                                                  • Part of subcall function 013149B3: std::exception::exception.LIBCMT ref: 013149EB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3$Exception@8Throwstd::exception::exceptionstd::locale::locale
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4228031093-0
                                                                                                                                                                                                                                • Opcode ID: c76efd8d7c154f5f331e05d52a80d5d716b18e4b1c9c9d9f06b664720676e5b5
                                                                                                                                                                                                                                • Instruction ID: 2087ac48120c9ec0bb1fe79e0e93d8d0d998db85fe1b6dab77944049a3909ce2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c76efd8d7c154f5f331e05d52a80d5d716b18e4b1c9c9d9f06b664720676e5b5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED01E8B5A007029FD725DF6DC490919F7F0BF18218785992EE69A9BB45C774E910CF80
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01312452, Relevance: 1.5, APIs: 1, Instructions: 33registryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(?,?,00000000,00020006,00000000,00000000,?,?,?,013137C7,00000002,00000000), ref: 0131247F
                                                                                                                                                                                                                                  • Part of subcall function 01311C74: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 01311C83
                                                                                                                                                                                                                                  • Part of subcall function 01311C74: GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 01311C93
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressHandleModuleOpenProc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1337834000-0
                                                                                                                                                                                                                                • Opcode ID: fbb8f663ceb3948bb54d2e69afa71be8122aa0edfbbb24fd307258e5ddcbe2fa
                                                                                                                                                                                                                                • Instruction ID: 3527e454c1706b47b1a785c48c9e8ad72153cc82f260d0992506e08ab1b8c1d4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fbb8f663ceb3948bb54d2e69afa71be8122aa0edfbbb24fd307258e5ddcbe2fa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2F0BE73500108BBCF299F58CC40F9EBBBCEF84754F248166FA05AB108C631DA00DBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131D061, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                			E0131D061(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* __edi;
				intOrPtr* _t9;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				void* _t19;
				intOrPtr* _t22;
				long _t23;

				_t9 = E01311DFC();
				_t22 = _t9;
				if(_t22 != 0) {
					_t16 = _a4;
					 *(_t22 + 4) = _t16;
					_t11 =  *((intOrPtr*)( *_t22 + 8))(_t19, _t15);
					_t4 = _t22 + 8; // 0x8, executed
					E01314F3A(_t11, _t4, _t22); // executed
					_t23 =  *(_t22 + 0x14);
					SetWindowLongW(_t16, 4, _t23);
					return  *_t23(_t16, _a8, _a12, _a16);
				}
				return _t9;
			}











                                                                                                                                                                                                                                0x0131d065
                                                                                                                                                                                                                                0x0131d06a
                                                                                                                                                                                                                                0x0131d06e
                                                                                                                                                                                                                                0x0131d073
                                                                                                                                                                                                                                0x0131d07a
                                                                                                                                                                                                                                0x0131d07d
                                                                                                                                                                                                                                0x0131d080
                                                                                                                                                                                                                                0x0131d083
                                                                                                                                                                                                                                0x0131d088
                                                                                                                                                                                                                                0x0131d08f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131d0a2
                                                                                                                                                                                                                                0x0131d0a5

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01311DFC: EnterCriticalSection.KERNEL32(013C1788,00000000,?,?,?,01315163,00000000,00000000,AXWIN Frame Window,00CF0000,00000000,00000000,?), ref: 01311E07
                                                                                                                                                                                                                                  • Part of subcall function 01311DFC: GetCurrentThreadId.KERNEL32 ref: 01311E17
                                                                                                                                                                                                                                  • Part of subcall function 01311DFC: LeaveCriticalSection.KERNEL32(013C1788,?,01315163,00000000,00000000,AXWIN Frame Window,00CF0000,00000000,00000000,?), ref: 01311E43
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: GetCurrentProcess.KERNEL32(00000000,0000000D), ref: 01314F70
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: FlushInstructionCache.KERNEL32(00000000), ref: 01314F77
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 0131D08F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalCurrentSection$CacheEnterFlushInstructionLeaveLongProcessThreadWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3823208529-0
                                                                                                                                                                                                                                • Opcode ID: ee12b2a16b2016558dac36f83acad8cbd5aeba34e1b758fcdddf4823e4de0d3d
                                                                                                                                                                                                                                • Instruction ID: 1ff8106dd71aacddff1a0b8d965722e505c18fc0a8ed87851cb75826641fcd9d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee12b2a16b2016558dac36f83acad8cbd5aeba34e1b758fcdddf4823e4de0d3d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3F0A733501216ABC7216F99DC44C8BBBACEF49754B004415F74557111C771E815CBF0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131AA87, Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                                                                                                			E0131AA87(intOrPtr* __ecx, char _a4, signed int _a8) {
				intOrPtr _t14;
				signed int _t18;
				intOrPtr* _t19;

				_t18 = _a8;
				_t19 = __ecx;
				if(_a4 != 0 &&  *((intOrPtr*)(__ecx + 0x14)) >= 8) {
					_t14 =  *__ecx;
					if(_t18 != 0) {
						E013748D0(__ecx, _t14, _t18 + _t18);
					}
					_push(_t14); // executed
					E013748B6(); // executed
				}
				 *(_t19 + 0x10) = _t18;
				 *((intOrPtr*)(_t19 + 0x14)) = 7;
				 *((short*)(_t19 + _t18 * 2)) = 0;
				return 0;
			}






                                                                                                                                                                                                                                0x0131aa90
                                                                                                                                                                                                                                0x0131aa93
                                                                                                                                                                                                                                0x0131aa95
                                                                                                                                                                                                                                0x0131aa9e
                                                                                                                                                                                                                                0x0131aaa2
                                                                                                                                                                                                                                0x0131aaaa
                                                                                                                                                                                                                                0x0131aaaf
                                                                                                                                                                                                                                0x0131aab2
                                                                                                                                                                                                                                0x0131aab3
                                                                                                                                                                                                                                0x0131aab9
                                                                                                                                                                                                                                0x0131aaba
                                                                                                                                                                                                                                0x0131aabd
                                                                                                                                                                                                                                0x0131aac6
                                                                                                                                                                                                                                0x0131aacd

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                                                                                                                • Opcode ID: 100e73ce1bf127a11951ee5c27ae159d19f2494a8f84af2e4a9b61f956bbeeb6
                                                                                                                                                                                                                                • Instruction ID: e875d229611c754a8121533c550f4372d0f53ab86734396e1349a69c696107d1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 100e73ce1bf127a11951ee5c27ae159d19f2494a8f84af2e4a9b61f956bbeeb6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3CF02072002744AAE330DE1CE880A13FBECBF9022AF10082FE94883200E770B55886E1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01320DEC, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E01320DEC(struct HWND__** _a4, WCHAR* _a8, struct HWND__* _a12, int* _a16, WCHAR* _a20, long _a24, long _a28, struct HMENU__* _a32) {
				int* _t13;
				struct HWND__* _t16;

				_t13 = _a16;
				if(_t13 == 0) {
					_t13 = 0x13bdefc;
					_a16 = 0x13bdefc;
				}
				_t16 = CreateWindowExW(_a28, _a8, _a20, _a24,  *_t13, _t13[1], _t13[2] -  *_t13, _t13[3] - _t13[1], _a12, _a32,  *0x13c1728, 0); // executed
				 *_a4 = _t16;
				return _t16;
			}





                                                                                                                                                                                                                                0x01320def
                                                                                                                                                                                                                                0x01320df4
                                                                                                                                                                                                                                0x01320df6
                                                                                                                                                                                                                                0x01320dfb
                                                                                                                                                                                                                                0x01320dfb
                                                                                                                                                                                                                                0x01320e2c
                                                                                                                                                                                                                                0x01320e35
                                                                                                                                                                                                                                0x01320e39

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 716092398-0
                                                                                                                                                                                                                                • Opcode ID: c931b0b66b9db94b7dca9e0483cd236578e60c3fdda766e428f4048ed21eff72
                                                                                                                                                                                                                                • Instruction ID: 1bb20da9b7b4fcd1d71b11f597cf0078c7afc1b445667f7cce53c5689d7fa983
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c931b0b66b9db94b7dca9e0483cd236578e60c3fdda766e428f4048ed21eff72
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8BF0B736210119AFDF15CFA8DD48EAA7BBAFB48354F058159FD089B225D672EC20DB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01311524, Relevance: 1.5, APIs: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                                                                                                			E01311524(intOrPtr* __ecx, char _a4, intOrPtr _a8) {
				void* _t7;
				intOrPtr _t10;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t14 = _a8;
				_t15 = __ecx;
				if(_a4 != 0 &&  *((intOrPtr*)(__ecx + 0x14)) >= 0x10) {
					_t10 =  *__ecx;
					if(_t14 != 0) {
						E013748D0(__ecx, _t10, _t14);
					}
					_push(_t10); // executed
					_t7 = E013748B6(); // executed
				}
				 *((intOrPtr*)(_t15 + 0x10)) = _t14;
				 *((intOrPtr*)(_t15 + 0x14)) = 0xf;
				 *((char*)(_t14 + _t15)) = 0;
				return _t7;
			}







                                                                                                                                                                                                                                0x0131152d
                                                                                                                                                                                                                                0x01311530
                                                                                                                                                                                                                                0x01311532
                                                                                                                                                                                                                                0x0131153b
                                                                                                                                                                                                                                0x0131153f
                                                                                                                                                                                                                                0x01311544
                                                                                                                                                                                                                                0x01311549
                                                                                                                                                                                                                                0x0131154c
                                                                                                                                                                                                                                0x0131154d
                                                                                                                                                                                                                                0x01311553
                                                                                                                                                                                                                                0x01311554
                                                                                                                                                                                                                                0x01311557
                                                                                                                                                                                                                                0x0131155e
                                                                                                                                                                                                                                0x01311565

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4104443479-0
                                                                                                                                                                                                                                • Opcode ID: adac867bd5297f6698ddbb4d268a84f52a24d56d5b5cc90ab5b2f6404a44a29e
                                                                                                                                                                                                                                • Instruction ID: fcce647dfd160639be2fc187b9e02fef8af9706513b01395b59daefc57514e67
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adac867bd5297f6698ddbb4d268a84f52a24d56d5b5cc90ab5b2f6404a44a29e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBE02B76001744BAF334AE1DA840B93FFECEF91628F18051EEA5513606D776B548C6F1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013446CB, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E013446CB(struct HWND__* __eax, intOrPtr* __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				long _t10;
				intOrPtr* _t13;
				struct HWND__* _t17;
				void* _t18;

				_t14 = __ecx;
				_t13 = __ecx;
				_t17 = __eax;
				if(E01314F3A( *((intOrPtr*)( *__ecx + 8))(), __ecx + 8, __ecx) != 0) {
					_t10 = SetWindowLongW(_t17, 0xfffffffc,  *(_t13 + 0x14));
					if(_t10 == 0) {
						goto L1;
					} else {
						 *(_t13 + 4) = _t17;
						 *(_t13 + 0x20) = _t10;
						_t18 = 1; // executed
						E01345D86(_t13, _t14); // executed
					}
				} else {
					L1:
					_t18 = 0;
				}
				return _t18;
			}









                                                                                                                                                                                                                                0x013446cb
                                                                                                                                                                                                                                0x013446cd
                                                                                                                                                                                                                                0x013446d0
                                                                                                                                                                                                                                0x013446e2
                                                                                                                                                                                                                                0x013446ee
                                                                                                                                                                                                                                0x013446f6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013446f8
                                                                                                                                                                                                                                0x013446f8
                                                                                                                                                                                                                                0x013446fd
                                                                                                                                                                                                                                0x01344700
                                                                                                                                                                                                                                0x01344701
                                                                                                                                                                                                                                0x01344701
                                                                                                                                                                                                                                0x013446e4
                                                                                                                                                                                                                                0x013446e4
                                                                                                                                                                                                                                0x013446e4
                                                                                                                                                                                                                                0x013446e4
                                                                                                                                                                                                                                0x0134470b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: GetCurrentProcess.KERNEL32(00000000,0000000D), ref: 01314F70
                                                                                                                                                                                                                                  • Part of subcall function 01314F3A: FlushInstructionCache.KERNEL32(00000000), ref: 01314F77
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 013446EE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CacheCurrentFlushInstructionLongProcessWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1025874094-0
                                                                                                                                                                                                                                • Opcode ID: 941b98b55beab2d06a81e60426dbd9c402d5aa542d963529571ba5672ea4fb5d
                                                                                                                                                                                                                                • Instruction ID: 11ddc551c1990f7c0946a1e8178390a5f01653696d30975b1894f83a6d8e5c8b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 941b98b55beab2d06a81e60426dbd9c402d5aa542d963529571ba5672ea4fb5d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53E06D72A011319BCB21AF6D9C84A56BADCAF166693114276EC05EB126D7A0D802C7E0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131CE84, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E0131CE84(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t12;
				intOrPtr* _t13;
				void* _t23;
				void* _t27;
				void* _t28;

				_t28 = __eflags;
				E0137C1D9(0x1392201, __ebx, __edi, __esi);
				_t12 = E01314A2B(__ecx, _t27 - 0x10);
				 *(_t27 - 4) =  *(_t27 - 4) & 0x00000000;
				_t13 = E0131CFC4(__ebx, _t23, __edi, __esi, _t28); // executed
				 *(_t27 - 4) =  *(_t27 - 4) | 0xffffffff;
				E0131454C(_t27 - 0x10);
				return E0137C2B1( *((intOrPtr*)( *_t13 + 0x28))( *((intOrPtr*)(_t27 + 8)), _t12, 4));
			}








                                                                                                                                                                                                                                0x0131ce84
                                                                                                                                                                                                                                0x0131ce8b
                                                                                                                                                                                                                                0x0131ce94
                                                                                                                                                                                                                                0x0131ce99
                                                                                                                                                                                                                                0x0131ce9e
                                                                                                                                                                                                                                0x0131cea3
                                                                                                                                                                                                                                0x0131cead
                                                                                                                                                                                                                                0x0131cec1

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0131CE8B
                                                                                                                                                                                                                                  • Part of subcall function 01314A2B: std::locale::facet::_Incref.LIBCPMT ref: 01314A39
                                                                                                                                                                                                                                  • Part of subcall function 0131CFC4: __EH_prolog3.LIBCMT ref: 0131CFCB
                                                                                                                                                                                                                                  • Part of subcall function 0131CFC4: std::_Lockit::_Lockit.LIBCPMT ref: 0131CFD5
                                                                                                                                                                                                                                  • Part of subcall function 0131CFC4: int.LIBCPMT ref: 0131CFEC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3$IncrefLockitLockit::_std::_std::locale::facet::_
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 910397830-0
                                                                                                                                                                                                                                • Opcode ID: b4615f971908d30c57655999e658d982d8770101ad6d9cea0ba92cfd2f2a9782
                                                                                                                                                                                                                                • Instruction ID: 418f757028854a8840a91e91e05219872a113082a5f3747ee094d190e69259f2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4615f971908d30c57655999e658d982d8770101ad6d9cea0ba92cfd2f2a9782
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3DE04FB69002169BCF14FBA8C804AAD7674AF28324F104555D561A72E0DB348A08CA54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01319B30, Relevance: 1.5, APIs: 1, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E01319B30(intOrPtr* __ecx, intOrPtr _a4) {
				intOrPtr* _t13;

				_t13 = __ecx;
				 *(__ecx + 0x10) =  *(__ecx + 0x10) & 0x00000000;
				 *((intOrPtr*)(__ecx + 0x14)) = 7;
				 *((short*)(__ecx)) = 0;
				E0131B7E3(_t13, 0, _a4, E01376D83(_a4)); // executed
				return _t13;
			}




                                                                                                                                                                                                                                0x01319b37
                                                                                                                                                                                                                                0x01319b39
                                                                                                                                                                                                                                0x01319b3f
                                                                                                                                                                                                                                0x01319b46
                                                                                                                                                                                                                                0x01319b55
                                                                                                                                                                                                                                0x01319b5e

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 176396367-0
                                                                                                                                                                                                                                • Opcode ID: 84c46b8d74c086fd8d9b67cdc4147ec9db2c9d4c6faf5eb9d1d5b4027ee30ce4
                                                                                                                                                                                                                                • Instruction ID: bd20373cb85ef6928c7f1f0c8cc135d64b4f3645af3e41cb78f16855730b10ac
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84c46b8d74c086fd8d9b67cdc4147ec9db2c9d4c6faf5eb9d1d5b4027ee30ce4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6DD02B312003146BDB201F54D805B5ABBA8DF00379F00051EE84887200CBB9A950C3D4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01319638, Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E01319638(intOrPtr* __ecx, intOrPtr _a4) {
				intOrPtr* _t12;

				_t12 = __ecx;
				_t2 = __ecx + 0x10;
				 *(__ecx + 0x10) =  *(__ecx + 0x10) & 0x00000000;
				 *((intOrPtr*)(__ecx + 0x14)) = 0xf;
				 *((char*)(__ecx)) = 0;
				E01311568(_t12,  *_t2, _a4, E01375190(_a4)); // executed
				return _t12;
			}




                                                                                                                                                                                                                                0x0131963f
                                                                                                                                                                                                                                0x01319641
                                                                                                                                                                                                                                0x01319641
                                                                                                                                                                                                                                0x01319645
                                                                                                                                                                                                                                0x0131964c
                                                                                                                                                                                                                                0x0131965b
                                                                                                                                                                                                                                0x01319664

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _strlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4218353326-0
                                                                                                                                                                                                                                • Opcode ID: 67ddd481a75f9eff6222dc56418d6f10d5bfe4a07baea1f0f200ce230eab5bdf
                                                                                                                                                                                                                                • Instruction ID: a372cd0047fe04454afa0d33d36686a42c9882f3c551036f827398d038e93cef
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67ddd481a75f9eff6222dc56418d6f10d5bfe4a07baea1f0f200ce230eab5bdf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00D09732200314ABEB346F58E800BABBFA8DF107B6F00002DF9854A340CBBA9940C3E5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131AAD0, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                			E0131AAD0(void* __ecx, void* __esi, void* __eflags) {
				void* _t20;
				void* _t22;
				intOrPtr* _t24;
				void* _t25;

				_push(4);
				E0137C1D9(0x13945cc, _t20, _t22, __esi);
				_t24 =  *((intOrPtr*)(_t25 + 8));
				 *(_t25 - 0x10) =  *(_t25 - 0x10) & 0x00000000;
				E0131B5EC(_t20, __ecx, _t22, _t24,  *(_t25 - 0x10), _t24,  *((intOrPtr*)(_t25 + 0xc))); // executed
				 *((intOrPtr*)(_t24 +  *((intOrPtr*)( *((intOrPtr*)(_t24 + 0x10)) + 4)) + 0x10)) = 0x13a14ec;
				 *((intOrPtr*)(_t24 +  *((intOrPtr*)( *_t24 + 4)))) = 0x13a14f4;
				return E0137C2B1(_t24);
			}







                                                                                                                                                                                                                                0x0131aad0
                                                                                                                                                                                                                                0x0131aad7
                                                                                                                                                                                                                                0x0131aadc
                                                                                                                                                                                                                                0x0131aae2
                                                                                                                                                                                                                                0x0131aae7
                                                                                                                                                                                                                                0x0131aaf2
                                                                                                                                                                                                                                0x0131aaff
                                                                                                                                                                                                                                0x0131ab0d

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0131AAD7
                                                                                                                                                                                                                                  • Part of subcall function 0131B5EC: __EH_prolog3.LIBCMT ref: 0131B5F3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 431132790-0
                                                                                                                                                                                                                                • Opcode ID: 5fe2340745db5733f5ccb986ef31c28c76f99d47fd76d79a7d7ac576639020ed
                                                                                                                                                                                                                                • Instruction ID: bd46cf359d62b0ce5bf182a77e720a057227d8ec720b62508e7188185e0d7d6f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fe2340745db5733f5ccb986ef31c28c76f99d47fd76d79a7d7ac576639020ed
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BEE09279200616DBCB26EF9CC844A99B7F4BF18308F458944E955AB345C774E918CB98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01376E85, Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                			E01376E85(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t9;
				void* _t17;

				_push(0xc);
				_push(0x13afbc8);
				E0137EF80(__ebx, __edi, __esi);
				E01378F45();
				 *(_t17 - 4) =  *(_t17 - 4) & 0x00000000;
				_t9 = E01376D9E( *((intOrPtr*)(_t17 + 8))); // executed
				 *((intOrPtr*)(_t17 - 0x1c)) = _t9;
				 *(_t17 - 4) = 0xfffffffe;
				E01376EBB();
				return E0137EFC5( *((intOrPtr*)(_t17 - 0x1c)));
			}





                                                                                                                                                                                                                                0x01376e85
                                                                                                                                                                                                                                0x01376e87
                                                                                                                                                                                                                                0x01376e8c
                                                                                                                                                                                                                                0x01376e91
                                                                                                                                                                                                                                0x01376e96
                                                                                                                                                                                                                                0x01376e9d
                                                                                                                                                                                                                                0x01376ea3
                                                                                                                                                                                                                                0x01376ea6
                                                                                                                                                                                                                                0x01376ead
                                                                                                                                                                                                                                0x01376eba

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01378F45: __lock.LIBCMT ref: 01378F47
                                                                                                                                                                                                                                • __onexit_nolock.LIBCMT ref: 01376E9D
                                                                                                                                                                                                                                  • Part of subcall function 01376D9E: RtlDecodePointer.NTDLL(013C1B0C,0139C8AC,00000003,?,?,01376EA2,00000000,013AFBC8,0000000C,01376ECE,00000000,?,0137540A,0139B65C,00000000), ref: 01376DB3
                                                                                                                                                                                                                                  • Part of subcall function 01376D9E: DecodePointer.KERNEL32(?,?,01376EA2,00000000,013AFBC8,0000000C,01376ECE,00000000,?,0137540A,0139B65C,00000000), ref: 01376DC0
                                                                                                                                                                                                                                  • Part of subcall function 01376D9E: __realloc_crt.LIBCMT ref: 01376DFD
                                                                                                                                                                                                                                  • Part of subcall function 01376D9E: __realloc_crt.LIBCMT ref: 01376E13
                                                                                                                                                                                                                                  • Part of subcall function 01376D9E: EncodePointer.KERNEL32(00000000,?,?,01376EA2,00000000,013AFBC8,0000000C,01376ECE,00000000,?,0137540A,0139B65C,00000000), ref: 01376E25
                                                                                                                                                                                                                                  • Part of subcall function 01376D9E: EncodePointer.KERNEL32(00000000,?,?,01376EA2,00000000,013AFBC8,0000000C,01376ECE,00000000,?,0137540A,0139B65C,00000000), ref: 01376E39
                                                                                                                                                                                                                                  • Part of subcall function 01376D9E: EncodePointer.KERNEL32(-00000004,?,?,01376EA2,00000000,013AFBC8,0000000C,01376ECE,00000000,?,0137540A,0139B65C,00000000), ref: 01376E41
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Pointer$Encode$Decode__realloc_crt$__lock__onexit_nolock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3536590627-0
                                                                                                                                                                                                                                • Opcode ID: 476f2e64b5cfa5f801d4fba1d4378950eec8b68264baa7943c2bcd2cb8dfa497
                                                                                                                                                                                                                                • Instruction ID: caba79e8e060489a12c8395006467d4846ccfc393e7c0cae1f0bfcdd59401791
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 476f2e64b5cfa5f801d4fba1d4378950eec8b68264baa7943c2bcd2cb8dfa497
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02D05E7090170AAAEB70BBACD905B5D77B0AF24318F604199D018A61D0CA7C4A469A10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01381227, Relevance: 1.5, APIs: 1, Instructions: 3COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlEncodePointer.NTDLL(00000000,0138AFF0,013C1EB8,00000314,00000000,?,?,?,?,?,01380E43,013C1EB8,Microsoft Visual C++ Runtime Library,00012010), ref: 01381229
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EncodePointer
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2118026453-0
                                                                                                                                                                                                                                • Opcode ID: aecb2d062a1cdbfb8b13a28618f0e8127930df148cb346ba259f9960150e15af
                                                                                                                                                                                                                                • Instruction ID: 5c64ac635765663d069b9333f076f33dccce72fd17d477c8d7fae2305aad211f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aecb2d062a1cdbfb8b13a28618f0e8127930df148cb346ba259f9960150e15af
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 01344B43, Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 256windowCOMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E01344B43(void* __ecx, void* __edx, intOrPtr _a8, signed int _a12, struct tagPOINT _a16, signed int* _a20, intOrPtr _a24) {
				void* _v16;
				long _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _v32;
				signed int* _v36;
				RECT* _v40;
				signed int _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t77;
				intOrPtr _t78;
				int _t79;
				signed int _t91;
				struct HWND__* _t93;
				struct tagPOINT _t95;
				signed int _t99;
				struct tagPOINT _t101;
				signed int _t105;
				signed char _t109;
				signed char _t110;
				signed int _t111;
				struct tagRECT _t115;
				signed int _t120;
				signed char _t123;
				int _t126;
				RECT* _t133;
				int _t146;
				signed int* _t153;

				_t153 = _a20;
				_t130 = __ecx;
				_t133 = 0;
				_v36 = _t153;
				if(_a24 != 0) {
					L11:
					_t77 = 0;
					__eflags = 0;
					L12:
					return _t77;
				}
				_t78 = _a8;
				_t146 = 1;
				_t163 = _t78 - 1;
				if(_t78 != 1) {
					__eflags = _t78 - 2;
					if(_t78 != 2) {
						_t142 = _t78 - 0x200;
						__eflags = _t78 - 0x200 - 0xd;
						if(_t78 - 0x200 <= 0xd) {
							_v28 = _t78;
							_v24 = _a12;
							_v20 = _a16.x;
							_v32 =  *((intOrPtr*)(__ecx + 4));
							asm("stosd");
							asm("stosd");
							asm("stosd");
							_t120 = IsWindow( *(__ecx + 0x48));
							__eflags = _t120;
							if(_t120 != 0) {
								_t123 =  !( *(_t130 + 0x54) >> 6);
								__eflags = _t123 & 0x00000001;
								if((_t123 & 0x00000001) != 0) {
									SendMessageW( *(_t130 + 0x48), 0x407, 0,  &_v32);
								}
							}
							_t78 = _a8;
							_t146 = 1;
							 *_t153 = 1;
							_t133 = 0;
							__eflags = 0;
						}
						__eflags = _t78 - 0x14;
						if(_t78 != 0x14) {
							__eflags = _t78 - 0xf;
							if(_t78 != 0xf) {
								__eflags = _t78 - 0x318;
								if(_t78 == 0x318) {
									goto L21;
								}
								__eflags = _t78 - 7;
								if(_t78 != 7) {
									__eflags = _t78 - 8;
									if(_t78 == 8) {
										goto L30;
									}
									__eflags = _t78 - 0x200;
									if(_t78 != 0x200) {
										__eflags = _t78 - 0x2a3;
										if(_t78 != 0x2a3) {
											__eflags = _t78 - 0x201;
											if(_t78 != 0x201) {
												__eflags = _t78 - 0x202;
												if(_t78 != 0x202) {
													__eflags = _t78 - 0x102;
													if(_t78 != 0x102) {
														__eflags = _t78 - 0x87;
														if(_t78 != 0x87) {
															__eflags = _t78 - 0x20;
															if(_t78 != 0x20) {
																__eflags = _t78 - 0xa;
																if(_t78 != 0xa) {
																	__eflags = _t78 - 0x31;
																	if(_t78 != 0x31) {
																		__eflags = _t78 - 0x30;
																		if(_t78 != 0x30) {
																			__eflags = _t78 - 0x128;
																			if(_t78 == 0x128) {
																				L44:
																				 *_t153 = _t133;
																				goto L4;
																			}
																			__eflags = _t78 - 5;
																			if(_t78 != 5) {
																				goto L11;
																			}
																			E01346030(_t130, _t142);
																			InvalidateRect( *(_t130 + 4), 0, _t146);
																			goto L3;
																		}
																		 *(_t130 + 0x34) = _a12;
																		__eflags = _a16.x - _t133;
																		if(_a16.x == _t133) {
																			goto L44;
																		}
																		_push(_t146);
																		_push(_t133);
																		L42:
																		InvalidateRect( *(_t130 + 4), ??, ??);
																		UpdateWindow( *(_t130 + 4));
																		L43:
																		_t133 = 0;
																		__eflags = 0;
																		goto L44;
																	}
																	 *_t153 =  *(_t130 + 0x34);
																	goto L4;
																}
																InvalidateRect( *(_t130 + 4), _t133, _t146);
																UpdateWindow( *(_t130 + 4));
																goto L3;
															}
															_v40 = _t146;
															_t91 = E01345FD2(_t130,  &_v40);
															__eflags = _v44;
															 *_t153 = _t91;
															L26:
															if(__eflags == 0) {
																goto L11;
															}
															goto L4;
														}
														 *_t153 = 0x80;
														goto L4;
													}
													__eflags = _a12 - 0xd;
													if(_a12 == 0xd) {
														L55:
														E01346467(_t130);
														_t153 = _v36;
														_t146 = 1;
														goto L43;
													}
													__eflags = _a12 - 0x20;
													if(_a12 != 0x20) {
														goto L44;
													}
													goto L55;
												}
												_t93 = GetCapture();
												__eflags = _t93 -  *(_t130 + 4);
												if(_t93 ==  *(_t130 + 4)) {
													ReleaseCapture();
													_t95 = _a16.x;
													_push(_t95 >> 0x10);
													_t99 = PtInRect(_t130 + 0x38, _t95);
													__eflags = _t99;
													if(_t99 != 0) {
														E01346467(_t130);
														_t153 = _v36;
														_t146 = 1;
													}
												}
												goto L3;
											}
											_t101 = _a16.x;
											_push(_t101 >> 0x10);
											_t105 = PtInRect(_t130 + 0x38, _t101);
											__eflags = _t105;
											if(_t105 != 0) {
												SetFocus( *(_t130 + 4));
												SetCapture( *(_t130 + 4));
											}
											goto L3;
										}
										_t109 =  *(_t130 + 0x54) >> 1;
										__eflags = _t109 & 0x00000001;
										if((_t109 & 0x00000001) == 0) {
											goto L44;
										}
										_t110 =  *(_t130 + 0x58);
										__eflags = _t110 & 0x00000004;
										if((_t110 & 0x00000004) == 0) {
											goto L44;
										}
										_t111 = _t110 & 0x000000fb;
										__eflags = _t111;
										 *(_t130 + 0x58) = _t111;
										_push(_t146);
										_push(_t130 + 0x38);
										goto L42;
									}
									_v40 = _t146;
									_t115 = E01345F0E(_a16, _t130,  &_v40);
									__eflags = _v44;
									 *_v40 = _t115;
									if(_v44 == 0) {
										goto L11;
									}
									_t77 = 1;
									goto L12;
								}
								L30:
								__eflags =  *(_t130 + 0x58) & 0x00000001;
								_v40 = _t146;
								if(( *(_t130 + 0x58) & 0x00000001) == 0) {
									_v40 = _t133;
								} else {
									InvalidateRect( *(_t130 + 4), _t133, _t146);
									_t133 = 0;
								}
								 *_t153 = _t133;
								L25:
								__eflags = _v40 - _t133;
								goto L26;
							}
							L21:
							__eflags =  *(_t130 + 0x58) & 0x00000001;
							_v40 = _t146;
							if(__eflags != 0) {
								_t79 = E01345E8E(_t130, _t130, _t142, _t146, _a12, __eflags);
								_t153 = _v36;
								_t146 = 1;
								_t133 = 0;
								__eflags = 0;
							} else {
								_v40 = _t133;
								_t79 = _t146;
							}
							 *_t153 = _t79;
							goto L25;
						} else {
							 *_t153 = _t146;
							goto L4;
						}
					}
					_t126 = IsWindow( *(__ecx + 0x48));
					__eflags = _t126;
					if(_t126 != 0) {
						_t9 = _t130 + 0x48;
						 *_t9 =  *(_t130 + 0x48) & 0x00000000;
						__eflags =  *_t9;
					}
					 *_t153 = _t146;
					goto L11;
				} else {
					E0134651A(__ecx, __ecx, __edx, 1, _t153, _t163);
					L3:
					 *_t153 =  *_t153 & 0x00000000;
					L4:
					_t77 = _t146;
					goto L12;
				}
			}


































                                                                                                                                                                                                                                0x01344b4e
                                                                                                                                                                                                                                0x01344b51
                                                                                                                                                                                                                                0x01344b53
                                                                                                                                                                                                                                0x01344b56
                                                                                                                                                                                                                                0x01344b5d
                                                                                                                                                                                                                                0x01344ba0
                                                                                                                                                                                                                                0x01344ba0
                                                                                                                                                                                                                                0x01344ba0
                                                                                                                                                                                                                                0x01344ba2
                                                                                                                                                                                                                                0x01344ba8
                                                                                                                                                                                                                                0x01344ba8
                                                                                                                                                                                                                                0x01344b5f
                                                                                                                                                                                                                                0x01344b64
                                                                                                                                                                                                                                0x01344b65
                                                                                                                                                                                                                                0x01344b67
                                                                                                                                                                                                                                0x01344b77
                                                                                                                                                                                                                                0x01344b7a
                                                                                                                                                                                                                                0x01344bab
                                                                                                                                                                                                                                0x01344bb1
                                                                                                                                                                                                                                0x01344bb4
                                                                                                                                                                                                                                0x01344bbc
                                                                                                                                                                                                                                0x01344bc3
                                                                                                                                                                                                                                0x01344bca
                                                                                                                                                                                                                                0x01344bce
                                                                                                                                                                                                                                0x01344bd8
                                                                                                                                                                                                                                0x01344bd9
                                                                                                                                                                                                                                0x01344bda
                                                                                                                                                                                                                                0x01344bdb
                                                                                                                                                                                                                                0x01344be1
                                                                                                                                                                                                                                0x01344be3
                                                                                                                                                                                                                                0x01344beb
                                                                                                                                                                                                                                0x01344bed
                                                                                                                                                                                                                                0x01344bef
                                                                                                                                                                                                                                0x01344c00
                                                                                                                                                                                                                                0x01344c00
                                                                                                                                                                                                                                0x01344bef
                                                                                                                                                                                                                                0x01344c06
                                                                                                                                                                                                                                0x01344c0b
                                                                                                                                                                                                                                0x01344c0c
                                                                                                                                                                                                                                0x01344c12
                                                                                                                                                                                                                                0x01344c12
                                                                                                                                                                                                                                0x01344c12
                                                                                                                                                                                                                                0x01344c14
                                                                                                                                                                                                                                0x01344c17
                                                                                                                                                                                                                                0x01344c20
                                                                                                                                                                                                                                0x01344c23
                                                                                                                                                                                                                                0x01344c5b
                                                                                                                                                                                                                                0x01344c60
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344c62
                                                                                                                                                                                                                                0x01344c65
                                                                                                                                                                                                                                0x01344c88
                                                                                                                                                                                                                                0x01344c8b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344c8d
                                                                                                                                                                                                                                0x01344c92
                                                                                                                                                                                                                                0x01344cc0
                                                                                                                                                                                                                                0x01344cc5
                                                                                                                                                                                                                                0x01344cfc
                                                                                                                                                                                                                                0x01344d01
                                                                                                                                                                                                                                0x01344d38
                                                                                                                                                                                                                                0x01344d3d
                                                                                                                                                                                                                                0x01344d85
                                                                                                                                                                                                                                0x01344d8a
                                                                                                                                                                                                                                0x01344daf
                                                                                                                                                                                                                                0x01344db4
                                                                                                                                                                                                                                0x01344dc1
                                                                                                                                                                                                                                0x01344dc4
                                                                                                                                                                                                                                0x01344de2
                                                                                                                                                                                                                                0x01344de5
                                                                                                                                                                                                                                0x01344e00
                                                                                                                                                                                                                                0x01344e03
                                                                                                                                                                                                                                0x01344e0f
                                                                                                                                                                                                                                0x01344e12
                                                                                                                                                                                                                                0x01344e2a
                                                                                                                                                                                                                                0x01344e2f
                                                                                                                                                                                                                                0x01344cf5
                                                                                                                                                                                                                                0x01344cf5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344cf5
                                                                                                                                                                                                                                0x01344e35
                                                                                                                                                                                                                                0x01344e38
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344e40
                                                                                                                                                                                                                                0x01344e4b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344e4b
                                                                                                                                                                                                                                0x01344e17
                                                                                                                                                                                                                                0x01344e1a
                                                                                                                                                                                                                                0x01344e1d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344e23
                                                                                                                                                                                                                                0x01344e24
                                                                                                                                                                                                                                0x01344ce1
                                                                                                                                                                                                                                0x01344ce4
                                                                                                                                                                                                                                0x01344ced
                                                                                                                                                                                                                                0x01344cf3
                                                                                                                                                                                                                                0x01344cf3
                                                                                                                                                                                                                                0x01344cf3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344cf3
                                                                                                                                                                                                                                0x01344e08
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344e08
                                                                                                                                                                                                                                0x01344dec
                                                                                                                                                                                                                                0x01344df5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344df5
                                                                                                                                                                                                                                0x01344dcd
                                                                                                                                                                                                                                0x01344dd1
                                                                                                                                                                                                                                0x01344dd6
                                                                                                                                                                                                                                0x01344ddb
                                                                                                                                                                                                                                0x01344c50
                                                                                                                                                                                                                                0x01344c50
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344c56
                                                                                                                                                                                                                                0x01344db6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344db6
                                                                                                                                                                                                                                0x01344d8c
                                                                                                                                                                                                                                0x01344d90
                                                                                                                                                                                                                                0x01344d9c
                                                                                                                                                                                                                                0x01344d9e
                                                                                                                                                                                                                                0x01344da3
                                                                                                                                                                                                                                0x01344da9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344da9
                                                                                                                                                                                                                                0x01344d92
                                                                                                                                                                                                                                0x01344d96
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344d96
                                                                                                                                                                                                                                0x01344d3f
                                                                                                                                                                                                                                0x01344d45
                                                                                                                                                                                                                                0x01344d48
                                                                                                                                                                                                                                0x01344d4e
                                                                                                                                                                                                                                0x01344d54
                                                                                                                                                                                                                                0x01344d5e
                                                                                                                                                                                                                                0x01344d64
                                                                                                                                                                                                                                0x01344d6a
                                                                                                                                                                                                                                0x01344d6c
                                                                                                                                                                                                                                0x01344d74
                                                                                                                                                                                                                                0x01344d79
                                                                                                                                                                                                                                0x01344d7f
                                                                                                                                                                                                                                0x01344d7f
                                                                                                                                                                                                                                0x01344d6c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344d48
                                                                                                                                                                                                                                0x01344d03
                                                                                                                                                                                                                                0x01344d0d
                                                                                                                                                                                                                                0x01344d13
                                                                                                                                                                                                                                0x01344d19
                                                                                                                                                                                                                                0x01344d1b
                                                                                                                                                                                                                                0x01344d24
                                                                                                                                                                                                                                0x01344d2d
                                                                                                                                                                                                                                0x01344d2d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344d1b
                                                                                                                                                                                                                                0x01344cca
                                                                                                                                                                                                                                0x01344ccc
                                                                                                                                                                                                                                0x01344cce
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344cd0
                                                                                                                                                                                                                                0x01344cd3
                                                                                                                                                                                                                                0x01344cd5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344cd7
                                                                                                                                                                                                                                0x01344cd7
                                                                                                                                                                                                                                0x01344cd9
                                                                                                                                                                                                                                0x01344cdc
                                                                                                                                                                                                                                0x01344ce0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344ce0
                                                                                                                                                                                                                                0x01344c9e
                                                                                                                                                                                                                                0x01344ca2
                                                                                                                                                                                                                                0x01344ca7
                                                                                                                                                                                                                                0x01344cb0
                                                                                                                                                                                                                                0x01344cb2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344cba
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344cba
                                                                                                                                                                                                                                0x01344c67
                                                                                                                                                                                                                                0x01344c67
                                                                                                                                                                                                                                0x01344c6b
                                                                                                                                                                                                                                0x01344c6f
                                                                                                                                                                                                                                0x01344c80
                                                                                                                                                                                                                                0x01344c71
                                                                                                                                                                                                                                0x01344c76
                                                                                                                                                                                                                                0x01344c7c
                                                                                                                                                                                                                                0x01344c7c
                                                                                                                                                                                                                                0x01344c84
                                                                                                                                                                                                                                0x01344c4c
                                                                                                                                                                                                                                0x01344c4c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344c4c
                                                                                                                                                                                                                                0x01344c25
                                                                                                                                                                                                                                0x01344c25
                                                                                                                                                                                                                                0x01344c29
                                                                                                                                                                                                                                0x01344c2d
                                                                                                                                                                                                                                0x01344c3c
                                                                                                                                                                                                                                0x01344c41
                                                                                                                                                                                                                                0x01344c47
                                                                                                                                                                                                                                0x01344c48
                                                                                                                                                                                                                                0x01344c48
                                                                                                                                                                                                                                0x01344c2f
                                                                                                                                                                                                                                0x01344c2f
                                                                                                                                                                                                                                0x01344c33
                                                                                                                                                                                                                                0x01344c33
                                                                                                                                                                                                                                0x01344c4a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344c19
                                                                                                                                                                                                                                0x01344c19
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344c19
                                                                                                                                                                                                                                0x01344c17
                                                                                                                                                                                                                                0x01344b7f
                                                                                                                                                                                                                                0x01344b85
                                                                                                                                                                                                                                0x01344b87
                                                                                                                                                                                                                                0x01344b9a
                                                                                                                                                                                                                                0x01344b9a
                                                                                                                                                                                                                                0x01344b9a
                                                                                                                                                                                                                                0x01344b9a
                                                                                                                                                                                                                                0x01344b9e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344b69
                                                                                                                                                                                                                                0x01344b6b
                                                                                                                                                                                                                                0x01344b70
                                                                                                                                                                                                                                0x01344b70
                                                                                                                                                                                                                                0x01344b73
                                                                                                                                                                                                                                0x01344b73
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01344b73

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 01344B7F
                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 01344B8C
                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 01344BDB
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000407,00000000,?), ref: 01344C00
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 01344C76
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: __EH_prolog3_GS.LIBCMT ref: 01346524
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: GetClassNameW.USER32 ref: 01346548
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: lstrcmpiW.KERNEL32(?,static), ref: 0134655B
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: GetWindowLongW.USER32 ref: 01346570
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: SetWindowLongW.USER32 ref: 01346584
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: GetWindowLongW.USER32 ref: 0134658F
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: LoadCursorW.USER32(00000000,00007F89), ref: 013465D4
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: GetParent.USER32(?), ref: 013465EA
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 013465F5
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: GetStockObject.GDI32(0000000D), ref: 01346604
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: _memset.LIBCMT ref: 01346629
                                                                                                                                                                                                                                  • Part of subcall function 0134651A: GetObjectW.GDI32(?,0000005C,?), ref: 0134663B
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,?,00000001), ref: 01344CE4
                                                                                                                                                                                                                                • UpdateWindow.USER32(?), ref: 01344CED
                                                                                                                                                                                                                                • PtInRect.USER32(00000000,00000000,?), ref: 01344D13
                                                                                                                                                                                                                                • SetFocus.USER32(?), ref: 01344D24
                                                                                                                                                                                                                                • SetCapture.USER32(?), ref: 01344D2D
                                                                                                                                                                                                                                • GetCapture.USER32 ref: 01344D3F
                                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 01344D4E
                                                                                                                                                                                                                                • PtInRect.USER32(?,?,?), ref: 01344D64
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 01344DEC
                                                                                                                                                                                                                                • UpdateWindow.USER32(?), ref: 01344DF5
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 01344E4B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Rect$Invalidate$CaptureLong$MessageObjectSendUpdate$ClassCursorDestroyFocusH_prolog3_LoadNameParentReleaseStock_memsetlstrcmpi
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3327015229-3916222277
                                                                                                                                                                                                                                • Opcode ID: 58516efa8de9f5c3297a28a17e2047e0a3d2aecf82ed25dda4efbae463f520e0
                                                                                                                                                                                                                                • Instruction ID: 79b0234cc3a1cf4f1ad232a8d2121f5e8a367ac3de7c6907ebb9a1c00faae47d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58516efa8de9f5c3297a28a17e2047e0a3d2aecf82ed25dda4efbae463f520e0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9391BE70504205EFDF258F28D98472A7BE8FF88319F14483EE996DA256D735EC80CB55
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135C298, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 180fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 71%
                                                                                                                                                                                                                                			E0135C298(void* __edx, WCHAR* _a4, intOrPtr _a24, char _a32, intOrPtr _a52) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v4114;
				short _v4116;
				intOrPtr _v4124;
				intOrPtr _v4128;
				WCHAR* _v4144;
				struct _WIN32_FIND_DATAW _v4740;
				void* _v4744;
				intOrPtr _v4748;
				intOrPtr _v4752;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t61;
				signed int _t62;
				WCHAR* _t64;
				WCHAR** _t69;
				signed int _t76;
				int _t78;
				void* _t81;
				signed int _t84;
				WCHAR* _t85;
				void* _t93;
				WCHAR* _t99;
				WCHAR* _t102;
				intOrPtr _t107;
				void* _t108;
				char* _t111;
				void* _t127;
				WCHAR* _t129;
				void* _t130;
				void* _t135;
				WCHAR** _t136;
				signed int _t137;
				void* _t138;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				intOrPtr _t142;

				_t127 = __edx;
				_push(0xffffffff);
				_push(0x13927f3);
				_push( *[fs:0x0]);
				E01385300(0x1284);
				_t61 =  *0x13bce20; // 0xa1d783ff
				_t62 = _t61 ^ _t137;
				_v20 = _t62;
				_push(_t62);
				 *[fs:0x0] =  &_v16;
				_v8 = 1;
				_t64 = _a4;
				if(_a24 < 8) {
					_t64 =  &_a4;
				}
				if(PathFileExistsW(_t64) != 0) {
					_v4116 = 0;
					_t107 = 0;
					E01376F40( &_v4114, 0, 0xffe);
					_t111 = _a32;
					_t139 = _t138 + 0xc;
					__eflags = _a52 - 8;
					if(_a52 < 8) {
						_t111 =  &_a32;
					}
					__eflags = _a24 - 8;
					_t69 = _a4;
					if(_a24 < 8) {
						_t69 =  &_a4;
					}
					wsprintfW( &_v4116, L"%s\\%s", _t69, _t111);
					_t140 = _t139 + 0x10;
					_v4744 = FindFirstFileW( &_v4116,  &_v4740);
					_t129 = "\\";
					do {
						_t76 = StrCmpW( &(_v4740.cFileName), ".");
						__eflags = _t76;
						if(_t76 != 0) {
							_t84 = StrCmpW( &(_v4740.cFileName), 0x13a86fc);
							__eflags = _t84;
							if(_t84 != 0) {
								__eflags = _v4740.dwFileAttributes & 0x00000010;
								if((_v4740.dwFileAttributes & 0x00000010) == 0) {
									__eflags = _a24 - 8;
									_t85 = _a4;
									if(_a24 < 8) {
										_t85 =  &_a4;
									}
									wsprintfW( &_v4116, L"%s\\%s", _t85,  &(_v4740.cFileName));
									_t140 = _t140 + 0x10;
									DeleteFileW( &_v4116);
								} else {
									_v4144 = 0;
									_v4124 = 7;
									_v4128 = _t107;
									E0131A995( &_v4144,  &_a4, _t107, 0xffffffff);
									_v8 = 2;
									_t93 = E01376D83(_t129);
									_t136 =  &_v4144;
									E0131B74B(_t93, _t136, __eflags, _t129);
									E0131B74B(E01376D83( &(_v4740.cFileName)), _t136, __eflags,  &(_v4740.cFileName));
									_t141 = _t140 - 0x1c;
									_v4752 = _t141;
									E01319B30(_t141, "*.*");
									_v8 = 3;
									__eflags = _v4124 - 8;
									_t99 = _v4144;
									if(_v4124 < 8) {
										_t99 = _t136;
									}
									_t142 = _t141 - 0x1c;
									_v4748 = _t142;
									E01319B30(_t142, _t99);
									_v8 = 2;
									E0135C298(_t127);
									_t102 = _v4144;
									_t140 = _t142 + 0x38;
									__eflags = _v4124 - 8;
									if(_v4124 < 8) {
										_t102 =  &_v4144;
									}
									RemoveDirectoryW(_t102);
									_v8 = 1;
									E0131AA87( &_v4144, 1, 0);
									_t107 = 0;
								}
							}
						}
						_t78 = FindNextFileW(_v4744,  &_v4740);
						__eflags = _t78;
					} while (_t78 != 0);
					FindClose(_v4744);
					E0131AA87( &_a4, 1, _t107);
					_push(_t107);
					_push(1);
					L22:
					_t81 = E0131AA87( &_a32);
					 *[fs:0x0] = _v16;
					_pop(_t130);
					_pop(_t135);
					_pop(_t108);
					return E013748C1(_t81, _t108, _v20 ^ _t137, _t127, _t130, _t135);
				}
				E0131AA87( &_a4, 1, _t65);
				_push(0);
				_push(1);
				goto L22;
			}












































                                                                                                                                                                                                                                0x0135c298
                                                                                                                                                                                                                                0x0135c29b
                                                                                                                                                                                                                                0x0135c29d
                                                                                                                                                                                                                                0x0135c2a8
                                                                                                                                                                                                                                0x0135c2ae
                                                                                                                                                                                                                                0x0135c2b3
                                                                                                                                                                                                                                0x0135c2b8
                                                                                                                                                                                                                                0x0135c2ba
                                                                                                                                                                                                                                0x0135c2c0
                                                                                                                                                                                                                                0x0135c2c4
                                                                                                                                                                                                                                0x0135c2cd
                                                                                                                                                                                                                                0x0135c2d4
                                                                                                                                                                                                                                0x0135c2d7
                                                                                                                                                                                                                                0x0135c2d9
                                                                                                                                                                                                                                0x0135c2d9
                                                                                                                                                                                                                                0x0135c2e5
                                                                                                                                                                                                                                0x0135c300
                                                                                                                                                                                                                                0x0135c307
                                                                                                                                                                                                                                0x0135c311
                                                                                                                                                                                                                                0x0135c316
                                                                                                                                                                                                                                0x0135c319
                                                                                                                                                                                                                                0x0135c31c
                                                                                                                                                                                                                                0x0135c320
                                                                                                                                                                                                                                0x0135c322
                                                                                                                                                                                                                                0x0135c322
                                                                                                                                                                                                                                0x0135c325
                                                                                                                                                                                                                                0x0135c329
                                                                                                                                                                                                                                0x0135c32c
                                                                                                                                                                                                                                0x0135c32e
                                                                                                                                                                                                                                0x0135c32e
                                                                                                                                                                                                                                0x0135c33f
                                                                                                                                                                                                                                0x0135c345
                                                                                                                                                                                                                                0x0135c35c
                                                                                                                                                                                                                                0x0135c362
                                                                                                                                                                                                                                0x0135c367
                                                                                                                                                                                                                                0x0135c379
                                                                                                                                                                                                                                0x0135c37b
                                                                                                                                                                                                                                0x0135c37d
                                                                                                                                                                                                                                0x0135c38f
                                                                                                                                                                                                                                0x0135c391
                                                                                                                                                                                                                                0x0135c393
                                                                                                                                                                                                                                0x0135c399
                                                                                                                                                                                                                                0x0135c3a0
                                                                                                                                                                                                                                0x0135c47f
                                                                                                                                                                                                                                0x0135c483
                                                                                                                                                                                                                                0x0135c486
                                                                                                                                                                                                                                0x0135c488
                                                                                                                                                                                                                                0x0135c488
                                                                                                                                                                                                                                0x0135c49f
                                                                                                                                                                                                                                0x0135c4a5
                                                                                                                                                                                                                                0x0135c4af
                                                                                                                                                                                                                                0x0135c3a6
                                                                                                                                                                                                                                0x0135c3aa
                                                                                                                                                                                                                                0x0135c3bc
                                                                                                                                                                                                                                0x0135c3c6
                                                                                                                                                                                                                                0x0135c3cc
                                                                                                                                                                                                                                0x0135c3d2
                                                                                                                                                                                                                                0x0135c3d6
                                                                                                                                                                                                                                0x0135c3df
                                                                                                                                                                                                                                0x0135c3e5
                                                                                                                                                                                                                                0x0135c400
                                                                                                                                                                                                                                0x0135c405
                                                                                                                                                                                                                                0x0135c40a
                                                                                                                                                                                                                                0x0135c415
                                                                                                                                                                                                                                0x0135c41a
                                                                                                                                                                                                                                0x0135c41e
                                                                                                                                                                                                                                0x0135c425
                                                                                                                                                                                                                                0x0135c42b
                                                                                                                                                                                                                                0x0135c42d
                                                                                                                                                                                                                                0x0135c42d
                                                                                                                                                                                                                                0x0135c42f
                                                                                                                                                                                                                                0x0135c434
                                                                                                                                                                                                                                0x0135c43b
                                                                                                                                                                                                                                0x0135c440
                                                                                                                                                                                                                                0x0135c444
                                                                                                                                                                                                                                0x0135c449
                                                                                                                                                                                                                                0x0135c44f
                                                                                                                                                                                                                                0x0135c452
                                                                                                                                                                                                                                0x0135c459
                                                                                                                                                                                                                                0x0135c45b
                                                                                                                                                                                                                                0x0135c45b
                                                                                                                                                                                                                                0x0135c462
                                                                                                                                                                                                                                0x0135c472
                                                                                                                                                                                                                                0x0135c476
                                                                                                                                                                                                                                0x0135c47b
                                                                                                                                                                                                                                0x0135c47b
                                                                                                                                                                                                                                0x0135c3a0
                                                                                                                                                                                                                                0x0135c393
                                                                                                                                                                                                                                0x0135c4c2
                                                                                                                                                                                                                                0x0135c4c8
                                                                                                                                                                                                                                0x0135c4c8
                                                                                                                                                                                                                                0x0135c4d6
                                                                                                                                                                                                                                0x0135c4e2
                                                                                                                                                                                                                                0x0135c4e7
                                                                                                                                                                                                                                0x0135c4e8
                                                                                                                                                                                                                                0x0135c4ea
                                                                                                                                                                                                                                0x0135c4ed
                                                                                                                                                                                                                                0x0135c4f5
                                                                                                                                                                                                                                0x0135c4fd
                                                                                                                                                                                                                                0x0135c4fe
                                                                                                                                                                                                                                0x0135c4ff
                                                                                                                                                                                                                                0x0135c50b
                                                                                                                                                                                                                                0x0135c50b
                                                                                                                                                                                                                                0x0135c2ec
                                                                                                                                                                                                                                0x0135c2f1
                                                                                                                                                                                                                                0x0135c2f3
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$Find$_wcslenwsprintf$CloseDeleteDirectoryExistsFirstNextPathRemove_memset
                                                                                                                                                                                                                                • String ID: %s\%s$*.*
                                                                                                                                                                                                                                • API String ID: 1895907785-3420517325
                                                                                                                                                                                                                                • Opcode ID: 461145a2b1a4b075e068ce7234ef88ceb9ad599ec0c190655cbdde0331792a12
                                                                                                                                                                                                                                • Instruction ID: 126b81d81816e20946a69f6c57fe5a30c7f690319459b53eadc13aa3682bf269
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 461145a2b1a4b075e068ce7234ef88ceb9ad599ec0c190655cbdde0331792a12
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E617171900299ABDF21DFA8CD45EEDBBBCEF04709F40409AE909E7140D6B49B94CFA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01323AB5, Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 318COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                			E01323AB5(void* __ebx, intOrPtr __ecx, intOrPtr* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t114;
				signed int _t122;
				WCHAR* _t123;
				signed int _t125;
				void* _t137;
				void* _t139;
				void* _t142;
				short _t148;
				intOrPtr _t152;
				intOrPtr* _t154;
				intOrPtr _t161;
				signed int _t163;
				void* _t167;
				void* _t170;
				signed int _t172;
				void* _t184;
				WCHAR* _t251;
				void* _t262;
				intOrPtr _t263;
				void* _t264;
				intOrPtr _t265;
				intOrPtr _t266;
				intOrPtr _t267;
				void* _t268;
				intOrPtr _t272;

				_t248 = __edx;
				_push(0x3b4);
				E0137C242(0x13985cd, __ebx, __edi, __esi);
				_t250 = __ecx;
				_t256 = __edx;
				 *((intOrPtr*)(_t262 - 0x300)) = 0;
				 *((intOrPtr*)(_t262 - 0x2fc)) = __ecx;
				 *((intOrPtr*)(_t262 - 0x308)) = __edx;
				_t272 =  *0x13c2a33; // 0x0
				if(_t272 != 0) {
					_t263 = _t263 - 0x1c;
					 *((intOrPtr*)(_t262 - 0x304)) = _t263;
					E01319638(_t263, "GetFFIncumbentHPR in");
					E0134BA76(0, 0x13c2b18, __edx, _t250, __edx, _t272);
				}
				E01319B30(_t262 - 0x250, 0x13a0d00);
				_t114 = _t262 - 0x218;
				 *((intOrPtr*)(_t262 - 4)) = 1;
				__imp__SHGetSpecialFolderPathW(0, _t114, 0x1a, 0);
				if(_t114 != 0) {
					 *_t256 = 2;
					_t256 = E01319B30(_t262 - 0x26c, _t262 - 0x218);
					 *((char*)(_t262 - 4)) = 2;
					E0132761B(_t262 - 0x2a4, _t116, _t262 - 0x2a4, L"\\Mozilla\\Firefox");
					 *((char*)(_t262 - 4)) = 4;
					E0131AA87(_t262 - 0x26c, 1, 0);
					_push(L"\\profiles.ini");
					_push(_t262 - 0x234);
					_t250 = _t262 - 0x2a4;
					E01327646(0, _t262 - 0x2a4, _t116, __eflags);
					 *((char*)(_t262 - 4)) = 5;
					_t122 = L0135D07B(_t262 - 0x2a4, __eflags, _t262 - 0x234);
					_t264 = _t263 + 0xc;
					__eflags = _t122;
					if(_t122 != 0) {
						__eflags =  *((intOrPtr*)(_t262 - 0x220)) - 8;
						_t123 =  *(_t262 - 0x234);
						if( *((intOrPtr*)(_t262 - 0x220)) < 8) {
							_t123 = _t262 - 0x234;
						}
						_t125 = GetPrivateProfileStringW(L"Profile0", L"Path", 0x13a0d00, _t262 - 0x218, 0x104, _t123);
						__eflags = _t125;
						if(_t125 <= 0) {
							goto L5;
						} else {
							_push(L"\\prefs.js");
							_push(0);
							_t265 = _t264 - 0x1c;
							 *((intOrPtr*)(_t262 - 0x304)) = _t265;
							_t251 = "\\";
							E01319B30(_t265, _t251);
							_t266 = _t265 - 0x1c;
							 *((char*)(_t262 - 4)) = 6;
							 *((intOrPtr*)(_t262 - 0x310)) = _t266;
							E01319B30(_t266, "/");
							_t267 = _t266 - 0x1c;
							 *((intOrPtr*)(_t262 - 0x30c)) = _t267;
							 *((char*)(_t262 - 4)) = 7;
							E01319B30(_t267, _t262 - 0x218);
							 *((char*)(_t262 - 4)) = 5;
							_t137 = E0135C1E5(0, _t262 - 0x2c0, _t248, _t251, _t256, __eflags);
							_push(_t251);
							 *((char*)(_t262 - 4)) = 8;
							_t139 = E01327646(0, _t262 - 0x2a4, _t137, __eflags);
							_t268 = _t267 + 0x60;
							 *((char*)(_t262 - 4)) = 9;
							_t256 = E013276AF(_t137, _t139, _t262 - 0x2f8);
							 *((char*)(_t262 - 4)) = 0xa;
							_t142 = E0132761B(_t262 - 0x26c, _t141, _t262 - 0x26c, _t262 - 0x2dc);
							 *((char*)(_t262 - 4)) = 0xb;
							E0131A941(_t262 - 0x234, _t142);
							_t250 = 1;
							E0131AA87(_t262 - 0x26c, 1, 0);
							E0131AA87(_t262 - 0x2f8, 1, 0);
							E0131AA87(_t262 - 0x2dc, 1, 0);
							 *((char*)(_t262 - 4)) = 5;
							E0131AA87(_t262 - 0x2c0, 1, 0);
							__eflags =  *((intOrPtr*)(_t262 - 0x220)) - 8;
							_t148 =  *(_t262 - 0x234);
							if(__eflags < 0) {
								_t148 = _t262 - 0x234;
							}
							_push(_t148);
							_push(_t262 - 0x3c0);
							E013262A9(0, _t250, _t256, __eflags);
							 *((char*)(_t262 - 4)) = 0xc;
							_t152 =  *((intOrPtr*)( *((intOrPtr*)(_t262 - 0x3c0)) + 4));
							__eflags =  *(_t262 + _t152 - 0x3b4) & 0x00000006;
							if(( *(_t262 + _t152 - 0x3b4) & 0x00000006) == 0) {
								 *((intOrPtr*)(_t262 - 0x274)) = 0xf;
								 *(_t262 - 0x278) = 0;
								 *((char*)(_t262 - 0x288)) = 0;
								 *((char*)(_t262 - 4)) = 0xd;
								while(1) {
									_t154 = E013276F8(_t262 - 0x3c0, _t262 - 0x288);
									asm("sbb eax, eax");
									__eflags =  *((intOrPtr*)( *_t154 + 4)) + _t154 &  !( ~( *( *((intOrPtr*)( *_t154 + 4)) + _t154 + 0xc) & 0x00000006));
									if(__eflags == 0) {
										break;
									}
									__eflags =  *(_t262 - 0x278);
									if( *(_t262 - 0x278) == 0) {
										continue;
									} else {
										_t227 = _t262 - 0x26c;
										E01319638(_t262 - 0x26c, "user_pref(\"browser.startup.homepage\", \"");
										 *((char*)(_t262 - 4)) = 0xe;
										__eflags =  *((intOrPtr*)(_t262 - 0x258)) - 0x10;
										_t161 =  *((intOrPtr*)(_t262 - 0x26c));
										if( *((intOrPtr*)(_t262 - 0x258)) < 0x10) {
											_t161 = _t262 - 0x26c;
										}
										_t163 = E01326C58(_t262 - 0x288, _t227, _t161,  *((intOrPtr*)(_t262 - 0x25c)));
										__eflags = _t163;
										if(_t163 >= 0) {
											_push(0xffffffff);
											_push(0xfde9);
											_push(0xfde9);
											 *((intOrPtr*)(_t262 - 0x30c)) = _t268 - 0x1c;
											E01325CE4( *((intOrPtr*)(_t262 - 0x25c)) + _t163, _t268 - 0x1c, _t262 - 0x288,  *((intOrPtr*)(_t262 - 0x25c)) + _t163, 0x3e8);
											_push(_t262 - 0x2c0);
											_t167 = E0135BED6(0, _t250, _t268 - 0x1c, __eflags);
											 *((char*)(_t262 - 4)) = 0xf;
											E0131A941(_t262 - 0x234, _t167);
											 *((char*)(_t262 - 4)) = 0xe;
											E0131AA87(_t262 - 0x2c0, _t250, 0);
											_t170 = E01376D83("\"");
											_t234 = _t262 - 0x234;
											_t172 = E01326DB6(0, _t262 - 0x234, "\"", _t170);
											__eflags = _t172;
											if(_t172 > 0) {
												_t184 = E01319C49(_t234, _t262 - 0x2c0, _t262 - 0x234, 0, _t172);
												 *((char*)(_t262 - 4)) = 0x10;
												E0131A941(_t262 - 0x250, _t184);
												E0131AA87(_t262 - 0x2c0, _t250, 0);
											}
											 *((char*)(_t262 - 4)) = 0xd;
											E01311524(_t262 - 0x26c, _t250, 0);
										} else {
											 *((char*)(_t262 - 4)) = 0xd;
											E01311524(_t262 - 0x26c, _t250, 0);
											continue;
										}
									}
									L24:
									_t256 = _t262 - 0x3c0;
									E01326379(_t262 - 0x3c0, __eflags);
									 *((intOrPtr*)( *((intOrPtr*)(_t262 - 0x308)))) = 0;
									E01319B61( *((intOrPtr*)(_t262 - 0x2fc)), _t262 - 0x250);
									 *((intOrPtr*)(_t262 - 0x300)) = _t250;
									E01311524(_t262 - 0x288, _t250, 0);
									goto L25;
								}
								goto L24;
							} else {
								E01319B61( *((intOrPtr*)(_t262 - 0x2fc)), _t262 - 0x250);
								 *((intOrPtr*)(_t262 - 0x300)) = _t250;
							}
							L25:
							 *((char*)(_t262 - 4)) = 5;
							E01323A9B(_t262 - 0x3c0);
							E0131AA87(_t262 - 0x234, _t250, 0);
							E0131AA87(_t262 - 0x2a4, _t250, 0);
							_push(0);
							_push(_t250);
						}
					} else {
						L5:
						E01319B61( *((intOrPtr*)(_t262 - 0x2fc)), _t262 - 0x250);
						E0131AA87(_t262 - 0x234, 1, 0);
						E0131AA87(_t262 - 0x2a4, 1, 0);
						_push(0);
						_push(1);
					}
					E0131AA87(_t262 - 0x250);
				} else {
					 *_t256 = GetLastError();
					E01319B61(_t250, _t262 - 0x250);
					E0131AA87(_t262 - 0x250, 1, 0);
				}
				return E0137C2C5(0, _t250, _t256);
			}




























                                                                                                                                                                                                                                0x01323ab5
                                                                                                                                                                                                                                0x01323ab5
                                                                                                                                                                                                                                0x01323abf
                                                                                                                                                                                                                                0x01323ac6
                                                                                                                                                                                                                                0x01323ac8
                                                                                                                                                                                                                                0x01323aca
                                                                                                                                                                                                                                0x01323ad0
                                                                                                                                                                                                                                0x01323ad6
                                                                                                                                                                                                                                0x01323adc
                                                                                                                                                                                                                                0x01323ae2
                                                                                                                                                                                                                                0x01323ae4
                                                                                                                                                                                                                                0x01323ae9
                                                                                                                                                                                                                                0x01323af4
                                                                                                                                                                                                                                0x01323afe
                                                                                                                                                                                                                                0x01323afe
                                                                                                                                                                                                                                0x01323b0e
                                                                                                                                                                                                                                0x01323b16
                                                                                                                                                                                                                                0x01323b1e
                                                                                                                                                                                                                                0x01323b25
                                                                                                                                                                                                                                0x01323b2d
                                                                                                                                                                                                                                0x01323b67
                                                                                                                                                                                                                                0x01323b7e
                                                                                                                                                                                                                                0x01323b80
                                                                                                                                                                                                                                0x01323b84
                                                                                                                                                                                                                                0x01323b94
                                                                                                                                                                                                                                0x01323b98
                                                                                                                                                                                                                                0x01323ba3
                                                                                                                                                                                                                                0x01323ba8
                                                                                                                                                                                                                                0x01323ba9
                                                                                                                                                                                                                                0x01323baf
                                                                                                                                                                                                                                0x01323bbb
                                                                                                                                                                                                                                0x01323bbf
                                                                                                                                                                                                                                0x01323bc4
                                                                                                                                                                                                                                0x01323bc7
                                                                                                                                                                                                                                0x01323bc9
                                                                                                                                                                                                                                0x01323c01
                                                                                                                                                                                                                                0x01323c08
                                                                                                                                                                                                                                0x01323c0e
                                                                                                                                                                                                                                0x01323c10
                                                                                                                                                                                                                                0x01323c10
                                                                                                                                                                                                                                0x01323c32
                                                                                                                                                                                                                                0x01323c38
                                                                                                                                                                                                                                0x01323c3a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01323c3c
                                                                                                                                                                                                                                0x01323c3c
                                                                                                                                                                                                                                0x01323c41
                                                                                                                                                                                                                                0x01323c42
                                                                                                                                                                                                                                0x01323c47
                                                                                                                                                                                                                                0x01323c4d
                                                                                                                                                                                                                                0x01323c53
                                                                                                                                                                                                                                0x01323c58
                                                                                                                                                                                                                                0x01323c5b
                                                                                                                                                                                                                                0x01323c61
                                                                                                                                                                                                                                0x01323c6c
                                                                                                                                                                                                                                0x01323c71
                                                                                                                                                                                                                                0x01323c7c
                                                                                                                                                                                                                                0x01323c83
                                                                                                                                                                                                                                0x01323c87
                                                                                                                                                                                                                                0x01323c92
                                                                                                                                                                                                                                0x01323c96
                                                                                                                                                                                                                                0x01323c9d
                                                                                                                                                                                                                                0x01323cab
                                                                                                                                                                                                                                0x01323caf
                                                                                                                                                                                                                                0x01323cb4
                                                                                                                                                                                                                                0x01323cc1
                                                                                                                                                                                                                                0x01323cd1
                                                                                                                                                                                                                                0x01323cd3
                                                                                                                                                                                                                                0x01323cd7
                                                                                                                                                                                                                                0x01323ce5
                                                                                                                                                                                                                                0x01323ce9
                                                                                                                                                                                                                                0x01323cf1
                                                                                                                                                                                                                                0x01323cf9
                                                                                                                                                                                                                                0x01323d06
                                                                                                                                                                                                                                0x01323d13
                                                                                                                                                                                                                                0x01323d20
                                                                                                                                                                                                                                0x01323d24
                                                                                                                                                                                                                                0x01323d29
                                                                                                                                                                                                                                0x01323d30
                                                                                                                                                                                                                                0x01323d36
                                                                                                                                                                                                                                0x01323d38
                                                                                                                                                                                                                                0x01323d38
                                                                                                                                                                                                                                0x01323d3e
                                                                                                                                                                                                                                0x01323d45
                                                                                                                                                                                                                                0x01323d46
                                                                                                                                                                                                                                0x01323d4b
                                                                                                                                                                                                                                0x01323d55
                                                                                                                                                                                                                                0x01323d58
                                                                                                                                                                                                                                0x01323d60
                                                                                                                                                                                                                                0x01323d7f
                                                                                                                                                                                                                                0x01323d89
                                                                                                                                                                                                                                0x01323d8f
                                                                                                                                                                                                                                0x01323d95
                                                                                                                                                                                                                                0x01323df3
                                                                                                                                                                                                                                0x01323e00
                                                                                                                                                                                                                                0x01323e17
                                                                                                                                                                                                                                0x01323e1b
                                                                                                                                                                                                                                0x01323e1d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01323d9b
                                                                                                                                                                                                                                0x01323da1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01323da3
                                                                                                                                                                                                                                0x01323da8
                                                                                                                                                                                                                                0x01323dae
                                                                                                                                                                                                                                0x01323db3
                                                                                                                                                                                                                                0x01323db7
                                                                                                                                                                                                                                0x01323dbe
                                                                                                                                                                                                                                0x01323dc4
                                                                                                                                                                                                                                0x01323dc6
                                                                                                                                                                                                                                0x01323dc6
                                                                                                                                                                                                                                0x01323dd9
                                                                                                                                                                                                                                0x01323dde
                                                                                                                                                                                                                                0x01323de0
                                                                                                                                                                                                                                0x01323e28
                                                                                                                                                                                                                                0x01323e2f
                                                                                                                                                                                                                                0x01323e30
                                                                                                                                                                                                                                0x01323e3c
                                                                                                                                                                                                                                0x01323e51
                                                                                                                                                                                                                                0x01323e5c
                                                                                                                                                                                                                                0x01323e5d
                                                                                                                                                                                                                                0x01323e6c
                                                                                                                                                                                                                                0x01323e70
                                                                                                                                                                                                                                0x01323e7d
                                                                                                                                                                                                                                0x01323e81
                                                                                                                                                                                                                                0x01323e8c
                                                                                                                                                                                                                                0x01323e96
                                                                                                                                                                                                                                0x01323e9c
                                                                                                                                                                                                                                0x01323ea1
                                                                                                                                                                                                                                0x01323ea3
                                                                                                                                                                                                                                0x01323eb4
                                                                                                                                                                                                                                0x01323ec0
                                                                                                                                                                                                                                0x01323ec4
                                                                                                                                                                                                                                0x01323ecd
                                                                                                                                                                                                                                0x01323ecd
                                                                                                                                                                                                                                0x01323eda
                                                                                                                                                                                                                                0x01323ede
                                                                                                                                                                                                                                0x01323de2
                                                                                                                                                                                                                                0x01323dea
                                                                                                                                                                                                                                0x01323dee
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01323dee
                                                                                                                                                                                                                                0x01323de0
                                                                                                                                                                                                                                0x01323ee3
                                                                                                                                                                                                                                0x01323ee3
                                                                                                                                                                                                                                0x01323ee9
                                                                                                                                                                                                                                0x01323efa
                                                                                                                                                                                                                                0x01323f03
                                                                                                                                                                                                                                0x01323f10
                                                                                                                                                                                                                                0x01323f16
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01323f16
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01323d62
                                                                                                                                                                                                                                0x01323d6f
                                                                                                                                                                                                                                0x01323d74
                                                                                                                                                                                                                                0x01323d74
                                                                                                                                                                                                                                0x01323f1b
                                                                                                                                                                                                                                0x01323f21
                                                                                                                                                                                                                                0x01323f25
                                                                                                                                                                                                                                0x01323f32
                                                                                                                                                                                                                                0x01323f3f
                                                                                                                                                                                                                                0x01323f44
                                                                                                                                                                                                                                0x01323f45
                                                                                                                                                                                                                                0x01323f45
                                                                                                                                                                                                                                0x01323bcb
                                                                                                                                                                                                                                0x01323bcb
                                                                                                                                                                                                                                0x01323bd8
                                                                                                                                                                                                                                0x01323be6
                                                                                                                                                                                                                                0x01323bf4
                                                                                                                                                                                                                                0x01323bf9
                                                                                                                                                                                                                                0x01323bfa
                                                                                                                                                                                                                                0x01323bfa
                                                                                                                                                                                                                                0x01323f4c
                                                                                                                                                                                                                                0x01323b2f
                                                                                                                                                                                                                                0x01323b35
                                                                                                                                                                                                                                0x01323b40
                                                                                                                                                                                                                                0x01323b4e
                                                                                                                                                                                                                                0x01323b53
                                                                                                                                                                                                                                0x01323f5c

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01323ABF
                                                                                                                                                                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,013A0D00,000003B4,0131F027), ref: 01323B25
                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(Profile0,Path,013A0D00,?,00000104,?), ref: 01323C32
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 01323B2F
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0132761B: _wcslen.LIBCMT ref: 01327627
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                  • Part of subcall function 01327646: __EH_prolog3.LIBCMT ref: 0132764D
                                                                                                                                                                                                                                  • Part of subcall function 01327646: _wcslen.LIBCMT ref: 01327679
                                                                                                                                                                                                                                  • Part of subcall function 01327646: _wcslen.LIBCMT ref: 01327697
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen$H_prolog3_$CurrentErrorFolderH_prolog3LastLocalPathPrivateProcessProfileSpecialStringTime_memmove_memset_strlenswprintf
                                                                                                                                                                                                                                • String ID: GetFFIncumbentHPR in$Path$Profile0$\Mozilla\Firefox$\prefs.js$\profiles.ini$user_pref("browser.startup.homepage", "
                                                                                                                                                                                                                                • API String ID: 2130657467-4150795336
                                                                                                                                                                                                                                • Opcode ID: c9761b45d4666f74e5036d26acde8b1f1414a52b0f2c8c150f3799723fdacf95
                                                                                                                                                                                                                                • Instruction ID: 14d5629bb4a1652ebe3f7cc68a702c85df5942269a3a66b83a0219be27183f59
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9761b45d4666f74e5036d26acde8b1f1414a52b0f2c8c150f3799723fdacf95
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BC1717190126AAADB25FB68CD98BEEB7BCAF25308F5041D9E409A3140DB745F84CF61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135B9B7, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 140encryptionmemorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 48%
                                                                                                                                                                                                                                			E0135B9B7(void* __ebx, WCHAR* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t53;
				void* _t62;
				void* _t75;
				void* _t77;
				intOrPtr _t79;
				void* _t84;
				intOrPtr _t86;
				void* _t95;
				intOrPtr* _t102;
				void* _t103;
				void* _t104;
				void* _t105;

				_t95 = __edx;
				_push(0xa0);
				E0137C1D9(0x1393d05, __ebx, __edi, __esi);
				_t97 = __ecx;
				if(__ecx == 0 || lstrlenW(__ecx) == 0) {
					_t50 = 0x80070057;
					goto L14;
				} else {
					if(E0135BD46(0, _t97) < 0) {
						L14:
						return E0137C2B1(_t50);
					}
					 *((intOrPtr*)(_t105 - 0x1c)) = 0;
					 *((intOrPtr*)(_t105 - 0x18)) = 0;
					 *(_t105 - 0x14) = 0;
					 *((intOrPtr*)(_t105 - 4)) = 0;
					_t53 =  *0x13bc000; // 0x139c820
					 *((intOrPtr*)(_t105 - 0x30)) =  *((intOrPtr*)(_t53 + 0xc))() + 0x10;
					E0131F24F(_t105 - 0x2c);
					E0131F24F(_t105 - 0x28);
					_t62 = _t105 - 0x34;
					 *((char*)(_t105 - 4)) = 1;
					 *((intOrPtr*)(_t105 - 0x20)) = 0x80004005;
					__imp__CryptQueryObject(1, _t97, 0x400, 2, 0, _t62, _t105 - 0x38, _t105 - 0x3c, _t105 - 0x1c, _t105 - 0x18, 0);
					if(_t62 == 0) {
						L12:
						E0131EAF8( *((intOrPtr*)(_t105 - 0x28)) + 0xfffffff0, _t95);
						E0131EAF8( *((intOrPtr*)(_t105 - 0x2c)) + 0xfffffff0, _t95);
						E0131EAF8( *((intOrPtr*)(_t105 - 0x30)) + 0xfffffff0, _t95);
						LocalFree( *(_t105 - 0x14));
						_t50 =  *((intOrPtr*)(_t105 - 0x20));
						goto L14;
					} else {
						_t102 = __imp__CryptMsgGetParam;
						_push(_t105 - 0x24);
						_push(0);
						_push(0);
						_push(6);
						_push( *((intOrPtr*)(_t105 - 0x18)));
						if( *_t102() != 0) {
							_t75 = LocalAlloc(0x40,  *(_t105 - 0x24));
							 *(_t105 - 0x14) = _t75;
							if(_t75 != 0) {
								_t77 =  *_t102( *((intOrPtr*)(_t105 - 0x18)), 6, 0,  *(_t105 - 0x14), _t105 - 0x24);
								_t115 = _t77;
								if(_t77 != 0) {
									_t103 =  *(_t105 - 0x14);
									_push(_t105 - 0x30);
									_t79 = E0135BBA8(0, _t103, _t97, _t103, _t115);
									 *((intOrPtr*)(_t105 - 0x20)) = _t79;
									if(_t79 >= 0) {
										_t97 =  *((intOrPtr*)(_t105 + 8));
										E01354351(_t105 - 0x30,  *((intOrPtr*)(_t105 + 8)));
									}
									 *((intOrPtr*)(_t105 - 0x94)) =  *((intOrPtr*)(_t103 + 4));
									 *((intOrPtr*)(_t105 - 0x90)) =  *((intOrPtr*)(_t103 + 8));
									 *((intOrPtr*)(_t105 - 0xa8)) =  *((intOrPtr*)(_t103 + 0xc));
									 *((intOrPtr*)(_t105 - 0xa4)) =  *((intOrPtr*)(_t103 + 0x10));
									_t84 = _t105 - 0xac;
									__imp__CertFindCertificateInStore( *((intOrPtr*)(_t105 - 0x1c)), 0x10001, 0, 0xb0000, _t84, 0);
									_t104 = _t84;
									_t117 = _t104;
									if(_t104 != 0) {
										E0135BCAD(0, _t97, _t104, _t117);
										_t86 = E0135BCAD(0, _t97, _t104, _t117);
										 *((intOrPtr*)(_t105 - 0x20)) = _t86;
										__imp__CertFreeCertificateContext(_t104, _t104, 3, "2.5.4.11",  *((intOrPtr*)(_t105 + 0x10)), _t104, 4, 0,  *((intOrPtr*)(_t105 + 0xc)));
									}
								}
							}
						}
						__imp__CertCloseStore( *((intOrPtr*)(_t105 - 0x1c)), 0);
						__imp__CryptMsgClose( *((intOrPtr*)(_t105 - 0x18)));
						goto L12;
					}
				}
			}















                                                                                                                                                                                                                                0x0135b9b7
                                                                                                                                                                                                                                0x0135b9b7
                                                                                                                                                                                                                                0x0135b9c1
                                                                                                                                                                                                                                0x0135b9c6
                                                                                                                                                                                                                                0x0135b9cc
                                                                                                                                                                                                                                0x0135bb72
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135b9e1
                                                                                                                                                                                                                                0x0135b9ea
                                                                                                                                                                                                                                0x0135bb77
                                                                                                                                                                                                                                0x0135bb7c
                                                                                                                                                                                                                                0x0135bb7c
                                                                                                                                                                                                                                0x0135b9f0
                                                                                                                                                                                                                                0x0135b9f3
                                                                                                                                                                                                                                0x0135b9f6
                                                                                                                                                                                                                                0x0135b9f9
                                                                                                                                                                                                                                0x0135b9fc
                                                                                                                                                                                                                                0x0135ba0f
                                                                                                                                                                                                                                0x0135ba12
                                                                                                                                                                                                                                0x0135ba1a
                                                                                                                                                                                                                                0x0135ba30
                                                                                                                                                                                                                                0x0135ba3f
                                                                                                                                                                                                                                0x0135ba43
                                                                                                                                                                                                                                0x0135ba4a
                                                                                                                                                                                                                                0x0135ba52
                                                                                                                                                                                                                                0x0135bb43
                                                                                                                                                                                                                                0x0135bb49
                                                                                                                                                                                                                                0x0135bb54
                                                                                                                                                                                                                                0x0135bb5f
                                                                                                                                                                                                                                0x0135bb67
                                                                                                                                                                                                                                0x0135bb6d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135ba58
                                                                                                                                                                                                                                0x0135ba58
                                                                                                                                                                                                                                0x0135ba61
                                                                                                                                                                                                                                0x0135ba62
                                                                                                                                                                                                                                0x0135ba63
                                                                                                                                                                                                                                0x0135ba64
                                                                                                                                                                                                                                0x0135ba66
                                                                                                                                                                                                                                0x0135ba6d
                                                                                                                                                                                                                                0x0135ba78
                                                                                                                                                                                                                                0x0135ba7e
                                                                                                                                                                                                                                0x0135ba83
                                                                                                                                                                                                                                0x0135ba96
                                                                                                                                                                                                                                0x0135ba98
                                                                                                                                                                                                                                0x0135ba9a
                                                                                                                                                                                                                                0x0135baa0
                                                                                                                                                                                                                                0x0135baa6
                                                                                                                                                                                                                                0x0135baa9
                                                                                                                                                                                                                                0x0135baaf
                                                                                                                                                                                                                                0x0135bab4
                                                                                                                                                                                                                                0x0135bab6
                                                                                                                                                                                                                                0x0135babc
                                                                                                                                                                                                                                0x0135babc
                                                                                                                                                                                                                                0x0135bac4
                                                                                                                                                                                                                                0x0135bacd
                                                                                                                                                                                                                                0x0135bad6
                                                                                                                                                                                                                                0x0135bae0
                                                                                                                                                                                                                                0x0135bae6
                                                                                                                                                                                                                                0x0135bafb
                                                                                                                                                                                                                                0x0135bb01
                                                                                                                                                                                                                                0x0135bb03
                                                                                                                                                                                                                                0x0135bb05
                                                                                                                                                                                                                                0x0135bb0e
                                                                                                                                                                                                                                0x0135bb1e
                                                                                                                                                                                                                                0x0135bb27
                                                                                                                                                                                                                                0x0135bb2a
                                                                                                                                                                                                                                0x0135bb2a
                                                                                                                                                                                                                                0x0135bb05
                                                                                                                                                                                                                                0x0135ba9a
                                                                                                                                                                                                                                0x0135ba83
                                                                                                                                                                                                                                0x0135bb34
                                                                                                                                                                                                                                0x0135bb3d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135bb3d
                                                                                                                                                                                                                                0x0135ba52

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0135B9C1
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,000000A0,0135DF51,00000008,?,?,?,?,?,?,?,?,0000001C), ref: 0135B9D3
                                                                                                                                                                                                                                  • Part of subcall function 0135BD46: _memset.LIBCMT ref: 0135BD67
                                                                                                                                                                                                                                  • Part of subcall function 0135BD46: WinVerifyTrust.WINTRUST(00000000,000000A0,?), ref: 0135BDCD
                                                                                                                                                                                                                                • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,00000008,?,00000000), ref: 0135BA4A
                                                                                                                                                                                                                                • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 0135BA69
                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,?,00000400,00000002,00000000,?,?,?,00000008,?,00000000,?,000000A0,0135DF51,00000008), ref: 0135BA78
                                                                                                                                                                                                                                • CryptMsgGetParam.CRYPT32(?,00000006,00000000,?,?), ref: 0135BA96
                                                                                                                                                                                                                                  • Part of subcall function 0135BBA8: __EH_prolog3.LIBCMT ref: 0135BBAF
                                                                                                                                                                                                                                • CertFindCertificateInStore.CRYPT32(00000008,00010001,00000000,000B0000,?,00000000), ref: 0135BAFB
                                                                                                                                                                                                                                • CertFreeCertificateContext.CRYPT32(00000000), ref: 0135BB2A
                                                                                                                                                                                                                                • CertCloseStore.CRYPT32(00000008,00000000), ref: 0135BB34
                                                                                                                                                                                                                                • CryptMsgClose.CRYPT32(?), ref: 0135BB3D
                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,00000400,00000002,00000000,?,?,?,00000008,?,00000000,?,000000A0,0135DF51,00000008,?), ref: 0135BB67
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Crypt$Cert$CertificateCloseFreeH_prolog3LocalParamStore$AllocContextFindObjectQueryTrustVerify_memsetlstrlen
                                                                                                                                                                                                                                • String ID: 2.5.4.11
                                                                                                                                                                                                                                • API String ID: 1126678375-3440889159
                                                                                                                                                                                                                                • Opcode ID: 5f656bed78d9850620c098c75d1ed7d04a51b12f5cb48c5d19ecd73e0dbbd16d
                                                                                                                                                                                                                                • Instruction ID: 7d0a7cdf94704d4eff04315bbde907eaa0e7eba6d3d868075cc6fb545927b0d4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f656bed78d9850620c098c75d1ed7d04a51b12f5cb48c5d19ecd73e0dbbd16d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1513C72D0021AAFDF20DFA8CC85EEEBBB9BF09708F044125FA15B7254D77199458B61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135BBA8, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 56%
                                                                                                                                                                                                                                			E0135BBA8(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t36;
				intOrPtr* _t41;
				void* _t42;
				CHAR* _t50;
				void* _t61;
				intOrPtr _t62;
				signed int _t65;
				signed int _t66;
				intOrPtr* _t67;
				void* _t68;
				void* _t69;

				_push(0xc);
				E0137C1D9(0x1393cda, __ebx, __edi, __esi);
				_t61 = __ecx;
				_t65 = 0;
				if(__ecx != 0) {
					 *(_t69 - 0x18) = 0x80004005;
					 *(_t69 - 0x14) = 0;
					if( *((intOrPtr*)(__ecx + 0x34)) <= 0) {
						L16:
						_t36 =  *(_t69 - 0x18);
						goto L17;
					}
					 *(_t69 - 0x10) = 0;
					_t50 = "1.3.6.1.4.1.311.2.1.12";
					while(lstrcmpA(_t50,  *( *((intOrPtr*)(_t61 + 0x38)) +  *(_t69 - 0x10))) != 0) {
						 *(_t69 - 0x10) =  *(_t69 - 0x10) + 0xc;
						_t65 = _t65 + 1;
						if(_t65 <  *((intOrPtr*)(_t61 + 0x34))) {
							continue;
						}
						goto L16;
					}
					_t66 = _t65 * 0xc;
					_t41 =  *((intOrPtr*)( *((intOrPtr*)(_t61 + 0x38)) + _t66 + 8));
					__imp__CryptDecodeObject(0x10001, _t50,  *((intOrPtr*)(_t41 + 4)),  *_t41, 0, 0, _t69 - 0x14);
					if(_t41 != 0) {
						 *(_t69 - 4) =  *(_t69 - 4) & 0x00000000;
						_t42 = LocalAlloc(0x40,  *(_t69 - 0x14));
						 *(_t69 - 0x10) = _t42;
						if(_t42 != 0) {
							_t67 =  *((intOrPtr*)( *((intOrPtr*)(_t61 + 0x38)) + _t66 + 8));
							__imp__CryptDecodeObject(0x10001, _t50,  *((intOrPtr*)(_t67 + 4)),  *_t67, 0, _t42, _t69 - 0x14);
							if(_t42 != 0) {
								_t68 =  *(_t69 - 0x10);
								_t43 =  *_t68;
								_t62 =  *((intOrPtr*)(_t69 + 8));
								if( *_t68 != 0) {
									E01326209(_t62, _t43);
								}
								E0135BB7D( *((intOrPtr*)(_t68 + 8)), _t62 + 4);
								E0135BB7D( *((intOrPtr*)(_t68 + 4)), _t62 + 8);
								 *(_t69 - 0x18) =  *(_t69 - 0x18) & 0x00000000;
								_push(_t68);
							} else {
								_push( *(_t69 - 0x10));
							}
						} else {
							_push(_t42);
						}
						LocalFree();
					}
					goto L16;
				} else {
					_t36 = 0x80070057;
					L17:
					return E0137C2B1(_t36);
				}
			}














                                                                                                                                                                                                                                0x0135bba8
                                                                                                                                                                                                                                0x0135bbaf
                                                                                                                                                                                                                                0x0135bbb4
                                                                                                                                                                                                                                0x0135bbb6
                                                                                                                                                                                                                                0x0135bbba
                                                                                                                                                                                                                                0x0135bbc6
                                                                                                                                                                                                                                0x0135bbcd
                                                                                                                                                                                                                                0x0135bbd3
                                                                                                                                                                                                                                0x0135bca4
                                                                                                                                                                                                                                0x0135bca4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135bca4
                                                                                                                                                                                                                                0x0135bbd9
                                                                                                                                                                                                                                0x0135bbdc
                                                                                                                                                                                                                                0x0135bbe1
                                                                                                                                                                                                                                0x0135bbf5
                                                                                                                                                                                                                                0x0135bbf9
                                                                                                                                                                                                                                0x0135bbfd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135bbff
                                                                                                                                                                                                                                0x0135bc07
                                                                                                                                                                                                                                0x0135bc0a
                                                                                                                                                                                                                                0x0135bc21
                                                                                                                                                                                                                                0x0135bc29
                                                                                                                                                                                                                                0x0135bc2b
                                                                                                                                                                                                                                0x0135bc34
                                                                                                                                                                                                                                0x0135bc3a
                                                                                                                                                                                                                                0x0135bc3f
                                                                                                                                                                                                                                0x0135bc47
                                                                                                                                                                                                                                0x0135bc5d
                                                                                                                                                                                                                                0x0135bc65
                                                                                                                                                                                                                                0x0135bc6c
                                                                                                                                                                                                                                0x0135bc6f
                                                                                                                                                                                                                                0x0135bc71
                                                                                                                                                                                                                                0x0135bc76
                                                                                                                                                                                                                                0x0135bc7a
                                                                                                                                                                                                                                0x0135bc7a
                                                                                                                                                                                                                                0x0135bc86
                                                                                                                                                                                                                                0x0135bc92
                                                                                                                                                                                                                                0x0135bc97
                                                                                                                                                                                                                                0x0135bc9d
                                                                                                                                                                                                                                0x0135bc67
                                                                                                                                                                                                                                0x0135bc67
                                                                                                                                                                                                                                0x0135bc67
                                                                                                                                                                                                                                0x0135bc41
                                                                                                                                                                                                                                0x0135bc41
                                                                                                                                                                                                                                0x0135bc41
                                                                                                                                                                                                                                0x0135bc9e
                                                                                                                                                                                                                                0x0135bc9e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135bbbc
                                                                                                                                                                                                                                0x0135bbbc
                                                                                                                                                                                                                                0x0135bca7
                                                                                                                                                                                                                                0x0135bcac
                                                                                                                                                                                                                                0x0135bcac

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0135BBAF
                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(1.3.6.1.4.1.311.2.1.12,?,0000000C,0135BAAE,?,?,00000400,00000002,00000000,?,?,?,00000008,?,00000000), ref: 0135BBEB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3lstrcmp
                                                                                                                                                                                                                                • String ID: 1.3.6.1.4.1.311.2.1.12
                                                                                                                                                                                                                                • API String ID: 2393311492-2596186611
                                                                                                                                                                                                                                • Opcode ID: ce71565acadf7b18f60001780f5f4ce19cf204aa788dbf961af53687bc28e4af
                                                                                                                                                                                                                                • Instruction ID: 209c78f20e23c4d0fab956321f7703d1cc7af5279246a504f0796aa029dd5012
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce71565acadf7b18f60001780f5f4ce19cf204aa788dbf961af53687bc28e4af
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC316B71A0021BEFDF619F94C945FAEB77AFF14B08F110009EA06AB654DB71A950CB94
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013748C1, Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E013748C1(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x13bce20; // 0xa1d783ff
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x13c1c80 = _t6;
				 *0x13c1c7c = _t22;
				 *0x13c1c78 = _t25;
				 *0x13c1c74 = _t21;
				 *0x13c1c70 = _t27;
				 *0x13c1c6c = _t26;
				 *0x13c1c98 = ss;
				 *0x13c1c8c = cs;
				 *0x13c1c68 = ds;
				 *0x13c1c64 = es;
				 *0x13c1c60 = fs;
				 *0x13c1c5c = gs;
				asm("pushfd");
				_pop( *0x13c1c90);
				 *0x13c1c84 =  *_t31;
				 *0x13c1c88 = _v0;
				 *0x13c1c94 =  &_a4;
				 *0x13c1bd0 = 0x10001;
				_t11 =  *0x13c1c88; // 0x0
				 *0x13c1b84 = _t11;
				 *0x13c1b78 = 0xc0000409;
				 *0x13c1b7c = 1;
				_t12 =  *0x13bce20; // 0xa1d783ff
				_v812 = _t12;
				_t13 =  *0x13bce24; // 0x5e287c00
				_v808 = _t13;
				 *0x13c1bc8 = IsDebuggerPresent();
				_push(1);
				E0138AF6C(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x139dd04);
				if( *0x13c1bc8 == 0) {
					_push(1);
					E0138AF6C(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                                                                                                0x013748c1
                                                                                                                                                                                                                                0x013748c1
                                                                                                                                                                                                                                0x013748c1
                                                                                                                                                                                                                                0x013748c1
                                                                                                                                                                                                                                0x013748c1
                                                                                                                                                                                                                                0x013748c1
                                                                                                                                                                                                                                0x013748c1
                                                                                                                                                                                                                                0x013748c7
                                                                                                                                                                                                                                0x013748c9
                                                                                                                                                                                                                                0x013748c9
                                                                                                                                                                                                                                0x0137ebcf
                                                                                                                                                                                                                                0x0137ebd4
                                                                                                                                                                                                                                0x0137ebda
                                                                                                                                                                                                                                0x0137ebe0
                                                                                                                                                                                                                                0x0137ebe6
                                                                                                                                                                                                                                0x0137ebec
                                                                                                                                                                                                                                0x0137ebf2
                                                                                                                                                                                                                                0x0137ebf9
                                                                                                                                                                                                                                0x0137ec00
                                                                                                                                                                                                                                0x0137ec07
                                                                                                                                                                                                                                0x0137ec0e
                                                                                                                                                                                                                                0x0137ec15
                                                                                                                                                                                                                                0x0137ec1c
                                                                                                                                                                                                                                0x0137ec1d
                                                                                                                                                                                                                                0x0137ec26
                                                                                                                                                                                                                                0x0137ec2e
                                                                                                                                                                                                                                0x0137ec36
                                                                                                                                                                                                                                0x0137ec41
                                                                                                                                                                                                                                0x0137ec4b
                                                                                                                                                                                                                                0x0137ec50
                                                                                                                                                                                                                                0x0137ec55
                                                                                                                                                                                                                                0x0137ec5f
                                                                                                                                                                                                                                0x0137ec69
                                                                                                                                                                                                                                0x0137ec6e
                                                                                                                                                                                                                                0x0137ec74
                                                                                                                                                                                                                                0x0137ec79
                                                                                                                                                                                                                                0x0137ec85
                                                                                                                                                                                                                                0x0137ec8a
                                                                                                                                                                                                                                0x0137ec8c
                                                                                                                                                                                                                                0x0137ec94
                                                                                                                                                                                                                                0x0137ec9f
                                                                                                                                                                                                                                0x0137ecac
                                                                                                                                                                                                                                0x0137ecae
                                                                                                                                                                                                                                0x0137ecb0
                                                                                                                                                                                                                                0x0137ecb5
                                                                                                                                                                                                                                0x0137ecc9

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 0137EC7F
                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0137EC94
                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(0139DD04), ref: 0137EC9F
                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 0137ECBB
                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 0137ECC2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2579439406-0
                                                                                                                                                                                                                                • Opcode ID: ee8231be6f686f6f6703b5e52978ab4cddc6fa6685d920f4852f7f041f3d4175
                                                                                                                                                                                                                                • Instruction ID: 11178db8052ae2c95c776d8e0869c68aee9bb9b671ba4d9e12f77c77124edcbe
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee8231be6f686f6f6703b5e52978ab4cddc6fa6685d920f4852f7f041f3d4175
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1721DFBA810304DFDB30EF68F4846583BACBB08304F10905AF5098739AEBB5A591EF55
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134695A, Relevance: 52.7, APIs: 29, Strings: 1, Instructions: 228windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E0134695A(void* __ebx, void* __edx, struct HDC__* _a4) {
				signed int _v12;
				void* _v24;
				struct tagRECT _v28;
				struct tagRECT _v44;
				void _v144;
				void _v240;
				long _v244;
				WCHAR* _v248;
				void* _v252;
				long _v256;
				void* _v260;
				WCHAR* _v264;
				int _v268;
				void* __edi;
				void* __esi;
				signed int _t112;
				long _t124;
				intOrPtr _t126;
				WCHAR* _t128;
				signed char _t129;
				void* _t133;
				long _t149;
				intOrPtr _t151;
				struct tagRECT* _t153;
				void* _t167;
				signed int _t168;
				void* _t178;
				RECT* _t179;
				RECT* _t183;
				signed int _t185;

				_t177 = __edx;
				_t167 = __ebx;
				_t112 =  *0x13bce20; // 0xa1d783ff
				_v12 = _t112 ^ _t185;
				if(( *(__ebx + 0x54) >> 0x00000004 & 0x00000001) == 0) {
					_t178 =  *(__ebx + 0x34);
					_v244 = _v244 & 0x00000000;
					E013206D4(__ebx, __edx, _t178, L"Segoe UI",  &_v244, 0x5a, 0, 1, 1);
					GetObjectW(_t178, 0x5c,  &_v240);
					GetObjectW(_v244, 0x5c,  &_v144);
					SetBkMode(_a4, 1);
					if(IsWindowEnabled( *(__ebx + 4)) == 0) {
						_t124 = GetSysColor(0x11);
					} else {
						_t124 =  *(__ebx + 0x4c);
					}
					_t179 = SetTextColor;
					_v260 = SetTextColor(_a4, _t124);
					_t126 =  *((intOrPtr*)(_t167 + 0x30));
					if(_t126 == 0 || ( *(_t167 + 0x54) >> 0x00000001 & 0x00000001) != 0 && ( *(_t167 + 0x58) & 0x00000004) == 0) {
						_push( *(_t167 + 0x34));
					} else {
						_push(_t126);
					}
					_v252 = SelectObject(_a4, ??);
					_t128 =  *((intOrPtr*)(_t167 + 0x24));
					if(_t128 == 0) {
						_t128 =  *((intOrPtr*)(_t167 + 0x28));
					}
					_v248 = _t128;
					_t129 = GetWindowLongW( *(_t167 + 4), 0xfffffff0);
					_t168 = 0;
					if((_t129 & 0x00000001) == 0) {
						if((_t129 & 0x00000002) != 0) {
							_t168 = 2;
						}
					} else {
						_t168 = 1;
					}
					_t183 = _t167 + 0x38;
					DrawTextW(_a4, _v248, 0xffffffff, _t183, _t168 | 0x00000010);
					if(GetFocus() ==  *(_t167 + 4)) {
						DrawFocusRect(_a4, _t183);
					}
					SetTextColor(_a4, _v260);
					_t133 = SelectObject(_a4, _v252);
					if(_v244 != 0) {
						_t133 = DeleteObject(_v244);
					}
					L34:
					return E013748C1(_t133, _t167, _v12 ^ _t185, _t177, _t179, _t183);
				}
				_v244 = 0;
				_v256 = 0;
				_v252 = 0;
				_v268 = 0;
				_v264 = 0;
				_v248 = 0;
				E0134686A(__ebx,  &_v244,  &_v256,  &_v252,  &_v268,  &_v264,  &_v248);
				_v28.left = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				GetClientRect( *(__ebx + 4),  &_v28);
				SetBkMode(_a4, 1);
				_t179 = SelectObject;
				_v260 = SelectObject(_a4,  *(__ebx + 0x34));
				if(_v244 != 0) {
					DrawTextW(_a4, _v244, _v256,  &_v28, 0x10);
				}
				if(IsWindowEnabled( *(_t167 + 4)) == 0) {
					_t149 = GetSysColor(0x11);
				} else {
					_t149 =  *(_t167 + 0x4c);
				}
				_t183 = SetTextColor;
				_v256 = SetTextColor(_a4, _t149);
				_t151 =  *((intOrPtr*)(_t167 + 0x30));
				if(_t151 == 0 || ( *(_t167 + 0x54) >> 0x00000001 & 0x00000001) != 0 && ( *(_t167 + 0x58) & 0x00000004) == 0) {
					_push( *(_t167 + 0x34));
				} else {
					_push(_t151);
				}
				SelectObject(_a4, ??);
				_t153 = _t167 + 0x38;
				_v244 = _t153;
				DrawTextW(_a4, _v252, _v268, _t153, 0x10);
				SetTextColor(_a4, _v256);
				SelectObject(_a4,  *(_t167 + 0x34));
				if(_v264 != 0) {
					_v44.left =  *(_t167 + 0x40);
					_v44.top =  *((intOrPtr*)(_t167 + 0x3c));
					_v44.right = _v28.right;
					_v44.bottom = _v28.bottom;
					DrawTextW(_a4, _v264, _v248,  &_v44, 0x10);
				}
				if(GetFocus() ==  *(_t167 + 4)) {
					DrawFocusRect(_a4, _v244);
				}
				_t133 = SelectObject(_a4, _v260);
				goto L34;
			}

































                                                                                                                                                                                                                                0x0134695a
                                                                                                                                                                                                                                0x0134695a
                                                                                                                                                                                                                                0x01346963
                                                                                                                                                                                                                                0x0134696a
                                                                                                                                                                                                                                0x01346977
                                                                                                                                                                                                                                0x01346b16
                                                                                                                                                                                                                                0x01346b19
                                                                                                                                                                                                                                0x01346b34
                                                                                                                                                                                                                                0x01346b49
                                                                                                                                                                                                                                0x01346b5a
                                                                                                                                                                                                                                0x01346b61
                                                                                                                                                                                                                                0x01346b72
                                                                                                                                                                                                                                0x01346b7b
                                                                                                                                                                                                                                0x01346b74
                                                                                                                                                                                                                                0x01346b74
                                                                                                                                                                                                                                0x01346b74
                                                                                                                                                                                                                                0x01346b81
                                                                                                                                                                                                                                0x01346b8d
                                                                                                                                                                                                                                0x01346b93
                                                                                                                                                                                                                                0x01346b98
                                                                                                                                                                                                                                0x01346bad
                                                                                                                                                                                                                                0x01346baa
                                                                                                                                                                                                                                0x01346baa
                                                                                                                                                                                                                                0x01346baa
                                                                                                                                                                                                                                0x01346bb9
                                                                                                                                                                                                                                0x01346bbf
                                                                                                                                                                                                                                0x01346bc4
                                                                                                                                                                                                                                0x01346bc6
                                                                                                                                                                                                                                0x01346bc6
                                                                                                                                                                                                                                0x01346bce
                                                                                                                                                                                                                                0x01346bd4
                                                                                                                                                                                                                                0x01346bda
                                                                                                                                                                                                                                0x01346bde
                                                                                                                                                                                                                                0x01346be5
                                                                                                                                                                                                                                0x01346be9
                                                                                                                                                                                                                                0x01346be9
                                                                                                                                                                                                                                0x01346be0
                                                                                                                                                                                                                                0x01346be0
                                                                                                                                                                                                                                0x01346be0
                                                                                                                                                                                                                                0x01346bee
                                                                                                                                                                                                                                0x01346bfd
                                                                                                                                                                                                                                0x01346c0c
                                                                                                                                                                                                                                0x01346c12
                                                                                                                                                                                                                                0x01346c12
                                                                                                                                                                                                                                0x01346c21
                                                                                                                                                                                                                                0x01346c2c
                                                                                                                                                                                                                                0x01346c39
                                                                                                                                                                                                                                0x01346c41
                                                                                                                                                                                                                                0x01346c41
                                                                                                                                                                                                                                0x01346c47
                                                                                                                                                                                                                                0x01346c54
                                                                                                                                                                                                                                0x01346c54
                                                                                                                                                                                                                                0x013469ab
                                                                                                                                                                                                                                0x013469b1
                                                                                                                                                                                                                                0x013469b7
                                                                                                                                                                                                                                0x013469bd
                                                                                                                                                                                                                                0x013469c3
                                                                                                                                                                                                                                0x013469c9
                                                                                                                                                                                                                                0x013469cf
                                                                                                                                                                                                                                0x013469d6
                                                                                                                                                                                                                                0x013469dc
                                                                                                                                                                                                                                0x013469dd
                                                                                                                                                                                                                                0x013469de
                                                                                                                                                                                                                                0x013469e6
                                                                                                                                                                                                                                0x013469f1
                                                                                                                                                                                                                                0x013469fa
                                                                                                                                                                                                                                0x01346a05
                                                                                                                                                                                                                                0x01346a11
                                                                                                                                                                                                                                0x01346a28
                                                                                                                                                                                                                                0x01346a28
                                                                                                                                                                                                                                0x01346a39
                                                                                                                                                                                                                                0x01346a42
                                                                                                                                                                                                                                0x01346a3b
                                                                                                                                                                                                                                0x01346a3b
                                                                                                                                                                                                                                0x01346a3b
                                                                                                                                                                                                                                0x01346a48
                                                                                                                                                                                                                                0x01346a54
                                                                                                                                                                                                                                0x01346a5a
                                                                                                                                                                                                                                0x01346a5f
                                                                                                                                                                                                                                0x01346a74
                                                                                                                                                                                                                                0x01346a71
                                                                                                                                                                                                                                0x01346a71
                                                                                                                                                                                                                                0x01346a71
                                                                                                                                                                                                                                0x01346a7a
                                                                                                                                                                                                                                0x01346a7e
                                                                                                                                                                                                                                0x01346a88
                                                                                                                                                                                                                                0x01346a97
                                                                                                                                                                                                                                0x01346aa6
                                                                                                                                                                                                                                0x01346aae
                                                                                                                                                                                                                                0x01346ab7
                                                                                                                                                                                                                                0x01346abc
                                                                                                                                                                                                                                0x01346ac2
                                                                                                                                                                                                                                0x01346ac8
                                                                                                                                                                                                                                0x01346ad0
                                                                                                                                                                                                                                0x01346ae6
                                                                                                                                                                                                                                0x01346ae6
                                                                                                                                                                                                                                0x01346af5
                                                                                                                                                                                                                                0x01346b00
                                                                                                                                                                                                                                0x01346b00
                                                                                                                                                                                                                                0x01346b0f
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 013469E6
                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 013469F1
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01346A03
                                                                                                                                                                                                                                • DrawTextW.USER32 ref: 01346A28
                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 01346A31
                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 01346A42
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 01346A52
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01346A7A
                                                                                                                                                                                                                                • DrawTextW.USER32 ref: 01346A97
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 01346AA6
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01346AAE
                                                                                                                                                                                                                                • DrawTextW.USER32 ref: 01346AE6
                                                                                                                                                                                                                                • GetFocus.USER32 ref: 01346AEC
                                                                                                                                                                                                                                • DrawFocusRect.USER32 ref: 01346B00
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01346B0F
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?,00000000,0000005A,00000000,00000001,00000001,?,?), ref: 01346B49
                                                                                                                                                                                                                                • GetObjectW.GDI32(00000000,0000005C,?,?,?), ref: 01346B5A
                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 01346B61
                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 01346B6A
                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 01346B7B
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 01346B8B
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01346BB3
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 01346BD4
                                                                                                                                                                                                                                • DrawTextW.USER32 ref: 01346BFD
                                                                                                                                                                                                                                • GetFocus.USER32 ref: 01346C03
                                                                                                                                                                                                                                • DrawFocusRect.USER32 ref: 01346C12
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 01346C21
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01346C2C
                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 01346C41
                                                                                                                                                                                                                                  • Part of subcall function 0134686A: lstrlenW.KERNEL32(?,?,00000000,?,?,?,?,013469D4,?,?,?,?,?,?,?,?), ref: 013468A2
                                                                                                                                                                                                                                  • Part of subcall function 0134686A: CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003,?,00000000,?,?,?,?,013469D4,?,?,?), ref: 013468D3
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Object$Text$ColorDrawSelect$Focus$RectWindow$EnabledMode$ClientCompareDeleteLongStringlstrlen
                                                                                                                                                                                                                                • String ID: Segoe UI
                                                                                                                                                                                                                                • API String ID: 288288584-2515502724
                                                                                                                                                                                                                                • Opcode ID: e77705441b4f0af40652010254ff68079e64c45f061572c106f1f398cc0f350c
                                                                                                                                                                                                                                • Instruction ID: 067643abea15afe05e6b5a3ebb2ab6ad6ceb9b121437fecf6279467c68cd8f16
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e77705441b4f0af40652010254ff68079e64c45f061572c106f1f398cc0f350c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C09128B194011AEFDF229F59CC45FE97FB9FF09304F0080A5EA09AA165D772AA90DF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01324A24, Relevance: 40.6, APIs: 6, Strings: 17, Instructions: 367COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                			E01324A24(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t121;
				void* _t122;
				short _t124;
				char _t127;
				void* _t128;
				short _t133;
				short _t136;
				short _t139;
				void* _t146;
				void* _t166;
				void* _t174;
				void* _t183;
				void* _t192;
				void* _t199;
				void* _t200;
				void* _t201;
				char _t217;
				void* _t268;
				void* _t274;
				short _t282;
				void* _t287;
				intOrPtr _t288;
				void* _t289;
				intOrPtr _t293;
				intOrPtr _t295;
				intOrPtr _t297;
				intOrPtr _t300;

				_t280 = __esi;
				_push(0xb8);
				E0137C242(0x139577d, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t287 - 0xc0)) = 0;
				 *((intOrPtr*)(_t287 - 0xbc)) =  *((intOrPtr*)(_t287 + 8));
				_t295 =  *0x13c2a33; // 0x0
				if(_t295 != 0) {
					_t288 = _t288 - 0x1c;
					 *((intOrPtr*)(_t287 - 0xc0)) = _t288;
					E01319638(_t288, "GetDefaultBrowser in");
					E0134BA76(0, 0x13c2b18, _t268, __edi, __esi, _t295);
				}
				_t274 = 0x13a0d00;
				E01319B30(_t287 - 0x2c, 0x13a0d00);
				 *((intOrPtr*)(_t287 - 4)) = 0;
				_t121 = GetVersion();
				_t296 = _t121 - 6;
				if(_t121 < 6) {
					L7:
					_t282 = 1;
					_t299 =  *(_t287 - 0x1c);
					if( *(_t287 - 0x1c) > 0) {
						goto L12;
					} else {
						goto L8;
					}
				} else {
					E01319B30(_t287 - 0xb8, L"Progid");
					 *((char*)(_t287 - 4)) = 1;
					E01319B30(_t287 - 0x9c, L"Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\userchoice");
					 *((char*)(_t287 - 4)) = 2;
					E01319B30(_t287 - 0x48, L"HKEY_CURRENT_USER");
					_push(0);
					_push(_t287 - 0xb8);
					_push(_t287 - 0x64);
					_t271 = _t287 - 0x9c;
					 *((char*)(_t287 - 4)) = 3;
					_t192 = E0135CB2A(0, _t287 - 0x48, _t287 - 0x9c, 0x13a0d00, _t280, _t296);
					_t288 = _t288 + 0xc;
					 *((char*)(_t287 - 4)) = 4;
					E0131A941(_t287 - 0x2c, _t192);
					_t282 = 1;
					E0131AA87(_t287 - 0x64, 1, 0);
					E0131AA87(_t287 - 0x48, 1, 0);
					E0131AA87(_t287 - 0x9c, 1, 0);
					 *((char*)(_t287 - 4)) = 0;
					E0131AA87(_t287 - 0xb8, 1, 0);
					_t297 =  *0x13c2a33; // 0x0
					if(_t297 != 0) {
						_t288 = _t288 - 0x1c;
						 *((intOrPtr*)(_t287 - 0xc0)) = _t288;
						E01319638(_t288, "GetDefaultBrowser vista");
						E0134BA76(0, 0x13c2b18, _t271, 0x13a0d00, 1, _t297);
					}
					_t298 =  *(_t287 - 0x1c);
					if( *(_t287 - 0x1c) <= 0) {
						L8:
						E01319B30(_t287 - 0x48, _t274);
						 *((char*)(_t287 - 4)) = 8;
						E01319B30(_t287 - 0x9c, L"http\\shell\\open\\command\\");
						 *((char*)(_t287 - 4)) = 9;
						E01319B30(_t287 - 0xb8, L"HKEY_CLASSES_ROOT");
						_push(0);
						_push(_t287 - 0x48);
						_push(_t287 - 0x64);
						_t270 = _t287 - 0x9c;
						 *((char*)(_t287 - 4)) = 0xa;
						_t174 = E0135CB2A(0, _t287 - 0xb8, _t287 - 0x9c, _t274, _t282, _t299);
						_t288 = _t288 + 0xc;
						 *((char*)(_t287 - 4)) = 0xb;
						E0131A941(_t287 - 0x2c, _t174);
						E0131AA87(_t287 - 0x64, _t282, 0);
						E0131AA87(_t287 - 0xb8, _t282, 0);
						E0131AA87(_t287 - 0x9c, _t282, 0);
						 *((char*)(_t287 - 4)) = 0;
						E0131AA87(_t287 - 0x48, _t282, 0);
						_t300 =  *0x13c2a33; // 0x0
						if(_t300 != 0) {
							_push(_t287 - 0x64);
							_t183 = E0135BE26(0, _t287 - 0x2c, _t274, _t282, _t300);
							_t293 = _t288 - 0x18;
							 *((char*)(_t287 - 4)) = 0xc;
							 *((intOrPtr*)(_t287 - 0xc0)) = _t293;
							E0131D888(_t293, _t293, "GetDefaultBrowser xp ", _t183);
							_t288 = _t293 + 0xc;
							E0134BA76(0, 0x13c2b18, _t270, _t274, _t282, _t300);
							 *((char*)(_t287 - 4)) = 0;
							E01311524(_t287 - 0x64, _t282, 0);
						}
						_t278 = _t287 - 0x2c;
						if(E01327839(_t270, _t287 - 0x2c, _t300, _t274) != 0) {
							L12:
							_t122 = E01376D83(L"\" ");
							_t214 = _t287 - 0x2c;
							_t124 = E01326DB6(0, _t287 - 0x2c, L"\" ", _t122);
							__eflags = _t124;
							if(_t124 > 0) {
								_t166 = E01319C49(_t214, _t287 - 0x64, _t287 - 0x2c, _t282, _t124 - 1);
								 *((char*)(_t287 - 4)) = 0xd;
								E0131A941(_t287 - 0x2c, _t166);
								 *((char*)(_t287 - 4)) = 0;
								E0131AA87(_t287 - 0x64, 1, 0);
								_t282 = 1;
								__eflags = 1;
							}
							E01324909(_t287 - 0x2c, _t287 - 0x80);
							 *((char*)(_t287 - 4)) = 0xe;
							__eflags =  *((intOrPtr*)(_t287 - 0x18)) - 8;
							_t217 =  *(_t287 - 0x2c);
							_t269 = _t217;
							if( *((intOrPtr*)(_t287 - 0x18)) >= 8) {
								_t127 = _t217;
							} else {
								_t269 = _t287 - 0x2c;
								_t127 = _t287 - 0x2c;
							}
							__eflags =  *((intOrPtr*)(_t287 - 0x18)) - 8;
							_t128 = _t127 +  *(_t287 - 0x1c) * 2;
							if( *((intOrPtr*)(_t287 - 0x18)) < 8) {
								_t217 = _t287 - 0x2c;
							}
							E01327736(_t287 - 0xc0, _t217, _t128, _t269, E0137814A);
							_t289 = _t288 + 0x14;
							_t133 = E01326DB6(0, _t287 - 0x2c, L"iexplore", E01376D83(L"iexplore"));
							__eflags = _t133;
							if(_t133 < 0) {
								_t278 = L"firefox";
								_t136 = E01326DB6(0, _t287 - 0x2c, L"firefox", E01376D83(L"firefox"));
								__eflags = _t136;
								if(_t136 < 0) {
									_t278 = L"chrome";
									_t139 = E01326DB6(0, _t287 - 0x2c, L"chrome", E01376D83(L"chrome"));
									__eflags = _t139;
									if(_t139 < 0) {
										__eflags =  *0x13c2a33; // 0x0
										if(__eflags != 0) {
											_push(_t287 - 0x64);
											_t146 = E0135BE26(0, _t287 - 0x2c, L"chrome", _t282, __eflags);
											 *((char*)(_t287 - 4)) = 0x12;
											 *((intOrPtr*)(_t287 - 0xc0)) = _t289 - 0x18;
											E0131D888(_t289 - 0x18, _t289 - 0x18, "GetDefaultBrowser out ", _t146);
											E0134BA76(0, 0x13c2b18, _t269, L"chrome", _t282, __eflags);
											 *((char*)(_t287 - 4)) = 0xe;
											E01311524(_t287 - 0x64, _t282, 0);
										}
										E01319B30( *((intOrPtr*)(_t287 - 0xbc)), 0x13a0d00);
									} else {
										 *((short*)(_t287 - 0x48)) = 0;
										_t231 = _t287 - 0x48;
										 *((intOrPtr*)(_t287 - 0x34)) = 7;
										 *((intOrPtr*)(_t287 - 0x38)) = 0;
										E0131A995(_t287 - 0x48, _t287 - 0x80, 0, 0xffffffff);
										_push(_t287 - 0x48);
										 *((char*)(_t287 - 4)) = 0x11;
										_push(L"cr_");
										goto L20;
									}
								} else {
									 *((short*)(_t287 - 0x48)) = 0;
									_t231 = _t287 - 0x48;
									 *((intOrPtr*)(_t287 - 0x34)) = 7;
									 *((intOrPtr*)(_t287 - 0x38)) = 0;
									E0131A995(_t287 - 0x48, _t287 - 0x80, 0, 0xffffffff);
									_push(_t287 - 0x48);
									 *((char*)(_t287 - 4)) = 0x10;
									_push(L"ff_");
									goto L20;
								}
							} else {
								__eflags = 0;
								 *((short*)(_t287 - 0x48)) = 0;
								_t231 = _t287 - 0x48;
								 *((intOrPtr*)(_t287 - 0x34)) = 7;
								 *((intOrPtr*)(_t287 - 0x38)) = 0;
								E0131A995(_t287 - 0x48, _t287 - 0x80, 0, 0xffffffff);
								_push(_t287 - 0x48);
								 *((char*)(_t287 - 4)) = 0xf;
								_push(L"ie_");
								L20:
								_push( *((intOrPtr*)(_t287 - 0xbc)));
								E01327772(_t231);
								E0131AA87(_t287 - 0x48, _t282, 0);
							}
							E0131AA87(_t287 - 0x80, _t282, 0);
						} else {
							E01319B30( *((intOrPtr*)(_t287 - 0xbc)), 0x13a0d00);
						}
					} else {
						_push(L"HKEY_CLASSES_ROOT\\");
						_push(_t287 - 0x9c);
						_t199 = E0131D937(0, _t287 - 0x2c, _t282, _t298);
						 *((char*)(_t287 - 4)) = 5;
						_t200 = E0132761B(_t287 - 0xb8, _t199, _t287 - 0xb8, L"\\shell\\open\\command\\");
						_t288 = _t288 + 0x10;
						 *((char*)(_t287 - 4)) = 6;
						_t201 = E0135C990(0, _t287 - 0x64, _t200, _t287 - 0x2c, _t199, _t298);
						 *((char*)(_t287 - 4)) = 7;
						E0131A941(_t287 - 0x2c, _t201);
						E0131AA87(_t287 - 0x64, 1, 0);
						E0131AA87(_t287 - 0xb8, 1, 0);
						 *((char*)(_t287 - 4)) = 0;
						E0131AA87(_t287 - 0x9c, 1, 0);
						_t274 = 0x13a0d00;
						goto L7;
					}
				}
				E0131AA87(_t287 - 0x2c, _t282, 0);
				return E0137C2C5(0, _t278, _t282);
			}






























                                                                                                                                                                                                                                0x01324a24
                                                                                                                                                                                                                                0x01324a24
                                                                                                                                                                                                                                0x01324a2e
                                                                                                                                                                                                                                0x01324a38
                                                                                                                                                                                                                                0x01324a3e
                                                                                                                                                                                                                                0x01324a44
                                                                                                                                                                                                                                0x01324a4a
                                                                                                                                                                                                                                0x01324a4c
                                                                                                                                                                                                                                0x01324a51
                                                                                                                                                                                                                                0x01324a5c
                                                                                                                                                                                                                                0x01324a66
                                                                                                                                                                                                                                0x01324a66
                                                                                                                                                                                                                                0x01324a6b
                                                                                                                                                                                                                                0x01324a74
                                                                                                                                                                                                                                0x01324a79
                                                                                                                                                                                                                                0x01324a7c
                                                                                                                                                                                                                                0x01324a82
                                                                                                                                                                                                                                0x01324a84
                                                                                                                                                                                                                                0x01324bc8
                                                                                                                                                                                                                                0x01324bca
                                                                                                                                                                                                                                0x01324bcb
                                                                                                                                                                                                                                0x01324bce
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01324a8a
                                                                                                                                                                                                                                0x01324a95
                                                                                                                                                                                                                                0x01324aa5
                                                                                                                                                                                                                                0x01324aa9
                                                                                                                                                                                                                                0x01324ab6
                                                                                                                                                                                                                                0x01324aba
                                                                                                                                                                                                                                0x01324abf
                                                                                                                                                                                                                                0x01324ac6
                                                                                                                                                                                                                                0x01324aca
                                                                                                                                                                                                                                0x01324acb
                                                                                                                                                                                                                                0x01324ad4
                                                                                                                                                                                                                                0x01324ad8
                                                                                                                                                                                                                                0x01324add
                                                                                                                                                                                                                                0x01324ae4
                                                                                                                                                                                                                                0x01324ae8
                                                                                                                                                                                                                                0x01324af0
                                                                                                                                                                                                                                0x01324af5
                                                                                                                                                                                                                                0x01324aff
                                                                                                                                                                                                                                0x01324b0c
                                                                                                                                                                                                                                0x01324b19
                                                                                                                                                                                                                                0x01324b1c
                                                                                                                                                                                                                                0x01324b21
                                                                                                                                                                                                                                0x01324b27
                                                                                                                                                                                                                                0x01324b29
                                                                                                                                                                                                                                0x01324b2e
                                                                                                                                                                                                                                0x01324b39
                                                                                                                                                                                                                                0x01324b43
                                                                                                                                                                                                                                0x01324b43
                                                                                                                                                                                                                                0x01324b48
                                                                                                                                                                                                                                0x01324b4b
                                                                                                                                                                                                                                0x01324bd4
                                                                                                                                                                                                                                0x01324bd8
                                                                                                                                                                                                                                0x01324be8
                                                                                                                                                                                                                                0x01324bec
                                                                                                                                                                                                                                0x01324bfc
                                                                                                                                                                                                                                0x01324c00
                                                                                                                                                                                                                                0x01324c05
                                                                                                                                                                                                                                0x01324c09
                                                                                                                                                                                                                                0x01324c0d
                                                                                                                                                                                                                                0x01324c0e
                                                                                                                                                                                                                                0x01324c1a
                                                                                                                                                                                                                                0x01324c1e
                                                                                                                                                                                                                                0x01324c23
                                                                                                                                                                                                                                0x01324c2a
                                                                                                                                                                                                                                0x01324c2e
                                                                                                                                                                                                                                0x01324c38
                                                                                                                                                                                                                                0x01324c45
                                                                                                                                                                                                                                0x01324c52
                                                                                                                                                                                                                                0x01324c5c
                                                                                                                                                                                                                                0x01324c5f
                                                                                                                                                                                                                                0x01324c64
                                                                                                                                                                                                                                0x01324c6a
                                                                                                                                                                                                                                0x01324c6f
                                                                                                                                                                                                                                0x01324c73
                                                                                                                                                                                                                                0x01324c78
                                                                                                                                                                                                                                0x01324c7d
                                                                                                                                                                                                                                0x01324c81
                                                                                                                                                                                                                                0x01324c8e
                                                                                                                                                                                                                                0x01324c93
                                                                                                                                                                                                                                0x01324c9b
                                                                                                                                                                                                                                0x01324ca5
                                                                                                                                                                                                                                0x01324ca8
                                                                                                                                                                                                                                0x01324ca8
                                                                                                                                                                                                                                0x01324cae
                                                                                                                                                                                                                                0x01324cb8
                                                                                                                                                                                                                                0x01324ccf
                                                                                                                                                                                                                                0x01324cd5
                                                                                                                                                                                                                                0x01324cdf
                                                                                                                                                                                                                                0x01324ce2
                                                                                                                                                                                                                                0x01324ce7
                                                                                                                                                                                                                                0x01324ce9
                                                                                                                                                                                                                                0x01324cf5
                                                                                                                                                                                                                                0x01324cfe
                                                                                                                                                                                                                                0x01324d02
                                                                                                                                                                                                                                0x01324d0c
                                                                                                                                                                                                                                0x01324d0f
                                                                                                                                                                                                                                0x01324d16
                                                                                                                                                                                                                                0x01324d16
                                                                                                                                                                                                                                0x01324d16
                                                                                                                                                                                                                                0x01324d1e
                                                                                                                                                                                                                                0x01324d24
                                                                                                                                                                                                                                0x01324d28
                                                                                                                                                                                                                                0x01324d2c
                                                                                                                                                                                                                                0x01324d2f
                                                                                                                                                                                                                                0x01324d31
                                                                                                                                                                                                                                0x01324dc7
                                                                                                                                                                                                                                0x01324d37
                                                                                                                                                                                                                                0x01324d37
                                                                                                                                                                                                                                0x01324d3a
                                                                                                                                                                                                                                0x01324d3a
                                                                                                                                                                                                                                0x01324d3c
                                                                                                                                                                                                                                0x01324d43
                                                                                                                                                                                                                                0x01324d46
                                                                                                                                                                                                                                0x01324d48
                                                                                                                                                                                                                                0x01324d48
                                                                                                                                                                                                                                0x01324d5a
                                                                                                                                                                                                                                0x01324d5f
                                                                                                                                                                                                                                0x01324d75
                                                                                                                                                                                                                                0x01324d7a
                                                                                                                                                                                                                                0x01324d7c
                                                                                                                                                                                                                                0x01324dce
                                                                                                                                                                                                                                0x01324de1
                                                                                                                                                                                                                                0x01324de6
                                                                                                                                                                                                                                0x01324de8
                                                                                                                                                                                                                                0x01324e18
                                                                                                                                                                                                                                0x01324e2b
                                                                                                                                                                                                                                0x01324e30
                                                                                                                                                                                                                                0x01324e32
                                                                                                                                                                                                                                0x01324e65
                                                                                                                                                                                                                                0x01324e6b
                                                                                                                                                                                                                                0x01324e70
                                                                                                                                                                                                                                0x01324e74
                                                                                                                                                                                                                                0x01324e7e
                                                                                                                                                                                                                                0x01324e82
                                                                                                                                                                                                                                0x01324e8f
                                                                                                                                                                                                                                0x01324e9c
                                                                                                                                                                                                                                0x01324ea6
                                                                                                                                                                                                                                0x01324eaa
                                                                                                                                                                                                                                0x01324eaa
                                                                                                                                                                                                                                0x01324eba
                                                                                                                                                                                                                                0x01324e34
                                                                                                                                                                                                                                0x01324e38
                                                                                                                                                                                                                                0x01324e41
                                                                                                                                                                                                                                0x01324e44
                                                                                                                                                                                                                                0x01324e4b
                                                                                                                                                                                                                                0x01324e4e
                                                                                                                                                                                                                                0x01324e56
                                                                                                                                                                                                                                0x01324e57
                                                                                                                                                                                                                                0x01324e5b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01324e5b
                                                                                                                                                                                                                                0x01324dea
                                                                                                                                                                                                                                0x01324dee
                                                                                                                                                                                                                                0x01324df7
                                                                                                                                                                                                                                0x01324dfa
                                                                                                                                                                                                                                0x01324e01
                                                                                                                                                                                                                                0x01324e04
                                                                                                                                                                                                                                0x01324e0c
                                                                                                                                                                                                                                0x01324e0d
                                                                                                                                                                                                                                0x01324e11
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01324e11
                                                                                                                                                                                                                                0x01324d7e
                                                                                                                                                                                                                                0x01324d7e
                                                                                                                                                                                                                                0x01324d82
                                                                                                                                                                                                                                0x01324d8b
                                                                                                                                                                                                                                0x01324d8e
                                                                                                                                                                                                                                0x01324d95
                                                                                                                                                                                                                                0x01324d98
                                                                                                                                                                                                                                0x01324da0
                                                                                                                                                                                                                                0x01324da1
                                                                                                                                                                                                                                0x01324da5
                                                                                                                                                                                                                                0x01324daa
                                                                                                                                                                                                                                0x01324daa
                                                                                                                                                                                                                                0x01324db0
                                                                                                                                                                                                                                0x01324dbd
                                                                                                                                                                                                                                0x01324dbd
                                                                                                                                                                                                                                0x01324ec4
                                                                                                                                                                                                                                0x01324cba
                                                                                                                                                                                                                                0x01324cc5
                                                                                                                                                                                                                                0x01324cc5
                                                                                                                                                                                                                                0x01324b51
                                                                                                                                                                                                                                0x01324b57
                                                                                                                                                                                                                                0x01324b5c
                                                                                                                                                                                                                                0x01324b60
                                                                                                                                                                                                                                0x01324b73
                                                                                                                                                                                                                                0x01324b77
                                                                                                                                                                                                                                0x01324b7c
                                                                                                                                                                                                                                0x01324b84
                                                                                                                                                                                                                                0x01324b88
                                                                                                                                                                                                                                0x01324b90
                                                                                                                                                                                                                                0x01324b94
                                                                                                                                                                                                                                0x01324b9f
                                                                                                                                                                                                                                0x01324bad
                                                                                                                                                                                                                                0x01324bbb
                                                                                                                                                                                                                                0x01324bbe
                                                                                                                                                                                                                                0x01324bc3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01324bc3
                                                                                                                                                                                                                                0x01324b4b
                                                                                                                                                                                                                                0x01324ece
                                                                                                                                                                                                                                0x01324ede

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01324A2E
                                                                                                                                                                                                                                • GetVersion.KERNEL32(013A0D00,000000B8,01322949,?,getenabledtbcnt,gethddpercent,gethddsize,getcrincumbentds,getcrincumbenthpr,getffincumbentds,getffincumbenthpr,getieincumbenthpr,getieincumbentds,getchromeversioninstalled,getffversioninstalled,getieversioninstalled), ref: 01324A7C
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01324CD5
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01324D68
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: __EH_prolog3_GS.LIBCMT ref: 0135CB34
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: _wcslen.LIBCMT ref: 0135CC26
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: RegCloseKey.KERNEL32(00000000,?,?,?,013A0D00), ref: 0135CC68
                                                                                                                                                                                                                                  • Part of subcall function 0131A941: _memmove.LIBCMT ref: 0131A968
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __EH_prolog3_GS.LIBCMT ref: 0135BE2D
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE41
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BE5A
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _memset.LIBCMT ref: 0135BE83
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: __cftoe.LIBCMT ref: 0135BE95
                                                                                                                                                                                                                                  • Part of subcall function 0135BE26: _setlocale.LIBCMT ref: 0135BEBB
                                                                                                                                                                                                                                  • Part of subcall function 0131D888: _strlen.LIBCMT ref: 0131D894
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0134BC6C
                                                                                                                                                                                                                                  • Part of subcall function 01311524: _memmove.LIBCMT ref: 01311544
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01324DD4
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01324E1E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen$H_prolog3_$_memmove_setlocale$_memset_strlen$CloseCurrentIos_base_dtorLocalProcessTimeVersion__cftoestd::ios_base::_swprintf
                                                                                                                                                                                                                                • String ID: GetDefaultBrowser in$GetDefaultBrowser out $GetDefaultBrowser vista$GetDefaultBrowser xp $HKEY_CLASSES_ROOT$HKEY_CLASSES_ROOT\$HKEY_CURRENT_USER$Progid$Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\userchoice$\shell\open\command\$chrome$cr_$ff_$firefox$http\shell\open\command\$ie_$iexplore
                                                                                                                                                                                                                                • API String ID: 1098407102-3614356324
                                                                                                                                                                                                                                • Opcode ID: 66196af27f2f8c12ed1ea80b89a8f57b3b238edea451e34272fa44017b9c9c9b
                                                                                                                                                                                                                                • Instruction ID: af4843fbd72f43426653fbfa9046934e7a7468dd08d73231a15e78b07e5e796d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66196af27f2f8c12ed1ea80b89a8f57b3b238edea451e34272fa44017b9c9c9b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2BD18372D01299EAEB18EBACCD90EEEBB7CEF2520CF544159E40673245DA705F48CB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134651A, Relevance: 38.8, APIs: 17, Strings: 5, Instructions: 261windowregistrystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                                                                			E0134651A(void* __ebx, long __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HWND__ _t101;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr _t111;
				int _t113;
				void* _t115;
				WCHAR* _t117;
				int _t121;
				long _t126;
				struct HFONT__* _t134;
				signed int _t138;
				signed int _t140;
				void* _t144;
				long _t145;
				void* _t155;
				long _t158;
				struct HWND__* _t160;
				void* _t166;
				long* _t167;

				_t155 = __edx;
				_t145 = __ecx;
				_push(0x2ac);
				E0137C242(0x139205e, __ebx, __edi, __esi);
				 *(_t166 - 0x20) = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t164 = __ecx;
				 *(_t166 - 0x2a8) = __ecx;
				if(GetClassNameW( *(__ecx + 4), _t166 - 0x20, 8) != 0 && lstrcmpiW(_t166 - 0x20, L"static") == 0) {
					_t138 = GetWindowLongW( *(_t164 + 4), 0xfffffff0);
					_t145 = _t138 | 0x00000100;
					if(_t138 != _t145) {
						SetWindowLongW( *(_t164 + 4), 0xfffffff0, _t145);
					}
					_t140 = GetWindowLongW( *(_t164 + 4), 0xfffffff0) & 0x000000ff;
					if(_t140 == 3 || _t140 == 4 || _t140 == 5 || _t140 == 6 || _t140 == 7 || _t140 == 8 || _t140 == 9 || _t140 == 0xd || _t140 == 0xe || _t140 == 0xf) {
						 *(_t164 + 0x58) =  *(_t164 + 0x58) & 0x000000fe;
					}
				}
				_t158 = 0;
				 *((intOrPtr*)(_t164 + 0x2c)) = LoadCursorW(0, 0x7f89);
				if(( *(_t164 + 0x58) & 0x00000001) != 0) {
					_t126 = SendMessageW(GetParent( *(_t164 + 4)), 0x31, 0, 0);
					 *(_t164 + 0x34) = _t126;
					if(_t126 == 0) {
						 *(_t164 + 0x34) = GetStockObject(0xd);
					}
					_t144 =  *(_t164 + 0x34);
					if(_t144 != _t158 &&  *(_t164 + 0x30) == _t158) {
						 *(_t166 - 0x98) = _t158;
						E01376F40(_t166 - 0x94, _t158, 0x58);
						_t167 =  &(_t167[3]);
						GetObjectW(_t144, 0x5c, _t166 - 0x98);
						if(( *(_t164 + 0x54) & 0x00000030) != 0x30) {
							__eflags =  *(_t164 + 0x54) & 0x00000001;
							if(( *(_t164 + 0x54) & 0x00000001) == 0) {
								 *((char*)(_t166 - 0x83)) = 1;
							}
						} else {
							 *((intOrPtr*)(_t166 - 0x88)) = 0x2bc;
						}
						_t134 = CreateFontIndirectW(_t166 - 0x98);
						 *(_t164 + 0x58) =  *(_t164 + 0x58) | 0x00000008;
						 *(_t164 + 0x30) = _t134;
					}
				}
				 *_t167 = _t158;
				_t147 = _t167;
				_t143 = _t164 + 0x48;
				 *_t167 = _t158;
				E01320DEC(_t143, L"tooltips_class32",  *(_t164 + 4), _t167, _t158, _t158, _t158, _t145);
				if( *((intOrPtr*)(_t164 + 0x24)) == _t158) {
					_t113 = GetWindowTextLengthW( *(_t164 + 4));
					_t190 = _t113 - _t158;
					if(_t113 > _t158) {
						 *(_t166 - 0x2a0) = _t158;
						 *(_t166 - 4) = _t158;
						 *(_t166 - 0x2a4) = _t113 + 1;
						_t115 = E0131D99E(_t147, _t190, _t113 + 1, 2);
						_t191 = _t115 - 0x200;
						if(_t115 <= 0x200) {
							 *(_t166 - 0x2a0) = _t166 - 0x29c;
						} else {
							E0131B5C9(_t158, _t164, _t191, _t166 - 0x2a0, _t115);
						}
						_t117 =  *(_t166 - 0x2a0);
						 *(_t166 - 0x2ac) = _t117;
						if(_t117 != _t158) {
							_t121 = GetWindowTextW( *(_t164 + 4), _t117,  *(_t166 - 0x2a4));
							_t193 = _t121;
							if(_t121 > 0) {
								_push( *(_t166 - 0x2ac));
								_push(_t164);
								E013475B9(_t143, _t158, _t164, _t193);
							}
						}
						 *(_t166 - 4) =  *(_t166 - 4) | 0xffffffff;
						if( *(_t166 - 0x2a0) != _t166 - 0x29c) {
							E0131A795(_t166 - 0x2a0);
						}
					}
				}
				_t148 = _t164;
				E01346030(_t164, _t155);
				if( *(_t164 + 0x28) != _t158 || ( *(_t164 + 0x54) >> 0x00000002 & 0x00000001) != 0) {
					SendMessageW( *_t143, 0x401, 1, _t158);
					 *(_t166 - 0x2ac) = _t167;
					 *_t167 =  *(_t164 + 0x28);
					_t148 =  *(_t164 + 4);
					E01345CED(_t143,  *(_t164 + 4), _t143,  *(_t164 + 4), _t164 + 0x38, 1);
				} else {
					_t111 =  *((intOrPtr*)(_t164 + 0x24));
					_t197 = _t111 - _t158;
					if(_t111 != _t158) {
						_push(_t111);
						_push(_t164);
						E01344A79(_t143, _t158, _t164, _t197);
					}
				}
				if(( *(_t164 + 0x58) & 0x00000001) != 0) {
					_t143 = _t166 - 0x2b8;
					 *(_t166 - 0x2b8) = _t158;
					 *(_t166 - 0x2b4) = _t158;
					 *(_t166 - 0x2b0) = _t158;
					_t101 = E01312452(0x2001f, _t166 - 0x2b8, _t148, 0x80000001, L"Software\\Microsoft\\Internet Explorer\\Settings");
					if(_t101 == 0) {
						 *(_t166 - 0x38) = _t101;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_t143 = 0xc;
						asm("stosw");
						_t160 = _t166 - 0x38;
						 *(_t166 - 0x2a4) = _t143;
						if(E013291B1(_t148, _t160, _t166 - 0x2a4, _t166 - 0x2b8, L"Anchor Color") == 0) {
							_t148 = _t160;
							_t108 = E01347654(_t160, _t155);
							if(_t108 != 0xffffffff) {
								_t148 =  *(_t166 - 0x2a8);
								 *((intOrPtr*)( *(_t166 - 0x2a8) + 0x4c)) = _t108;
							}
						}
						_t164 = _t166 - 0x2a4;
						_t161 = _t166 - 0x38;
						 *(_t166 - 0x2a4) = _t143;
						if(E013291B1(_t148, _t166 - 0x38, _t166 - 0x2a4, _t166 - 0x2b8, L"Anchor Color Visited") == 0) {
							_t107 = E01347654(_t161, _t155);
							if(_t107 != 0xffffffff) {
								 *((intOrPtr*)( *(_t166 - 0x2a8) + 0x50)) = _t107;
							}
						}
						_t158 = 0;
					}
					if( *(_t166 - 0x2b8) != _t158) {
						RegCloseKey( *(_t166 - 0x2b8));
					}
				}
				return E0137C2C5(_t143, _t158, _t164);
			}






















                                                                                                                                                                                                                                0x0134651a
                                                                                                                                                                                                                                0x0134651a
                                                                                                                                                                                                                                0x0134651a
                                                                                                                                                                                                                                0x01346524
                                                                                                                                                                                                                                0x0134652b
                                                                                                                                                                                                                                0x01346532
                                                                                                                                                                                                                                0x01346533
                                                                                                                                                                                                                                0x01346534
                                                                                                                                                                                                                                0x01346535
                                                                                                                                                                                                                                0x0134653c
                                                                                                                                                                                                                                0x01346542
                                                                                                                                                                                                                                0x01346550
                                                                                                                                                                                                                                0x01346570
                                                                                                                                                                                                                                0x01346574
                                                                                                                                                                                                                                0x0134657c
                                                                                                                                                                                                                                0x01346584
                                                                                                                                                                                                                                0x01346584
                                                                                                                                                                                                                                0x01346591
                                                                                                                                                                                                                                0x01346599
                                                                                                                                                                                                                                0x013465c8
                                                                                                                                                                                                                                0x013465c8
                                                                                                                                                                                                                                0x01346599
                                                                                                                                                                                                                                0x013465d1
                                                                                                                                                                                                                                0x013465de
                                                                                                                                                                                                                                0x013465e1
                                                                                                                                                                                                                                0x013465f5
                                                                                                                                                                                                                                0x013465fb
                                                                                                                                                                                                                                0x01346600
                                                                                                                                                                                                                                0x0134660a
                                                                                                                                                                                                                                0x0134660a
                                                                                                                                                                                                                                0x0134660d
                                                                                                                                                                                                                                0x01346612
                                                                                                                                                                                                                                0x01346623
                                                                                                                                                                                                                                0x01346629
                                                                                                                                                                                                                                0x0134662e
                                                                                                                                                                                                                                0x0134663b
                                                                                                                                                                                                                                0x01346649
                                                                                                                                                                                                                                0x01346657
                                                                                                                                                                                                                                0x0134665b
                                                                                                                                                                                                                                0x0134665d
                                                                                                                                                                                                                                0x0134665d
                                                                                                                                                                                                                                0x0134664b
                                                                                                                                                                                                                                0x0134664b
                                                                                                                                                                                                                                0x0134664b
                                                                                                                                                                                                                                0x0134666b
                                                                                                                                                                                                                                0x01346671
                                                                                                                                                                                                                                0x01346675
                                                                                                                                                                                                                                0x01346675
                                                                                                                                                                                                                                0x01346612
                                                                                                                                                                                                                                0x01346682
                                                                                                                                                                                                                                0x01346684
                                                                                                                                                                                                                                0x0134668c
                                                                                                                                                                                                                                0x01346690
                                                                                                                                                                                                                                0x01346692
                                                                                                                                                                                                                                0x0134669a
                                                                                                                                                                                                                                0x013466a3
                                                                                                                                                                                                                                0x013466a9
                                                                                                                                                                                                                                0x013466ab
                                                                                                                                                                                                                                0x013466b1
                                                                                                                                                                                                                                0x013466ba
                                                                                                                                                                                                                                0x013466be
                                                                                                                                                                                                                                0x013466c4
                                                                                                                                                                                                                                0x013466cb
                                                                                                                                                                                                                                0x013466d0
                                                                                                                                                                                                                                0x013466e7
                                                                                                                                                                                                                                0x013466d2
                                                                                                                                                                                                                                0x013466da
                                                                                                                                                                                                                                0x013466da
                                                                                                                                                                                                                                0x013466ed
                                                                                                                                                                                                                                0x013466f3
                                                                                                                                                                                                                                0x013466fb
                                                                                                                                                                                                                                0x01346707
                                                                                                                                                                                                                                0x0134670d
                                                                                                                                                                                                                                0x0134670f
                                                                                                                                                                                                                                0x01346711
                                                                                                                                                                                                                                0x01346717
                                                                                                                                                                                                                                0x01346718
                                                                                                                                                                                                                                0x01346718
                                                                                                                                                                                                                                0x0134670f
                                                                                                                                                                                                                                0x0134671d
                                                                                                                                                                                                                                0x0134672d
                                                                                                                                                                                                                                0x01346735
                                                                                                                                                                                                                                0x01346735
                                                                                                                                                                                                                                0x0134672d
                                                                                                                                                                                                                                0x013466ab
                                                                                                                                                                                                                                0x0134673a
                                                                                                                                                                                                                                0x0134673c
                                                                                                                                                                                                                                0x01346744
                                                                                                                                                                                                                                0x0134676a
                                                                                                                                                                                                                                0x0134677c
                                                                                                                                                                                                                                0x01346782
                                                                                                                                                                                                                                0x01346784
                                                                                                                                                                                                                                0x01346788
                                                                                                                                                                                                                                0x01346750
                                                                                                                                                                                                                                0x01346750
                                                                                                                                                                                                                                0x01346753
                                                                                                                                                                                                                                0x01346755
                                                                                                                                                                                                                                0x01346757
                                                                                                                                                                                                                                0x01346758
                                                                                                                                                                                                                                0x01346759
                                                                                                                                                                                                                                0x01346759
                                                                                                                                                                                                                                0x01346755
                                                                                                                                                                                                                                0x01346791
                                                                                                                                                                                                                                0x013467a6
                                                                                                                                                                                                                                0x013467ac
                                                                                                                                                                                                                                0x013467b2
                                                                                                                                                                                                                                0x013467b8
                                                                                                                                                                                                                                0x013467be
                                                                                                                                                                                                                                0x013467c5
                                                                                                                                                                                                                                0x013467cb
                                                                                                                                                                                                                                0x013467d2
                                                                                                                                                                                                                                0x013467d3
                                                                                                                                                                                                                                0x013467d4
                                                                                                                                                                                                                                0x013467d5
                                                                                                                                                                                                                                0x013467d6
                                                                                                                                                                                                                                0x013467d9
                                                                                                                                                                                                                                0x013467da
                                                                                                                                                                                                                                0x013467ee
                                                                                                                                                                                                                                0x013467f1
                                                                                                                                                                                                                                0x013467fe
                                                                                                                                                                                                                                0x01346800
                                                                                                                                                                                                                                0x01346802
                                                                                                                                                                                                                                0x0134680a
                                                                                                                                                                                                                                0x0134680c
                                                                                                                                                                                                                                0x01346812
                                                                                                                                                                                                                                0x01346812
                                                                                                                                                                                                                                0x0134680a
                                                                                                                                                                                                                                0x01346821
                                                                                                                                                                                                                                0x01346827
                                                                                                                                                                                                                                0x0134682a
                                                                                                                                                                                                                                0x01346837
                                                                                                                                                                                                                                0x0134683b
                                                                                                                                                                                                                                0x01346843
                                                                                                                                                                                                                                0x0134684b
                                                                                                                                                                                                                                0x0134684b
                                                                                                                                                                                                                                0x01346843
                                                                                                                                                                                                                                0x0134684e
                                                                                                                                                                                                                                0x0134684e
                                                                                                                                                                                                                                0x01346856
                                                                                                                                                                                                                                0x0134685e
                                                                                                                                                                                                                                0x0134685e
                                                                                                                                                                                                                                0x01346856
                                                                                                                                                                                                                                0x01346869

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01346524
                                                                                                                                                                                                                                • GetClassNameW.USER32 ref: 01346548
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,static), ref: 0134655B
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 01346570
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 01346584
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 0134658F
                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 013465D4
                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 013465EA
                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 013465F5
                                                                                                                                                                                                                                • GetStockObject.GDI32(0000000D), ref: 01346604
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 01346629
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 0134663B
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 0134666B
                                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(?), ref: 013466A3
                                                                                                                                                                                                                                • GetWindowTextW.USER32 ref: 01346707
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000001,00000000), ref: 0134676A
                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,80000001,Software\Microsoft\Internet Explorer\Settings,?,?,?,00000001), ref: 0134685E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Long$MessageObjectSendText$ClassCloseCreateCursorFontH_prolog3_IndirectLengthLoadNameParentStock_memsetlstrcmpi
                                                                                                                                                                                                                                • String ID: Anchor Color$Anchor Color Visited$Software\Microsoft\Internet Explorer\Settings$static$tooltips_class32
                                                                                                                                                                                                                                • API String ID: 2164845695-2451883503
                                                                                                                                                                                                                                • Opcode ID: fd966dd67666cd8b01a94fbd440094d102c53be8f0a0cb82639175306176e705
                                                                                                                                                                                                                                • Instruction ID: 15d5085cade7d1bb088ba7336253dfc82e7ca7285fcc9517d215d75f900a7817
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd966dd67666cd8b01a94fbd440094d102c53be8f0a0cb82639175306176e705
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0AA1D7B05007159FDB31DF28CC8AAAEBBF9EF46718F500699E145E2190DB75B984CF11
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01313137, Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 237stringmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                                                			E01313137(WCHAR** __ebx, WCHAR* __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t62;
				signed int _t64;
				char _t65;
				WCHAR* _t68;
				signed int _t69;
				WCHAR* _t70;
				WCHAR* _t71;
				signed int _t73;
				signed int _t74;
				WCHAR* _t75;
				WCHAR* _t76;
				signed int _t77;
				signed int _t79;
				WCHAR* _t80;
				WCHAR* _t81;
				WCHAR* _t82;
				WCHAR* _t83;
				signed int _t84;
				WCHAR* _t85;
				signed int _t86;
				signed int _t88;
				signed int _t93;
				WCHAR* _t94;
				signed int _t97;
				WCHAR** _t99;
				WCHAR* _t105;
				signed int _t109;
				signed int _t111;
				void* _t116;
				void* _t117;
				void* _t118;

				_t99 = __ebx;
				_push(0x68);
				E0137C242(0x1394639, __ebx, __edi, __esi);
				_t114 = __ecx;
				_t109 = __edx;
				 *(_t116 - 0x70) = __edx;
				if(__ecx != 0 && __edx != 0) {
					 *__edx =  *__edx & 0x00000000;
					_t62 = lstrlenW(__ecx) + _t61;
					if(_t62 < 0x64) {
						_t62 = 0x3e8;
					}
					 *(_t116 - 0x6c) =  *(_t116 - 0x6c) & 0x00000000;
					 *(_t116 - 0x5c) =  *(_t116 - 0x5c) & 0x00000000;
					 *((intOrPtr*)(_t116 - 0x68)) = _t62;
					_t64 = E01311B0E(_t116 - 0x5c, _t62, 2);
					_t118 = _t117 + 0xc;
					if(_t64 >= 0) {
						__imp__CoTaskMemAlloc( *(_t116 - 0x5c));
					} else {
						_t64 = 0;
					}
					_t101 = 0;
					 *(_t116 - 0x64) = _t64;
					if(_t64 != 0) {
						 *_t64 = 0;
					}
					 *(_t116 - 4) = _t101;
					if(_t64 != _t101) {
						_t65 =  *0x13c29ad; // 0x0
						 *_t99 = _t114;
						 *((char*)(_t116 - 0x5d)) = _t65;
						 *(_t116 - 0x58) = _t101;
						 *(_t116 - 0x5c) = _t101;
						 *((char*)(_t116 - 0x52)) = 0;
						 *((char*)(_t116 - 0x51)) = 0;
						__eflags =  *_t114 - _t101;
						if( *_t114 == _t101) {
							L38:
							_t35 = _t116 - 0x64;
							 *_t35 =  *(_t116 - 0x64) & 0x00000000;
							__eflags =  *_t35;
							 *_t109 =  *(_t116 - 0x64);
						} else {
							do {
								__eflags =  *((char*)(_t116 - 0x5d)) - 1;
								if( *((char*)(_t116 - 0x5d)) != 1) {
									L32:
									_t68 =  *_t99;
									__eflags =  *_t68 - 0x25;
									_push(_t68);
									if( *_t68 != 0x25) {
										L35:
										_t109 = 1;
										_t114 = _t116 - 0x6c;
										_t69 = E01312793(_t101, 1, _t116 - 0x6c);
										__eflags = _t69;
										if(_t69 == 0) {
											goto L57;
										} else {
											goto L36;
										}
									} else {
										_t85 = CharNextW();
										 *_t99 = _t85;
										__eflags =  *_t85 - 0x25;
										if( *_t85 != 0x25) {
											_t86 = E01312B1C(_t85, 0x25);
											 *(_t116 - 0x74) = _t86;
											__eflags = _t86;
											if(_t86 == 0) {
												L54:
												 *(_t116 - 0x58) = 0x80020009;
												goto L39;
											} else {
												_t101 =  *_t99;
												_t88 = _t86 -  *_t99 >> 1;
												__eflags = _t88 - 0x1f;
												if(_t88 > 0x1f) {
													 *(_t116 - 0x58) = 0x80004005;
													goto L39;
												} else {
													E01311B5C(E01375444(_t116 - 0x50, 0x20, _t101, _t88));
													_t114 = _t99[1];
													_t111 = 0;
													_t118 = _t118 + 0x14;
													__eflags = _t114[6];
													if(_t114[6] <= 0) {
														L45:
														_t109 = _t111 | 0xffffffff;
														__eflags = _t109;
													} else {
														while(1) {
															_t101 = _t116 - 0x50;
															_t97 = lstrcmpiW( *(_t114[2] + _t111 * 4), _t116 - 0x50);
															__eflags = _t97;
															if(_t97 == 0) {
																goto L46;
															}
															_t111 = _t111 + 1;
															__eflags = _t111 - _t114[6];
															if(_t111 < _t114[6]) {
																continue;
															} else {
																goto L45;
															}
															goto L46;
														}
													}
													L46:
													__eflags = _t109 - 0xffffffff;
													if(_t109 == 0xffffffff) {
														goto L54;
													} else {
														__eflags = _t109;
														if(_t109 < 0) {
															L56:
															RaiseException(0xc000008c, 1, 0, 0);
															goto L57;
														} else {
															__eflags = _t109 - _t114[6];
															if(_t109 >= _t114[6]) {
																goto L56;
															} else {
																_t109 =  *(_t114[4] + _t109 * 4);
																__eflags = _t109;
																if(__eflags == 0) {
																	goto L54;
																} else {
																	_push(_t109);
																	_t114 = _t116 - 0x6c;
																	_t93 = E01312839(_t99, _t101, _t109, __eflags);
																	__eflags = _t93;
																	if(_t93 == 0) {
																		goto L57;
																	} else {
																		_t114 =  *(_t116 - 0x74);
																		__eflags =  *_t99 - _t114;
																		if( *_t99 != _t114) {
																			do {
																				_t94 = CharNextW( *_t99);
																				 *_t99 = _t94;
																				__eflags = _t94 - _t114;
																			} while (_t94 != _t114);
																		}
																		goto L36;
																	}
																}
															}
														}
													}
												}
											}
											L60:
										} else {
											_push(_t85);
											goto L35;
										}
									}
								} else {
									__eflags =  *(_t116 - 0x5c);
									if( *(_t116 - 0x5c) != 0) {
										L18:
										_t71 =  *_t99;
										_t101 = 0x27;
										__eflags = _t101 -  *_t71;
										if(_t101 !=  *_t71) {
											L24:
											__eflags =  *((char*)(_t116 - 0x51));
											if( *((char*)(_t116 - 0x51)) != 0) {
												goto L32;
											} else {
												goto L25;
											}
										} else {
											__eflags =  *((char*)(_t116 - 0x51));
											if( *((char*)(_t116 - 0x51)) != 0) {
												_t114 = CharNextW;
												_t75 = CharNextW(_t71);
												_t101 = 0x27;
												__eflags = _t101 -  *_t75;
												if(_t101 ==  *_t75) {
													_t76 = CharNextW( *_t99);
													_t109 = 1;
													_t114 = _t116 - 0x6c;
													 *_t99 = _t76;
													_t77 = E01312793(_t101, 1, _t116 - 0x6c, _t76);
													__eflags = _t77;
													if(_t77 == 0) {
														goto L57;
													} else {
														goto L24;
													}
												} else {
													 *((char*)(_t116 - 0x51)) = 0;
													L25:
													_t73 =  *( *_t99) & 0x0000ffff;
													__eflags = _t73 - 0x7b;
													if(_t73 == 0x7b) {
														_t25 = _t116 - 0x5c;
														 *_t25 =  &(( *(_t116 - 0x5c))[0]);
														__eflags =  *_t25;
													}
													__eflags = _t73 - 0x7d;
													if(_t73 != 0x7d) {
														goto L32;
													} else {
														_t27 = _t116 - 0x5c;
														 *_t27 =  *(_t116 - 0x5c) - 1;
														__eflags =  *_t27;
														if( *_t27 != 0) {
															goto L32;
														} else {
															__eflags =  *((char*)(_t116 - 0x52)) - 1;
															if(__eflags != 0) {
																goto L32;
															} else {
																_push(L"\r\n\t}\r\n}\r\n");
																_t114 = _t116 - 0x6c;
																_t74 = E01312839(_t99, _t101, _t109, __eflags);
																__eflags = _t74;
																if(_t74 == 0) {
																	goto L57;
																} else {
																	 *((char*)(_t116 - 0x52)) = 0;
																	goto L32;
																}
															}
														}
													}
												}
											} else {
												 *((char*)(_t116 - 0x51)) = 1;
												goto L32;
											}
										}
									} else {
										_t79 = E01376ED8( *_t99, L"HKCR");
										__eflags = _t79;
										if(_t79 == 0) {
											goto L18;
										} else {
											_t105 =  *_t99;
											__eflags = _t79 - _t105;
											if(__eflags != 0) {
												goto L18;
											} else {
												_t80 = CharNextW(_t105);
												 *_t99 = _t80;
												_t81 = CharNextW(_t80);
												 *_t99 = _t81;
												_t82 = CharNextW(_t81);
												 *_t99 = _t82;
												_t83 = CharNextW(_t82);
												_push(L"HKCU\r\n{\tSoftware\r\n\t{\r\n\t\tClasses");
												_t114 = _t116 - 0x6c;
												 *_t99 = _t83;
												_t84 = E01312839(_t99, _t105, _t109, __eflags);
												__eflags = _t84;
												if(_t84 == 0) {
													L57:
													 *(_t116 - 0x58) = 0x8007000e;
												} else {
													 *((char*)(_t116 - 0x52)) = 1;
													goto L18;
												}
											}
										}
									}
								}
								goto L39;
								L36:
								_t70 = CharNextW( *_t99);
								 *_t99 = _t70;
								__eflags =  *_t70;
							} while ( *_t70 != 0);
							_t109 =  *(_t116 - 0x70);
							goto L38;
						}
						L39:
						__imp__CoTaskMemFree( *(_t116 - 0x64));
					} else {
						__imp__CoTaskMemFree(_t101);
					}
				}
				return E0137C2C5(_t99, _t109, _t114);
				goto L60;
			}


































                                                                                                                                                                                                                                0x01313137
                                                                                                                                                                                                                                0x01313137
                                                                                                                                                                                                                                0x0131313e
                                                                                                                                                                                                                                0x01313143
                                                                                                                                                                                                                                0x01313145
                                                                                                                                                                                                                                0x01313147
                                                                                                                                                                                                                                0x0131314c
                                                                                                                                                                                                                                0x0131315a
                                                                                                                                                                                                                                0x01313164
                                                                                                                                                                                                                                0x01313169
                                                                                                                                                                                                                                0x0131316b
                                                                                                                                                                                                                                0x0131316b
                                                                                                                                                                                                                                0x01313170
                                                                                                                                                                                                                                0x01313174
                                                                                                                                                                                                                                0x0131317b
                                                                                                                                                                                                                                0x01313182
                                                                                                                                                                                                                                0x01313187
                                                                                                                                                                                                                                0x0131318c
                                                                                                                                                                                                                                0x01313195
                                                                                                                                                                                                                                0x0131318e
                                                                                                                                                                                                                                0x0131318e
                                                                                                                                                                                                                                0x0131318e
                                                                                                                                                                                                                                0x0131319b
                                                                                                                                                                                                                                0x0131319d
                                                                                                                                                                                                                                0x013131a2
                                                                                                                                                                                                                                0x013131a6
                                                                                                                                                                                                                                0x013131a6
                                                                                                                                                                                                                                0x013131a9
                                                                                                                                                                                                                                0x013131ae
                                                                                                                                                                                                                                0x013131c1
                                                                                                                                                                                                                                0x013131c6
                                                                                                                                                                                                                                0x013131c8
                                                                                                                                                                                                                                0x013131cb
                                                                                                                                                                                                                                0x013131ce
                                                                                                                                                                                                                                0x013131d1
                                                                                                                                                                                                                                0x013131d5
                                                                                                                                                                                                                                0x013131d9
                                                                                                                                                                                                                                0x013131dc
                                                                                                                                                                                                                                0x01313303
                                                                                                                                                                                                                                0x01313306
                                                                                                                                                                                                                                0x01313306
                                                                                                                                                                                                                                0x01313306
                                                                                                                                                                                                                                0x0131330a
                                                                                                                                                                                                                                0x013131e2
                                                                                                                                                                                                                                0x013131e2
                                                                                                                                                                                                                                0x013131e2
                                                                                                                                                                                                                                0x013131e6
                                                                                                                                                                                                                                0x013132c1
                                                                                                                                                                                                                                0x013132c1
                                                                                                                                                                                                                                0x013132c3
                                                                                                                                                                                                                                0x013132c7
                                                                                                                                                                                                                                0x013132c8
                                                                                                                                                                                                                                0x013132d9
                                                                                                                                                                                                                                0x013132db
                                                                                                                                                                                                                                0x013132dc
                                                                                                                                                                                                                                0x013132df
                                                                                                                                                                                                                                0x013132e4
                                                                                                                                                                                                                                0x013132e6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132ca
                                                                                                                                                                                                                                0x013132ca
                                                                                                                                                                                                                                0x013132d0
                                                                                                                                                                                                                                0x013132d2
                                                                                                                                                                                                                                0x013132d6
                                                                                                                                                                                                                                0x0131331f
                                                                                                                                                                                                                                0x01313325
                                                                                                                                                                                                                                0x01313328
                                                                                                                                                                                                                                0x0131332a
                                                                                                                                                                                                                                0x013133c0
                                                                                                                                                                                                                                0x013133c0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313330
                                                                                                                                                                                                                                0x01313330
                                                                                                                                                                                                                                0x01313334
                                                                                                                                                                                                                                0x01313336
                                                                                                                                                                                                                                0x01313339
                                                                                                                                                                                                                                0x013133cc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131333f
                                                                                                                                                                                                                                0x0131334d
                                                                                                                                                                                                                                0x01313352
                                                                                                                                                                                                                                0x01313355
                                                                                                                                                                                                                                0x01313357
                                                                                                                                                                                                                                0x0131335a
                                                                                                                                                                                                                                0x0131335d
                                                                                                                                                                                                                                0x0131337a
                                                                                                                                                                                                                                0x0131337a
                                                                                                                                                                                                                                0x0131337a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131335f
                                                                                                                                                                                                                                0x01313365
                                                                                                                                                                                                                                0x0131336a
                                                                                                                                                                                                                                0x01313370
                                                                                                                                                                                                                                0x01313372
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313374
                                                                                                                                                                                                                                0x01313375
                                                                                                                                                                                                                                0x01313378
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313378
                                                                                                                                                                                                                                0x0131335f
                                                                                                                                                                                                                                0x0131337d
                                                                                                                                                                                                                                0x0131337d
                                                                                                                                                                                                                                0x01313380
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313382
                                                                                                                                                                                                                                0x01313382
                                                                                                                                                                                                                                0x01313384
                                                                                                                                                                                                                                0x013133d8
                                                                                                                                                                                                                                0x013133e3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313386
                                                                                                                                                                                                                                0x01313386
                                                                                                                                                                                                                                0x01313389
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131338b
                                                                                                                                                                                                                                0x0131338e
                                                                                                                                                                                                                                0x01313391
                                                                                                                                                                                                                                0x01313393
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313395
                                                                                                                                                                                                                                0x01313395
                                                                                                                                                                                                                                0x01313396
                                                                                                                                                                                                                                0x01313399
                                                                                                                                                                                                                                0x0131339e
                                                                                                                                                                                                                                0x013133a0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013133a2
                                                                                                                                                                                                                                0x013133a2
                                                                                                                                                                                                                                0x013133a5
                                                                                                                                                                                                                                0x013133a7
                                                                                                                                                                                                                                0x013133ad
                                                                                                                                                                                                                                0x013133af
                                                                                                                                                                                                                                0x013133b5
                                                                                                                                                                                                                                0x013133b7
                                                                                                                                                                                                                                0x013133b7
                                                                                                                                                                                                                                0x013133bb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013133a7
                                                                                                                                                                                                                                0x013133a0
                                                                                                                                                                                                                                0x01313393
                                                                                                                                                                                                                                0x01313389
                                                                                                                                                                                                                                0x01313384
                                                                                                                                                                                                                                0x01313380
                                                                                                                                                                                                                                0x01313339
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132d8
                                                                                                                                                                                                                                0x013132d8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132d8
                                                                                                                                                                                                                                0x013132d6
                                                                                                                                                                                                                                0x013131ec
                                                                                                                                                                                                                                0x013131ec
                                                                                                                                                                                                                                0x013131f0
                                                                                                                                                                                                                                0x0131323e
                                                                                                                                                                                                                                0x0131323e
                                                                                                                                                                                                                                0x01313242
                                                                                                                                                                                                                                0x01313243
                                                                                                                                                                                                                                0x01313246
                                                                                                                                                                                                                                0x01313285
                                                                                                                                                                                                                                0x01313285
                                                                                                                                                                                                                                0x01313289
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313248
                                                                                                                                                                                                                                0x01313248
                                                                                                                                                                                                                                0x0131324c
                                                                                                                                                                                                                                0x01313254
                                                                                                                                                                                                                                0x0131325b
                                                                                                                                                                                                                                0x0131325f
                                                                                                                                                                                                                                0x01313260
                                                                                                                                                                                                                                0x01313263
                                                                                                                                                                                                                                0x0131326d
                                                                                                                                                                                                                                0x01313272
                                                                                                                                                                                                                                0x01313273
                                                                                                                                                                                                                                0x01313276
                                                                                                                                                                                                                                0x01313278
                                                                                                                                                                                                                                0x0131327d
                                                                                                                                                                                                                                0x0131327f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313265
                                                                                                                                                                                                                                0x01313265
                                                                                                                                                                                                                                0x0131328b
                                                                                                                                                                                                                                0x0131328d
                                                                                                                                                                                                                                0x01313290
                                                                                                                                                                                                                                0x01313293
                                                                                                                                                                                                                                0x01313295
                                                                                                                                                                                                                                0x01313295
                                                                                                                                                                                                                                0x01313295
                                                                                                                                                                                                                                0x01313295
                                                                                                                                                                                                                                0x01313298
                                                                                                                                                                                                                                0x0131329b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131329d
                                                                                                                                                                                                                                0x0131329d
                                                                                                                                                                                                                                0x0131329d
                                                                                                                                                                                                                                0x0131329d
                                                                                                                                                                                                                                0x013132a0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132a2
                                                                                                                                                                                                                                0x013132a2
                                                                                                                                                                                                                                0x013132a6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132a8
                                                                                                                                                                                                                                0x013132a8
                                                                                                                                                                                                                                0x013132ad
                                                                                                                                                                                                                                0x013132b0
                                                                                                                                                                                                                                0x013132b5
                                                                                                                                                                                                                                0x013132b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132bd
                                                                                                                                                                                                                                0x013132bd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132bd
                                                                                                                                                                                                                                0x013132b7
                                                                                                                                                                                                                                0x013132a6
                                                                                                                                                                                                                                0x013132a0
                                                                                                                                                                                                                                0x0131329b
                                                                                                                                                                                                                                0x0131324e
                                                                                                                                                                                                                                0x0131324e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131324e
                                                                                                                                                                                                                                0x0131324c
                                                                                                                                                                                                                                0x013131f2
                                                                                                                                                                                                                                0x013131fa
                                                                                                                                                                                                                                0x01313201
                                                                                                                                                                                                                                0x01313203
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313205
                                                                                                                                                                                                                                0x01313205
                                                                                                                                                                                                                                0x01313207
                                                                                                                                                                                                                                0x01313209
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131320b
                                                                                                                                                                                                                                0x01313212
                                                                                                                                                                                                                                0x01313215
                                                                                                                                                                                                                                0x01313217
                                                                                                                                                                                                                                0x0131321a
                                                                                                                                                                                                                                0x0131321c
                                                                                                                                                                                                                                0x0131321f
                                                                                                                                                                                                                                0x01313221
                                                                                                                                                                                                                                0x01313223
                                                                                                                                                                                                                                0x01313228
                                                                                                                                                                                                                                0x0131322b
                                                                                                                                                                                                                                0x0131322d
                                                                                                                                                                                                                                0x01313232
                                                                                                                                                                                                                                0x01313234
                                                                                                                                                                                                                                0x013133e9
                                                                                                                                                                                                                                0x013133e9
                                                                                                                                                                                                                                0x0131323a
                                                                                                                                                                                                                                0x0131323a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131323a
                                                                                                                                                                                                                                0x01313234
                                                                                                                                                                                                                                0x01313209
                                                                                                                                                                                                                                0x01313203
                                                                                                                                                                                                                                0x013131f0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013132ec
                                                                                                                                                                                                                                0x013132ee
                                                                                                                                                                                                                                0x013132f4
                                                                                                                                                                                                                                0x013132f6
                                                                                                                                                                                                                                0x013132f6
                                                                                                                                                                                                                                0x01313300
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01313300
                                                                                                                                                                                                                                0x0131330c
                                                                                                                                                                                                                                0x0131330f
                                                                                                                                                                                                                                0x013131b0
                                                                                                                                                                                                                                0x013131b1
                                                                                                                                                                                                                                0x013131b7
                                                                                                                                                                                                                                0x013131ae
                                                                                                                                                                                                                                0x013133ff
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0131313E
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,00000068,0131342F,00000000,?), ref: 0131315E
                                                                                                                                                                                                                                • CoTaskMemAlloc.OLE32(?,?,?,?), ref: 01313195
                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,?,?), ref: 013131B1
                                                                                                                                                                                                                                • CharNextW.USER32(HKCR), ref: 01313212
                                                                                                                                                                                                                                • CharNextW.USER32(00000000), ref: 01313217
                                                                                                                                                                                                                                • CharNextW.USER32(00000000), ref: 0131321C
                                                                                                                                                                                                                                • CharNextW.USER32(00000000), ref: 01313221
                                                                                                                                                                                                                                  • Part of subcall function 01312839: __EH_prolog3.LIBCMT ref: 01312840
                                                                                                                                                                                                                                  • Part of subcall function 01312839: lstrlenW.KERNEL32(?,00000004,0131339E,?,?,?,?,?,?,?,?,?), ref: 01312855
                                                                                                                                                                                                                                • CharNextW.USER32(08000000), ref: 0131325B
                                                                                                                                                                                                                                • CharNextW.USER32 ref: 0131326D
                                                                                                                                                                                                                                • CharNextW.USER32(08000000), ref: 013132CA
                                                                                                                                                                                                                                • CharNextW.USER32(?,08000000), ref: 013132EE
                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 0131330F
                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0131336A
                                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,?,?,?,?,?,?,?), ref: 013133AF
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,?,?,?,?,?,?,?), ref: 013133E3
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext$Task$Freelstrlen$AllocExceptionH_prolog3H_prolog3_Raiselstrcmpi
                                                                                                                                                                                                                                • String ID: }}$HKCR$HKCU{Software{Classes
                                                                                                                                                                                                                                • API String ID: 3924261392-1142484189
                                                                                                                                                                                                                                • Opcode ID: 61067850b32655617c490a4fef4c1a5afb38cd97f045b5b7de5b0edd45323d3a
                                                                                                                                                                                                                                • Instruction ID: 2a4d5bae5f83d66c8b8455af02f67b226376692dce4b7b37bcf7fa850835db86
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61067850b32655617c490a4fef4c1a5afb38cd97f045b5b7de5b0edd45323d3a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F681DD719003558FEF2AABA8C8447AE7BB8FF05328F144429E805EF28DDB75E841CB55
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01320B74, Relevance: 28.7, APIs: 19, Instructions: 200COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 56%
                                                                                                                                                                                                                                			E01320B74(void* __ebx, intOrPtr* __ecx, struct HDC__* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t84;
				int _t87;
				intOrPtr* _t109;
				signed int _t116;
				void _t117;
				WCHAR* _t125;
				signed int _t143;
				intOrPtr* _t146;
				struct HDC__* _t148;
				void* _t153;
				void* _t154;
				void* _t162;

				_t142 = __edx;
				_push(0x308);
				E0137C242(0x139352d, __ebx, __edi, __esi);
				_t148 = __edx;
				_t146 = __ecx;
				 *(_t153 - 0x308) = __edx;
				 *(_t153 - 4) =  *(_t153 - 4) & 0x00000000;
				GetClientRect( *(__ecx + 4), _t153 - 0x20);
				if( *((char*)(_t146 + 0x2c)) == 0) {
					FillRect(_t148, _t153 - 0x20, CreateSolidBrush( *(_t146 + 0x24)));
					SetBkColor(_t148,  *(_t146 + 0x24));
				} else {
					SetBkMode(_t148, 1);
				}
				 *(_t153 - 0x304) = 0x1f4;
				SystemParametersInfoW(0x29, 0x1f4, _t153 - 0x304, 0);
				_t84 = CreateFontIndirectW(_t153 - 0x16c);
				 *(_t153 - 0x314) = _t84;
				 *(_t153 - 4) = 1;
				_t124 = SelectObject;
				SelectObject(_t148, _t84);
				SetTextColor(_t148,  *(_t146 + 0x28));
				_t159 =  *((char*)(_t146 + 0x34));
				if( *((char*)(_t146 + 0x34)) == 0) {
					 *(_t153 - 0x30c) =  *(_t153 - 0x30c) & 0x00000000;
					_push(1);
					 *(_t153 - 4) = 2;
					_push( *(_t146 + 0x2d) & 0x000000ff);
					_push(0);
					_push(0xffffffff);
					_push(0xfde9);
					_push(0xfde9);
					 *(_t153 - 0x310) = _t154 - 0x1c;
					E013116F0(_t154 - 0x1c, _t146 + 0x38);
					_push(_t153 - 0x98);
					_t109 = E0135BED6(SelectObject, _t146, _t148, _t159);
					if( *((intOrPtr*)(_t109 + 0x14)) >= 8) {
						_t109 =  *_t109;
					}
					_push( *(_t146 + 0x30));
					_push(_t153 - 0x30c);
					E013206D4(_t124, _t142, _t146, _t109);
					E0131AA87(_t153 - 0x98, 1, 0);
					GetObjectW( *(_t153 - 0x314), 0x5c, _t153 - 0x7c);
					GetObjectW( *(_t153 - 0x30c), 0x5c, _t153 - 0x110);
					_t116 =  *(_t146 + 0x30);
					if(_t116 != 0xffffffff) {
						_t117 =  ~_t116;
					} else {
						_t117 =  *(_t153 - 0x7c);
					}
					 *(_t153 - 0x310) = 0;
					E01320689(_t153 - 0x310, _t117,  *((intOrPtr*)(_t153 - 0x74)),  *((intOrPtr*)(_t153 - 0x70)),  *((intOrPtr*)(_t153 - 0x100)),  *(_t146 + 0x2e) & 0x000000ff,  *(_t146 + 0x2f) & 0x000000ff, 0,  *((intOrPtr*)(_t153 - 0x65)),  *((intOrPtr*)(_t153 - 0x64)),  *((intOrPtr*)(_t153 - 0x63)),  *((intOrPtr*)(_t153 - 0x62)),  *((intOrPtr*)(_t153 - 0x61)), _t153 - 0xf4);
					SelectObject( *(_t153 - 0x308),  *(_t153 - 0x310));
					 *(_t153 - 4) = 1;
					_t162 =  *(_t153 - 0x30c);
					if(_t162 != 0) {
						DeleteObject( *(_t153 - 0x30c));
					}
				}
				_t149 = GetWindowTextLengthW;
				_t87 = GetWindowTextLengthW( *(_t146 + 4));
				_t143 = 2;
				_push( ~(0 | _t162 > 0x00000000) | (_t87 + 0x00000001) * _t143);
				_t125 = E013638C3(_t146, GetWindowTextLengthW, _t162);
				GetWindowTextW( *(_t146 + 4), _t125, GetWindowTextLengthW( *(_t146 + 4)) + 1);
				E01319B30(_t153 - 0xb4, _t125);
				if( *((char*)(_t146 + 0x35)) == 0) {
					__eflags =  *((char*)(_t146 + 0x70));
					if( *((char*)(_t146 + 0x70)) == 0) {
						_push(0x10);
						goto L23;
					}
					_t146 = _t146 + 0x54;
					__eflags =  *((intOrPtr*)(_t146 + 0x14)) - 8;
					if( *((intOrPtr*)(_t146 + 0x14)) >= 8) {
						_t146 =  *_t146;
					}
					_push(0x10);
					goto L16;
				} else {
					if( *((char*)(_t146 + 0x70)) == 0) {
						_push(0x21);
						L23:
						_push(_t153 - 0x20);
						_push(0xffffffff);
						_push(_t125);
						L24:
						DrawTextW( *(_t153 - 0x308), ??, ??, ??, ??);
						if(_t125 != 0) {
							_push(_t125);
							E013748B6();
						}
						E0131AA87(_t153 - 0xb4, 1, 0);
						if( *(_t153 - 0x314) != 0) {
							DeleteObject( *(_t153 - 0x314));
						}
						return E0137C2C5(_t125, _t146, _t149);
					}
					_t146 = _t146 + 0x54;
					if( *((intOrPtr*)(_t146 + 0x14)) >= 8) {
						_t146 =  *_t146;
					}
					_push(0x21);
					L16:
					_push(_t153 - 0x20);
					_push(0xffffffff);
					_push(_t146);
					goto L24;
				}
			}















                                                                                                                                                                                                                                0x01320b74
                                                                                                                                                                                                                                0x01320b74
                                                                                                                                                                                                                                0x01320b7e
                                                                                                                                                                                                                                0x01320b83
                                                                                                                                                                                                                                0x01320b85
                                                                                                                                                                                                                                0x01320b87
                                                                                                                                                                                                                                0x01320b8d
                                                                                                                                                                                                                                0x01320b98
                                                                                                                                                                                                                                0x01320ba2
                                                                                                                                                                                                                                0x01320bbe
                                                                                                                                                                                                                                0x01320bc8
                                                                                                                                                                                                                                0x01320ba4
                                                                                                                                                                                                                                0x01320ba7
                                                                                                                                                                                                                                0x01320ba7
                                                                                                                                                                                                                                0x01320bdf
                                                                                                                                                                                                                                0x01320be5
                                                                                                                                                                                                                                0x01320bf2
                                                                                                                                                                                                                                0x01320bf8
                                                                                                                                                                                                                                0x01320bff
                                                                                                                                                                                                                                0x01320c03
                                                                                                                                                                                                                                0x01320c0a
                                                                                                                                                                                                                                0x01320c10
                                                                                                                                                                                                                                0x01320c16
                                                                                                                                                                                                                                0x01320c1a
                                                                                                                                                                                                                                0x01320c20
                                                                                                                                                                                                                                0x01320c27
                                                                                                                                                                                                                                0x01320c29
                                                                                                                                                                                                                                0x01320c31
                                                                                                                                                                                                                                0x01320c32
                                                                                                                                                                                                                                0x01320c34
                                                                                                                                                                                                                                0x01320c3b
                                                                                                                                                                                                                                0x01320c3c
                                                                                                                                                                                                                                0x01320c45
                                                                                                                                                                                                                                0x01320c4c
                                                                                                                                                                                                                                0x01320c57
                                                                                                                                                                                                                                0x01320c58
                                                                                                                                                                                                                                0x01320c64
                                                                                                                                                                                                                                0x01320c66
                                                                                                                                                                                                                                0x01320c66
                                                                                                                                                                                                                                0x01320c68
                                                                                                                                                                                                                                0x01320c71
                                                                                                                                                                                                                                0x01320c74
                                                                                                                                                                                                                                0x01320c83
                                                                                                                                                                                                                                0x01320c9a
                                                                                                                                                                                                                                0x01320cab
                                                                                                                                                                                                                                0x01320cad
                                                                                                                                                                                                                                0x01320cb3
                                                                                                                                                                                                                                0x01320cba
                                                                                                                                                                                                                                0x01320cb5
                                                                                                                                                                                                                                0x01320cb5
                                                                                                                                                                                                                                0x01320cb5
                                                                                                                                                                                                                                0x01320cd2
                                                                                                                                                                                                                                0x01320cf9
                                                                                                                                                                                                                                0x01320d0a
                                                                                                                                                                                                                                0x01320d0c
                                                                                                                                                                                                                                0x01320d10
                                                                                                                                                                                                                                0x01320d16
                                                                                                                                                                                                                                0x01320d1e
                                                                                                                                                                                                                                0x01320d1e
                                                                                                                                                                                                                                0x01320d16
                                                                                                                                                                                                                                0x01320d27
                                                                                                                                                                                                                                0x01320d2d
                                                                                                                                                                                                                                0x01320d34
                                                                                                                                                                                                                                0x01320d3e
                                                                                                                                                                                                                                0x01320d48
                                                                                                                                                                                                                                0x01320d52
                                                                                                                                                                                                                                0x01320d5f
                                                                                                                                                                                                                                0x01320d68
                                                                                                                                                                                                                                0x01320d8a
                                                                                                                                                                                                                                0x01320d8e
                                                                                                                                                                                                                                0x01320d9f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01320d9f
                                                                                                                                                                                                                                0x01320d90
                                                                                                                                                                                                                                0x01320d93
                                                                                                                                                                                                                                0x01320d97
                                                                                                                                                                                                                                0x01320d99
                                                                                                                                                                                                                                0x01320d99
                                                                                                                                                                                                                                0x01320d9b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01320d6a
                                                                                                                                                                                                                                0x01320d6e
                                                                                                                                                                                                                                0x01320d86
                                                                                                                                                                                                                                0x01320da1
                                                                                                                                                                                                                                0x01320da4
                                                                                                                                                                                                                                0x01320da5
                                                                                                                                                                                                                                0x01320da7
                                                                                                                                                                                                                                0x01320da8
                                                                                                                                                                                                                                0x01320dae
                                                                                                                                                                                                                                0x01320db6
                                                                                                                                                                                                                                0x01320db8
                                                                                                                                                                                                                                0x01320db9
                                                                                                                                                                                                                                0x01320dbe
                                                                                                                                                                                                                                0x01320dc9
                                                                                                                                                                                                                                0x01320dd5
                                                                                                                                                                                                                                0x01320ddd
                                                                                                                                                                                                                                0x01320ddd
                                                                                                                                                                                                                                0x01320deb
                                                                                                                                                                                                                                0x01320deb
                                                                                                                                                                                                                                0x01320d70
                                                                                                                                                                                                                                0x01320d77
                                                                                                                                                                                                                                0x01320d79
                                                                                                                                                                                                                                0x01320d79
                                                                                                                                                                                                                                0x01320d7b
                                                                                                                                                                                                                                0x01320d7d
                                                                                                                                                                                                                                0x01320d80
                                                                                                                                                                                                                                0x01320d81
                                                                                                                                                                                                                                0x01320d83
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01320d83

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01320B7E
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 01320B98
                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 01320BA7
                                                                                                                                                                                                                                  • Part of subcall function 01320689: CreateFontW.GDI32(?,00000000,?,?,?,00000000,?,?,?,?,?,?,?,01320189,?,01320189), ref: 013206C5
                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 01320BB2
                                                                                                                                                                                                                                • FillRect.USER32 ref: 01320BBE
                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 01320BC8
                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 01320BE5
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 01320BF2
                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 01320C0A
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 01320C10
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?,00000001,00000000,?,?), ref: 01320C9A
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 01320CAB
                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 01320D0A
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 01320D1E
                                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000001), ref: 01320D2D
                                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000001), ref: 01320D4A
                                                                                                                                                                                                                                • GetWindowTextW.USER32 ref: 01320D52
                                                                                                                                                                                                                                • DrawTextW.USER32 ref: 01320DAE
                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 01320DDD
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Object$Text$CreateWindow$ColorDeleteFontLengthRectSelect$BrushClientDrawFillH_prolog3_IndirectInfoModeParametersSolidSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3503674268-0
                                                                                                                                                                                                                                • Opcode ID: f5edeecdece8e97f0c67caf88d34653ff57fd587ed3efa6f8a8eb2c5c183184c
                                                                                                                                                                                                                                • Instruction ID: 5f0e739df21d2551c8ffc42d70c65af3900ea694acafda8c030ffe93a2a17533
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5edeecdece8e97f0c67caf88d34653ff57fd587ed3efa6f8a8eb2c5c183184c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94718E71801229AFEF269BA4CC49FEDBB7DFF09314F040199F209A6191C775AA98CF51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131800E, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 110registrywindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E0131800E() {
				struct _WNDCLASSEXW _v52;
				struct HINSTANCE__* _v56;
				void* __ebx;
				void* __esi;
				void* __ebp;
				int _t41;
				int _t47;
				struct HINSTANCE__* _t49;
				signed int _t53;
				struct HINSTANCE__* _t55;
				signed int _t59;
				WCHAR* _t62;
				WCHAR* _t63;
				int _t72;

				EnterCriticalSection(0x13c1788);
				 *0x13c29c8 = RegisterWindowMessageW(L"WM_ATLGETHOST");
				_t41 = RegisterWindowMessageW(L"WM_ATLGETCONTROL");
				_t72 = 0x30;
				 *0x13c29cc = _t41;
				_t62 = L"AtlAxWin100";
				_v52.cbSize = RegisterWindowMessageW;
				if(GetClassInfoExW( *0x13c1728, _t62,  &_v52) != 0) {
					L3:
					E01376F40( &_v52, 0, _t72);
					_t63 = L"AtlAxWinLic100";
					_v52.cbSize = _t72;
					_t47 = GetClassInfoExW( *0x13c1728, _t63,  &_v52);
					_v56 = _t47;
					if(_t47 == 0) {
						_t49 =  *0x13c1728; // 0x1310000
						_v52.cbSize = _t72;
						_v52.style = 8;
						_v52.lpfnWndProc = 0x1317cfb;
						_v52.cbClsExtra = 0;
						_v52.cbWndExtra = 0;
						_v52.hInstance = _t49;
						_v52.hIcon = 0;
						_v52.hCursor = LoadCursorW(0, 0x7f00);
						_v52.hbrBackground = 6;
						_v52.lpszMenuName = 0;
						_v52.lpszClassName = _t63;
						_v52.hIconSm = 0;
						_t53 = RegisterClassExW( &_v52) & 0x0000ffff;
						_v56 = _t53;
						if(_t53 == 0) {
							goto L6;
						} else {
							E0131950F( &_v56, 0x13c17a4);
							_v56 = 1;
						}
					}
				} else {
					_t55 =  *0x13c1728; // 0x1310000
					_v52.cbSize = _t72;
					_v52.style = 8;
					_v52.lpfnWndProc = 0x1317adf;
					_v52.cbClsExtra = 0;
					_v52.cbWndExtra = 0;
					_v52.hInstance = _t55;
					_v52.hIcon = 0;
					_v52.hCursor = LoadCursorW(0, 0x7f00);
					_v52.hbrBackground = 6;
					_v52.lpszMenuName = 0;
					_v52.lpszClassName = _t62;
					_v52.hIconSm = 0;
					_t59 = RegisterClassExW( &_v52) & 0x0000ffff;
					_v56 = _t59;
					if(_t59 == 0) {
						L6:
						_v56 = 0;
					} else {
						E0131950F( &_v56, 0x13c17a4);
						_t72 = 0x30;
						goto L3;
					}
				}
				LeaveCriticalSection(0x13c1788);
				return _v56;
			}

















                                                                                                                                                                                                                                0x0131801f
                                                                                                                                                                                                                                0x01318037
                                                                                                                                                                                                                                0x0131803c
                                                                                                                                                                                                                                0x01318040
                                                                                                                                                                                                                                0x01318041
                                                                                                                                                                                                                                0x0131804b
                                                                                                                                                                                                                                0x01318057
                                                                                                                                                                                                                                0x01318065
                                                                                                                                                                                                                                0x013180e0
                                                                                                                                                                                                                                0x013180e7
                                                                                                                                                                                                                                0x013180f4
                                                                                                                                                                                                                                0x01318100
                                                                                                                                                                                                                                0x01318104
                                                                                                                                                                                                                                0x0131810a
                                                                                                                                                                                                                                0x01318110
                                                                                                                                                                                                                                0x01318116
                                                                                                                                                                                                                                0x01318121
                                                                                                                                                                                                                                0x01318125
                                                                                                                                                                                                                                0x0131812d
                                                                                                                                                                                                                                0x01318135
                                                                                                                                                                                                                                0x01318139
                                                                                                                                                                                                                                0x0131813d
                                                                                                                                                                                                                                0x01318141
                                                                                                                                                                                                                                0x0131814b
                                                                                                                                                                                                                                0x01318154
                                                                                                                                                                                                                                0x0131815c
                                                                                                                                                                                                                                0x01318160
                                                                                                                                                                                                                                0x01318164
                                                                                                                                                                                                                                0x0131816e
                                                                                                                                                                                                                                0x01318171
                                                                                                                                                                                                                                0x01318178
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131817a
                                                                                                                                                                                                                                0x01318183
                                                                                                                                                                                                                                0x01318188
                                                                                                                                                                                                                                0x01318188
                                                                                                                                                                                                                                0x01318178
                                                                                                                                                                                                                                0x01318067
                                                                                                                                                                                                                                0x01318067
                                                                                                                                                                                                                                0x01318072
                                                                                                                                                                                                                                0x01318076
                                                                                                                                                                                                                                0x0131807e
                                                                                                                                                                                                                                0x01318086
                                                                                                                                                                                                                                0x0131808a
                                                                                                                                                                                                                                0x0131808e
                                                                                                                                                                                                                                0x01318092
                                                                                                                                                                                                                                0x0131809c
                                                                                                                                                                                                                                0x013180a5
                                                                                                                                                                                                                                0x013180ad
                                                                                                                                                                                                                                0x013180b1
                                                                                                                                                                                                                                0x013180b5
                                                                                                                                                                                                                                0x013180bf
                                                                                                                                                                                                                                0x013180c2
                                                                                                                                                                                                                                0x013180c9
                                                                                                                                                                                                                                0x01318192
                                                                                                                                                                                                                                0x01318192
                                                                                                                                                                                                                                0x013180cf
                                                                                                                                                                                                                                0x013180d8
                                                                                                                                                                                                                                0x013180df
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013180df
                                                                                                                                                                                                                                0x013180c9
                                                                                                                                                                                                                                0x0131819b
                                                                                                                                                                                                                                0x013181ab

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(013C1788,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 0131801F
                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(WM_ATLGETHOST,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 01318030
                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(WM_ATLGETCONTROL,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 0131803C
                                                                                                                                                                                                                                • GetClassInfoExW.USER32 ref: 0131805B
                                                                                                                                                                                                                                • LoadCursorW.USER32 ref: 01318096
                                                                                                                                                                                                                                • RegisterClassExW.USER32 ref: 013180B9
                                                                                                                                                                                                                                  • Part of subcall function 0131950F: __recalloc.LIBCMT ref: 0131954D
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 013180E7
                                                                                                                                                                                                                                • GetClassInfoExW.USER32 ref: 01318104
                                                                                                                                                                                                                                • LoadCursorW.USER32 ref: 01318145
                                                                                                                                                                                                                                • RegisterClassExW.USER32 ref: 01318168
                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(013C1788,?,?,?,?,?,?,?,?,?,?,?,?,?,01317F55), ref: 0131819B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ClassRegister$CriticalCursorInfoLoadMessageSectionWindow$EnterLeave__recalloc_memset
                                                                                                                                                                                                                                • String ID: AtlAxWin100$AtlAxWinLic100$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                                                                                                                                                • API String ID: 2252124385-1587594278
                                                                                                                                                                                                                                • Opcode ID: b21fdf1262e7682d50d0b03a0b6bf62aaf4bfadd8d3e80daa39121f687e7937e
                                                                                                                                                                                                                                • Instruction ID: b530d2d30b5bc8918b7c18087f824ec51d0ebb3a944ad14a1b8f506c015ab204
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b21fdf1262e7682d50d0b03a0b6bf62aaf4bfadd8d3e80daa39121f687e7937e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD4126B1908310AFC311DF1AD88496BFBE8FB88758F40991EF599A2204D3759909CF96
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134A2F3, Relevance: 25.7, APIs: 17, Instructions: 194COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                			E0134A2F3(struct HWND__* __ecx, void* __edx, void* __eflags, int* _a4) {
				signed int _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v76;
				struct HWND__* _v80;
				struct HWND__* _v84;
				struct HWND__* _v88;
				struct HWND__* _v92;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t64;
				struct HWND__* _t77;
				intOrPtr _t85;
				WCHAR* _t102;
				void* _t112;
				int _t125;
				RECT* _t126;
				void* _t137;
				struct HWND__** _t138;
				void* _t139;
				struct HWND__* _t142;
				struct HWND__* _t144;
				intOrPtr* _t145;
				void* _t146;
				signed int _t147;
				signed int _t154;

				_t137 = __edx;
				_t64 =  *0x13bce20; // 0xa1d783ff
				_v12 = _t64 ^ _t147;
				 *_a4 = 1;
				_t142 = __ecx;
				_t138 = __ecx + 4;
				_v80 = __ecx;
				GetWindowRect( *_t138,  &_v28);
				MoveWindow( *_t138, 0, 0,  *(_t142 + 0xcc), _v28.bottom - _v28.top, 1);
				E0131F26E(_t138, _t137);
				GetWindowRect( *_t138,  &_v28);
				_v88 = GetDlgItem( *_t138, 0xd3);
				_v92 = GetDlgItem( *_t138, 0xffffffff);
				_t77 = GetDlgItem( *_t138, 0xe1);
				_v84 = _t77;
				EnableWindow(_t77,  *(_v80 + 0x12c) & 0x000000ff);
				GetWindowRect(_v92,  &_v44);
				GetWindowRect(_v88,  &_v60);
				GetWindowRect(_v84,  &_v76);
				_t125 = 0x28;
				_t85 = 0xffffffd8;
				_v44.right = _t85;
				_v60.right = _t85;
				_v44.left = GetWindowRect;
				_v60.left = GetWindowRect;
				_v76.left = 0x215;
				_v76.right = 0x260;
				MoveWindow(_v92, GetWindowRect, 0x5a, _v28.right - _v28.left - 0x50, _v44.bottom - _v44.top, 1);
				MoveWindow(_v88, _t125, 0x78, _v28.right - _v28.left - 0x50, _v60.bottom - _v60.top, 1);
				MoveWindow(_v84, _v28.right - _v28.left - 0x58, 0xa0, 0x4b, 0x17, 1);
				_t144 = _v80;
				_t102 = _t144 + 0x94;
				_t151 = _t102[0xa] - 8;
				if(_t102[0xa] >= 8) {
					_t102 =  *_t102;
				}
				SetWindowTextW(_v84, _t102);
				_push(0x9c);
				_v80 =  *_t138;
				if(E013753A6(_t138, _t144, _t151) == 0) {
					_t126 = 0;
					__eflags = 0;
				} else {
					_t126 = E013497D1(_t105);
				}
				_t139 = _t144 + 0x114;
				if( *0x13bffd0 == 0) {
					 *0x13bffd0 =  *0x13bffd0 & 0x00000000;
					_t154 =  *0x13bffd0;
				}
				_push(_v80);
				_t47 = _t126 + 0x20; // 0x20
				E01347E09(_t126, _t154, _v80, _t139, 0x13a0d00, 0x50000000, 0x20, 0, E0131D71A(0x13bffa0, _t47) & 0x0000ffff);
				_t145 = _t144 + 0xf8;
				if( *((intOrPtr*)(_t145 + 0x14)) >= 8) {
					_t145 =  *_t145;
				}
				if( *((intOrPtr*)(_t126 + 0x6c)) != 0 && ( *(_t126 + 0x64) & 0x00000008) != 0) {
					_t54 = _t126 + 0x68; // 0x68
					E0132996F(_t54);
				}
				_t55 = _t126 + 0x68; // 0x68
				_t112 = E01329ABE(_t145, _t137, _t55);
				_t146 = InvalidateRect;
				if(_t112 == 0) {
					 *(_t126 + 0x64) =  *(_t126 + 0x64) | 0x00000008;
					if(IsWindow( *(_t126 + 4)) != 0) {
						E01349AF9(_t126);
						InvalidateRect( *(_t126 + 4), 0, 1);
					}
				}
				 *(_t126 + 0x64) =  *(_t126 + 0x64) | 0x00000002;
				E01349AF9(_t126);
				InvalidateRect( *(_t126 + 4), 0, 1);
				return E013748C1(1, _t126, _v12 ^ _t147, _t137, 0, _t146);
			}































                                                                                                                                                                                                                                0x0134a2f3
                                                                                                                                                                                                                                0x0134a2f9
                                                                                                                                                                                                                                0x0134a300
                                                                                                                                                                                                                                0x0134a30f
                                                                                                                                                                                                                                0x0134a315
                                                                                                                                                                                                                                0x0134a31b
                                                                                                                                                                                                                                0x0134a320
                                                                                                                                                                                                                                0x0134a323
                                                                                                                                                                                                                                0x0134a340
                                                                                                                                                                                                                                0x0134a344
                                                                                                                                                                                                                                0x0134a34f
                                                                                                                                                                                                                                0x0134a362
                                                                                                                                                                                                                                0x0134a372
                                                                                                                                                                                                                                0x0134a375
                                                                                                                                                                                                                                0x0134a387
                                                                                                                                                                                                                                0x0134a38a
                                                                                                                                                                                                                                0x0134a397
                                                                                                                                                                                                                                0x0134a3a0
                                                                                                                                                                                                                                0x0134a3a9
                                                                                                                                                                                                                                0x0134a3ad
                                                                                                                                                                                                                                0x0134a3b0
                                                                                                                                                                                                                                0x0134a3b1
                                                                                                                                                                                                                                0x0134a3b4
                                                                                                                                                                                                                                0x0134a3c6
                                                                                                                                                                                                                                0x0134a3d3
                                                                                                                                                                                                                                0x0134a3d6
                                                                                                                                                                                                                                0x0134a3dd
                                                                                                                                                                                                                                0x0134a3e4
                                                                                                                                                                                                                                0x0134a3ff
                                                                                                                                                                                                                                0x0134a419
                                                                                                                                                                                                                                0x0134a41b
                                                                                                                                                                                                                                0x0134a41e
                                                                                                                                                                                                                                0x0134a424
                                                                                                                                                                                                                                0x0134a428
                                                                                                                                                                                                                                0x0134a42a
                                                                                                                                                                                                                                0x0134a42a
                                                                                                                                                                                                                                0x0134a430
                                                                                                                                                                                                                                0x0134a438
                                                                                                                                                                                                                                0x0134a43d
                                                                                                                                                                                                                                0x0134a448
                                                                                                                                                                                                                                0x0134a455
                                                                                                                                                                                                                                0x0134a455
                                                                                                                                                                                                                                0x0134a44a
                                                                                                                                                                                                                                0x0134a451
                                                                                                                                                                                                                                0x0134a451
                                                                                                                                                                                                                                0x0134a45e
                                                                                                                                                                                                                                0x0134a464
                                                                                                                                                                                                                                0x0134a466
                                                                                                                                                                                                                                0x0134a466
                                                                                                                                                                                                                                0x0134a466
                                                                                                                                                                                                                                0x0134a46d
                                                                                                                                                                                                                                0x0134a470
                                                                                                                                                                                                                                0x0134a498
                                                                                                                                                                                                                                0x0134a49d
                                                                                                                                                                                                                                0x0134a4a7
                                                                                                                                                                                                                                0x0134a4a9
                                                                                                                                                                                                                                0x0134a4a9
                                                                                                                                                                                                                                0x0134a4b0
                                                                                                                                                                                                                                0x0134a4b8
                                                                                                                                                                                                                                0x0134a4bb
                                                                                                                                                                                                                                0x0134a4bb
                                                                                                                                                                                                                                0x0134a4c0
                                                                                                                                                                                                                                0x0134a4c6
                                                                                                                                                                                                                                0x0134a4cb
                                                                                                                                                                                                                                0x0134a4d3
                                                                                                                                                                                                                                0x0134a4d8
                                                                                                                                                                                                                                0x0134a4e4
                                                                                                                                                                                                                                0x0134a4e8
                                                                                                                                                                                                                                0x0134a4f3
                                                                                                                                                                                                                                0x0134a4f3
                                                                                                                                                                                                                                0x0134a4e4
                                                                                                                                                                                                                                0x0134a4f5
                                                                                                                                                                                                                                0x0134a4fb
                                                                                                                                                                                                                                0x0134a506
                                                                                                                                                                                                                                0x0134a519

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0134A323
                                                                                                                                                                                                                                • MoveWindow.USER32(?,00000000,00000000,?,?,00000001,?,00000001,?), ref: 0134A340
                                                                                                                                                                                                                                  • Part of subcall function 0131F26E: GetWindowLongW.USER32 ref: 0131F290
                                                                                                                                                                                                                                  • Part of subcall function 0131F26E: GetParent.USER32 ref: 0131F2A6
                                                                                                                                                                                                                                  • Part of subcall function 0131F26E: GetWindowRect.USER32 ref: 0131F2BD
                                                                                                                                                                                                                                  • Part of subcall function 0131F26E: GetWindowLongW.USER32 ref: 0131F2D8
                                                                                                                                                                                                                                  • Part of subcall function 0131F26E: MonitorFromWindow.USER32(?,00000002), ref: 0131F2FD
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0134A34F
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0134A358
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0134A365
                                                                                                                                                                                                                                • GetDlgItem.USER32 ref: 0134A375
                                                                                                                                                                                                                                • EnableWindow.USER32(00000000,?), ref: 0134A38A
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0134A397
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0134A3A0
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0134A3A9
                                                                                                                                                                                                                                • MoveWindow.USER32(?,00000028,0000005A,?,?,00000001,?,00000001,?), ref: 0134A3E4
                                                                                                                                                                                                                                • MoveWindow.USER32(?,00000028,00000078,?,?,00000001,?,00000001,?), ref: 0134A3FF
                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,000000A0,0000004B,00000017,00000001,?,00000001,?), ref: 0134A419
                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 0134A430
                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 0134A4DC
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0134A4F3
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,00000068,?,?,013A0D00,50000000,00000020,00000000,?), ref: 0134A506
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Rect$Move$Item$InvalidateLong$EnableFromMonitorParentText
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3060590528-0
                                                                                                                                                                                                                                • Opcode ID: a5b9bd4560ca570b83146511c27fc30102e8f0fa3fc06c17520272e8620e45ec
                                                                                                                                                                                                                                • Instruction ID: a4c26fb0ba42bba48bfd827b6c774ced795ee2982ddeeed750fb90ca79bb4b14
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5b9bd4560ca570b83146511c27fc30102e8f0fa3fc06c17520272e8620e45ec
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20611C71A40219AFEF11DFA8CC85FAEBBB9FF08714F104125E605BB294DB71A845CB64
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01315BD2, Relevance: 25.6, APIs: 17, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E01315BD2(intOrPtr __edx, void* __esi, intOrPtr* _a4) {
				signed int _v12;
				struct tagRECT _v28;
				struct tagPAINTSTRUCT _v96;
				void* _v100;
				struct HDC__* _v104;
				void* _v108;
				void* _v112;
				void* __ebx;
				void* __edi;
				signed int _t42;
				intOrPtr* _t44;
				void* _t45;
				struct HBITMAP__* _t55;
				void* _t61;
				struct HBRUSH__* _t63;
				intOrPtr* _t68;
				struct HDC__* _t72;
				struct HBRUSH__* _t78;
				void* _t81;
				void* _t84;
				signed int _t85;

				_t84 = __esi;
				_t82 = __edx;
				_t42 =  *0x13bce20; // 0xa1d783ff
				_v12 = _t42 ^ _t85;
				_t44 = _a4;
				if( *((intOrPtr*)(__esi + 0x70)) != 0) {
					if(( *(__esi + 0x98) & 0x00000008) == 0) {
						 *_t44 = 0;
						goto L17;
					} else {
						_t78 = BeginPaint( *(__esi + 4),  &_v96);
						_v104 = _t78;
						if(_t78 == 0) {
							goto L17;
						} else {
							GetClientRect( *(__esi + 4),  &_v28);
							_t55 = CreateCompatibleBitmap(_t78, _v28.right - _v28.left, _v28.bottom - _v28.top);
							_v100 = _t55;
							if(_t55 == 0) {
								goto L5;
							} else {
								_t78 = CreateCompatibleDC(_t78);
								if(_t78 != 0) {
									_t61 = SelectObject(_t78, _v100);
									_v112 = _t61;
									if(_t61 != 0) {
										_t63 = CreateSolidBrush( *(__esi + 0xcc));
										_v108 = _t63;
										if(_t63 != 0) {
											FillRect(_t78,  &_v28, _t63);
											DeleteObject(_v108);
											_t68 =  *((intOrPtr*)(__esi + 0x70));
											_t82 =  *_t68;
											_t81 = __esi + 0xb4;
											 *((intOrPtr*)( *_t68 + 0xc))(_t68, 1, 0xffffffff, 0, 0, 0, _t78, _t81, _t81, 0, 0);
											BitBlt(_v104, 0, 0, _v28.right, _v28.bottom, _t78, 0, 0, 0xcc0020);
										}
										SelectObject(_t78, _v112);
									}
									DeleteDC(_t78);
								}
								_push(_v100);
								goto L4;
							}
							L19:
						}
					}
				} else {
					_t72 = BeginPaint( *(__esi + 4),  &_v96);
					_v100 = _t72;
					if(_t72 == 0) {
						L17:
						_t45 = 0;
					} else {
						GetClientRect( *(__esi + 4),  &_v28);
						_t78 = CreateSolidBrush( *(__esi + 0xcc));
						if(_t78 != 0) {
							FillRect(_v100,  &_v28, _t78);
							_push(_t78);
							L4:
							DeleteObject();
						}
						L5:
						EndPaint( *(_t84 + 4),  &_v96);
						_t45 = 1;
					}
				}
				return E013748C1(_t45, _t78, _v12 ^ _t85, _t82, 0, _t84);
				goto L19;
			}
























                                                                                                                                                                                                                                0x01315bd2
                                                                                                                                                                                                                                0x01315bd2
                                                                                                                                                                                                                                0x01315bd8
                                                                                                                                                                                                                                0x01315bdf
                                                                                                                                                                                                                                0x01315be2
                                                                                                                                                                                                                                0x01315bec
                                                                                                                                                                                                                                0x01315c56
                                                                                                                                                                                                                                0x01315d32
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01315c5c
                                                                                                                                                                                                                                0x01315c69
                                                                                                                                                                                                                                0x01315c6b
                                                                                                                                                                                                                                0x01315c70
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01315c76
                                                                                                                                                                                                                                0x01315c7d
                                                                                                                                                                                                                                0x01315c92
                                                                                                                                                                                                                                0x01315c98
                                                                                                                                                                                                                                0x01315c9d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01315c9f
                                                                                                                                                                                                                                0x01315ca6
                                                                                                                                                                                                                                0x01315caa
                                                                                                                                                                                                                                0x01315cb0
                                                                                                                                                                                                                                0x01315cb6
                                                                                                                                                                                                                                0x01315cbb
                                                                                                                                                                                                                                0x01315cc3
                                                                                                                                                                                                                                0x01315cc9
                                                                                                                                                                                                                                0x01315cce
                                                                                                                                                                                                                                0x01315cd6
                                                                                                                                                                                                                                0x01315cdf
                                                                                                                                                                                                                                0x01315ce5
                                                                                                                                                                                                                                0x01315ce8
                                                                                                                                                                                                                                0x01315cec
                                                                                                                                                                                                                                0x01315cfd
                                                                                                                                                                                                                                0x01315d13
                                                                                                                                                                                                                                0x01315d13
                                                                                                                                                                                                                                0x01315d1d
                                                                                                                                                                                                                                0x01315d1d
                                                                                                                                                                                                                                0x01315d24
                                                                                                                                                                                                                                0x01315d24
                                                                                                                                                                                                                                0x01315d2a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01315d2a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01315c9d
                                                                                                                                                                                                                                0x01315c70
                                                                                                                                                                                                                                0x01315bee
                                                                                                                                                                                                                                0x01315bf5
                                                                                                                                                                                                                                0x01315bfb
                                                                                                                                                                                                                                0x01315c00
                                                                                                                                                                                                                                0x01315d34
                                                                                                                                                                                                                                0x01315d34
                                                                                                                                                                                                                                0x01315c06
                                                                                                                                                                                                                                0x01315c0d
                                                                                                                                                                                                                                0x01315c1f
                                                                                                                                                                                                                                0x01315c23
                                                                                                                                                                                                                                0x01315c2d
                                                                                                                                                                                                                                0x01315c33
                                                                                                                                                                                                                                0x01315c34
                                                                                                                                                                                                                                0x01315c34
                                                                                                                                                                                                                                0x01315c34
                                                                                                                                                                                                                                0x01315c3a
                                                                                                                                                                                                                                0x01315c41
                                                                                                                                                                                                                                0x01315c49
                                                                                                                                                                                                                                0x01315c49
                                                                                                                                                                                                                                0x01315c00
                                                                                                                                                                                                                                0x01315d43
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • BeginPaint.USER32(?,?,00000001,?), ref: 01315BF5
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 01315C0D
                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 01315C19
                                                                                                                                                                                                                                • FillRect.USER32 ref: 01315C2D
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 01315C34
                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 01315C41
                                                                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 01315C63
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 01315C7D
                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,01315406), ref: 01315C92
                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 01315CA0
                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 01315CB0
                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 01315CC3
                                                                                                                                                                                                                                • FillRect.USER32 ref: 01315CD6
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 01315CDF
                                                                                                                                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 01315D13
                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 01315D1D
                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 01315D24
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateObjectRect$DeletePaint$BeginBrushClientCompatibleFillSelectSolid$Bitmap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2927874120-0
                                                                                                                                                                                                                                • Opcode ID: 8d3404d3414b9a343dee569d04ef90c7b6b04106ad6f1a35392349287548cc99
                                                                                                                                                                                                                                • Instruction ID: 470c2808a87c20ff658c6138d676f99eabb4e27132941cf105e78d1439e8b8ba
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d3404d3414b9a343dee569d04ef90c7b6b04106ad6f1a35392349287548cc99
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3413971900209AFDB219FB4DC8DDAEBFBDFB89705F105918F61AE6218D7329805CB20
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131F26E, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 61%
                                                                                                                                                                                                                                			E0131F26E(struct HWND__** __ecx, void* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				void* _v76;
				struct tagMONITORINFO _v96;
				signed int _v100;
				signed int _v104;
				struct HWND__** _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t51;
				long _t53;
				struct HWND__* _t54;
				struct HMONITOR__* _t56;
				intOrPtr _t76;
				intOrPtr _t77;
				int _t79;
				int _t86;
				void* _t91;
				void* _t97;
				struct HWND__* _t98;
				int _t102;
				signed int _t108;

				_t96 = __edx;
				_t51 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t51 ^ _t108;
				_t97 = GetWindowLongW;
				_t102 = __ecx;
				_v108 = __ecx;
				_t53 = GetWindowLongW( *__ecx, 0xfffffff0);
				_t86 = GetParent;
				_v104 = _t53;
				_t4 =  &_v104;
				 *_t4 = _v104 & 0x40000000;
				if( *_t4 == 0) {
					_t54 = GetWindow( *_t102, 4);
				} else {
					_t54 = GetParent( *_t102);
				}
				_v100 = _t54;
				_t56 = GetWindowRect( *_t102,  &_v56);
				if(_v104 != 0) {
					_t98 = GetParent( *_t102);
					GetClientRect(_t98,  &_v40);
					GetClientRect(_v100,  &_v24);
					MapWindowPoints(_v100, _t98,  &_v24, 2);
					goto L18;
				} else {
					if(_v100 == 0) {
						L10:
						_push(2);
						_push( *_t102);
						L11:
						__imp__MonitorFromWindow();
						if(_t56 != 0) {
							_v96.cbSize = 0x28;
							if(GetMonitorInfoW(_t56,  &_v96) == 0) {
								goto L12;
							}
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							if(_v100 != 0) {
								GetWindowRect(_v100,  &_v24);
							} else {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
							}
							L18:
							_t91 = _v56.right - _v56.left;
							asm("cdq");
							_t97 = _v56.bottom - _v56.top;
							asm("cdq");
							_t102 = (_v24.left + _v24.right - _t96 >> 1) - (_t91 - _t96 >> 1);
							asm("cdq");
							asm("cdq");
							_t86 = (_v24.top + _v24.bottom - _t96 >> 1) - (_t97 - _t96 >> 1);
							_t76 = _v40.right;
							_t96 = _t102 + _t91;
							if(_t102 + _t91 > _t76) {
								_t102 = _t76 - _t91;
							}
							if(_t102 < _v40.left) {
								_t102 = _v40.left;
							}
							_t77 = _v40.bottom;
							if(_t86 + _t97 > _t77) {
								_t86 = _t77 - _t97;
							}
							if(_t86 < _v40.top) {
								_t86 = _v40.top;
							}
							_t79 = SetWindowPos( *_v108, 0, _t102, _t86, 0xffffffff, 0xffffffff, 0x15);
							L27:
							return E013748C1(_t79, _t86, _v8 ^ _t108, _t96, _t97, _t102);
						}
						L12:
						_t79 = 0;
						goto L27;
					}
					_t56 = GetWindowLongW(_v100, 0xfffffff0);
					if((_t56 & 0x10000000) == 0 || (_t56 & 0x20000000) != 0) {
						_v100 = _v100 & 0x00000000;
					}
					if(_v100 == 0) {
						goto L10;
					} else {
						_push(2);
						_push(_v100);
						goto L11;
					}
				}
			}




























                                                                                                                                                                                                                                0x0131f26e
                                                                                                                                                                                                                                0x0131f274
                                                                                                                                                                                                                                0x0131f27b
                                                                                                                                                                                                                                0x0131f281
                                                                                                                                                                                                                                0x0131f287
                                                                                                                                                                                                                                0x0131f28d
                                                                                                                                                                                                                                0x0131f290
                                                                                                                                                                                                                                0x0131f292
                                                                                                                                                                                                                                0x0131f298
                                                                                                                                                                                                                                0x0131f29b
                                                                                                                                                                                                                                0x0131f29b
                                                                                                                                                                                                                                0x0131f2a2
                                                                                                                                                                                                                                0x0131f2ae
                                                                                                                                                                                                                                0x0131f2a4
                                                                                                                                                                                                                                0x0131f2a6
                                                                                                                                                                                                                                0x0131f2a6
                                                                                                                                                                                                                                0x0131f2b4
                                                                                                                                                                                                                                0x0131f2bd
                                                                                                                                                                                                                                0x0131f2c7
                                                                                                                                                                                                                                0x0131f359
                                                                                                                                                                                                                                0x0131f360
                                                                                                                                                                                                                                0x0131f369
                                                                                                                                                                                                                                0x0131f375
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131f2cd
                                                                                                                                                                                                                                0x0131f2d1
                                                                                                                                                                                                                                0x0131f2f9
                                                                                                                                                                                                                                0x0131f2f9
                                                                                                                                                                                                                                0x0131f2fb
                                                                                                                                                                                                                                0x0131f2fd
                                                                                                                                                                                                                                0x0131f2fd
                                                                                                                                                                                                                                0x0131f305
                                                                                                                                                                                                                                0x0131f313
                                                                                                                                                                                                                                0x0131f322
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131f32e
                                                                                                                                                                                                                                0x0131f32f
                                                                                                                                                                                                                                0x0131f330
                                                                                                                                                                                                                                0x0131f331
                                                                                                                                                                                                                                0x0131f332
                                                                                                                                                                                                                                0x0131f347
                                                                                                                                                                                                                                0x0131f334
                                                                                                                                                                                                                                0x0131f33a
                                                                                                                                                                                                                                0x0131f33b
                                                                                                                                                                                                                                0x0131f33c
                                                                                                                                                                                                                                0x0131f33d
                                                                                                                                                                                                                                0x0131f33d
                                                                                                                                                                                                                                0x0131f37b
                                                                                                                                                                                                                                0x0131f384
                                                                                                                                                                                                                                0x0131f387
                                                                                                                                                                                                                                0x0131f38d
                                                                                                                                                                                                                                0x0131f394
                                                                                                                                                                                                                                0x0131f39b
                                                                                                                                                                                                                                0x0131f3a3
                                                                                                                                                                                                                                0x0131f3aa
                                                                                                                                                                                                                                0x0131f3b1
                                                                                                                                                                                                                                0x0131f3b3
                                                                                                                                                                                                                                0x0131f3b6
                                                                                                                                                                                                                                0x0131f3bb
                                                                                                                                                                                                                                0x0131f3bf
                                                                                                                                                                                                                                0x0131f3bf
                                                                                                                                                                                                                                0x0131f3c4
                                                                                                                                                                                                                                0x0131f3c6
                                                                                                                                                                                                                                0x0131f3c6
                                                                                                                                                                                                                                0x0131f3c9
                                                                                                                                                                                                                                0x0131f3d1
                                                                                                                                                                                                                                0x0131f3d5
                                                                                                                                                                                                                                0x0131f3d5
                                                                                                                                                                                                                                0x0131f3da
                                                                                                                                                                                                                                0x0131f3dc
                                                                                                                                                                                                                                0x0131f3dc
                                                                                                                                                                                                                                0x0131f3ee
                                                                                                                                                                                                                                0x0131f3f4
                                                                                                                                                                                                                                0x0131f402
                                                                                                                                                                                                                                0x0131f402
                                                                                                                                                                                                                                0x0131f307
                                                                                                                                                                                                                                0x0131f307
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131f307
                                                                                                                                                                                                                                0x0131f2d8
                                                                                                                                                                                                                                0x0131f2df
                                                                                                                                                                                                                                0x0131f2e8
                                                                                                                                                                                                                                0x0131f2e8
                                                                                                                                                                                                                                0x0131f2f0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131f2f2
                                                                                                                                                                                                                                0x0131f2f2
                                                                                                                                                                                                                                0x0131f2f4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131f2f4
                                                                                                                                                                                                                                0x0131f2f0

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 0131F290
                                                                                                                                                                                                                                • GetParent.USER32 ref: 0131F2A6
                                                                                                                                                                                                                                • GetWindow.USER32(?,00000004), ref: 0131F2AE
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0131F2BD
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 0131F2D8
                                                                                                                                                                                                                                • MonitorFromWindow.USER32(?,00000002), ref: 0131F2FD
                                                                                                                                                                                                                                • GetMonitorInfoW.USER32 ref: 0131F31A
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0131F347
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,000000FF,000000FF,00000015,?,?,?,?,00000004,?,000000F0), ref: 0131F3EE
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$LongMonitorRect$FromInfoParent
                                                                                                                                                                                                                                • String ID: (
                                                                                                                                                                                                                                • API String ID: 1468510684-3887548279
                                                                                                                                                                                                                                • Opcode ID: a8d34e3fb8bbfb31c067060e7e1b7a26b5d35e795ce496d2a8d42094109ca444
                                                                                                                                                                                                                                • Instruction ID: ad185e0bfeaad7eff3be62f519fe55115510f39b3837a6701360e72bcb2d49d0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8d34e3fb8bbfb31c067060e7e1b7a26b5d35e795ce496d2a8d42094109ca444
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55511835A00219DFDB25CFA8CD48AEDBBBAFF48318F140625E905B7298D771AD09CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0137B915, Relevance: 24.1, APIs: 16, Instructions: 95COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 97%
                                                                                                                                                                                                                                			E0137B915(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				intOrPtr _t17;
				intOrPtr _t19;
				void* _t42;
				intOrPtr* _t50;

				if(_a4 > 5 || _a8 == 0) {
					L4:
					return 0;
				} else {
					_t50 = E0137C651(8, 1);
					_t56 = _t50;
					if(_t50 != 0) {
						_t13 = E0137C651(0xd8, 1);
						 *_t50 = _t13;
						__eflags = _t13;
						if(_t13 != 0) {
							_t14 = E0137C651(0x220, 1);
							 *((intOrPtr*)(_t50 + 4)) = _t14;
							__eflags = _t14;
							if(_t14 != 0) {
								E0137AD86( *_t50, 0x13bd100);
								_t47 =  *_t50;
								_t17 = E0137B6F9(_a4,  *_t50, _a8);
								_pop(_t42);
								__eflags = _t17;
								if(__eflags != 0) {
									_t19 = E01381D03(_t42, _t47, __eflags,  *((intOrPtr*)( *_t50 + 4)),  *((intOrPtr*)(_t50 + 4)));
									__eflags = _t19;
									if(_t19 == 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_t50 + 4)))) = 1;
										 *((intOrPtr*)( *((intOrPtr*)(_t50 + 4)))) = 1;
										L17:
										return _t50;
									}
									E01375111( *((intOrPtr*)(_t50 + 4)));
									E01380F7D( *_t50);
									E01381016( *_t50);
									E01375111(_t50);
									L15:
									_t50 = 0;
									goto L17;
								}
								E01380F7D( *_t50);
								E01381016( *_t50);
								E01375111(_t50);
								goto L15;
							}
							E01375111( *_t50);
							E01375111(_t50);
							L8:
							goto L3;
						}
						E01375111(_t50);
						goto L8;
					}
					L3:
					 *((intOrPtr*)(E0137BDAC(_t56))) = 0xc;
					goto L4;
				}
			}









                                                                                                                                                                                                                                0x0137b920
                                                                                                                                                                                                                                0x0137b946
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137b928
                                                                                                                                                                                                                                0x0137b933
                                                                                                                                                                                                                                0x0137b937
                                                                                                                                                                                                                                0x0137b939
                                                                                                                                                                                                                                0x0137b952
                                                                                                                                                                                                                                0x0137b959
                                                                                                                                                                                                                                0x0137b95b
                                                                                                                                                                                                                                0x0137b95d
                                                                                                                                                                                                                                0x0137b96e
                                                                                                                                                                                                                                0x0137b975
                                                                                                                                                                                                                                0x0137b978
                                                                                                                                                                                                                                0x0137b97a
                                                                                                                                                                                                                                0x0137b993
                                                                                                                                                                                                                                0x0137b99e
                                                                                                                                                                                                                                0x0137b9a0
                                                                                                                                                                                                                                0x0137b9a5
                                                                                                                                                                                                                                0x0137b9a6
                                                                                                                                                                                                                                0x0137b9a8
                                                                                                                                                                                                                                0x0137b9cb
                                                                                                                                                                                                                                0x0137b9d2
                                                                                                                                                                                                                                0x0137b9d4
                                                                                                                                                                                                                                0x0137b9fc
                                                                                                                                                                                                                                0x0137ba01
                                                                                                                                                                                                                                0x0137ba03
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137ba03
                                                                                                                                                                                                                                0x0137b9d9
                                                                                                                                                                                                                                0x0137b9e0
                                                                                                                                                                                                                                0x0137b9e7
                                                                                                                                                                                                                                0x0137b9ed
                                                                                                                                                                                                                                0x0137b9f5
                                                                                                                                                                                                                                0x0137b9f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137b9f5
                                                                                                                                                                                                                                0x0137b9ac
                                                                                                                                                                                                                                0x0137b9b3
                                                                                                                                                                                                                                0x0137b9b9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137b9be
                                                                                                                                                                                                                                0x0137b97e
                                                                                                                                                                                                                                0x0137b984
                                                                                                                                                                                                                                0x0137b965
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137b965
                                                                                                                                                                                                                                0x0137b960
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137b960
                                                                                                                                                                                                                                0x0137b93b
                                                                                                                                                                                                                                0x0137b940
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137b940

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 0137B92E
                                                                                                                                                                                                                                  • Part of subcall function 0137C651: Sleep.KERNEL32(00000000,?,01381389,00000001,00000214,?,01357857,HandleEvents returning %s further.,continue), ref: 0137C679
                                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 0137B952
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0137B960
                                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 0137B96E
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0137B97E
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0137B984
                                                                                                                                                                                                                                • __copytlocinfo_nolock.LIBCMT ref: 0137B993
                                                                                                                                                                                                                                • __setlocale_nolock.LIBCMT ref: 0137B9A0
                                                                                                                                                                                                                                • ___removelocaleref.LIBCMT ref: 0137B9AC
                                                                                                                                                                                                                                • ___freetlocinfo.LIBCMT ref: 0137B9B3
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0137B9B9
                                                                                                                                                                                                                                • __setmbcp_nolock.LIBCMT ref: 0137B9CB
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0137B9D9
                                                                                                                                                                                                                                • ___removelocaleref.LIBCMT ref: 0137B9E0
                                                                                                                                                                                                                                • ___freetlocinfo.LIBCMT ref: 0137B9E7
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0137B9ED
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref$Sleep__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 888903860-0
                                                                                                                                                                                                                                • Opcode ID: 4e8e0ec23b24ae4a1d6a417119a92efb2bab70aaa5cc2f778df0f55d6959d764
                                                                                                                                                                                                                                • Instruction ID: e26290dad5f05cb7529e15b4d88ea3788863d4d7fa1448de258ffec344b19290
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e8e0ec23b24ae4a1d6a417119a92efb2bab70aaa5cc2f778df0f55d6959d764
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2521C435204603EFEB367F2DEC45A1AFBF4DF5276DB204019E49496165EE39D801C691
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01357579, Relevance: 21.2, APIs: 2, Strings: 10, Instructions: 233COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                			E01357579(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t77;
				intOrPtr _t78;
				intOrPtr _t81;
				char* _t84;
				intOrPtr _t103;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr _t112;
				intOrPtr _t130;
				void* _t152;
				intOrPtr _t160;
				intOrPtr _t162;
				void* _t168;
				void* _t178;
				intOrPtr _t190;
				intOrPtr _t191;
				void* _t192;
				intOrPtr _t193;
				intOrPtr _t197;
				intOrPtr _t201;

				_t186 = __edx;
				_push(0x88);
				E0137C242(0x1395d26, __ebx, __edi, __esi);
				_t190 = __ecx;
				 *((intOrPtr*)(_t192 - 0x90)) = __ecx;
				_t197 =  *0x13c2a33; // 0x0
				if(_t197 != 0) {
					_t130 =  *0x13bc000; // 0x139c820
					 *((intOrPtr*)(_t192 - 0x88)) =  *((intOrPtr*)(_t130 + 0xc))() + 0x10;
					 *(_t192 - 4) = 0;
					E01327581(_t192 - 0x88, __edx, L"HandleEvents. EventID %d",  *((intOrPtr*)(_t192 + 8)));
					_t191 =  *((intOrPtr*)(_t192 - 0x88));
					_t198 =  *((intOrPtr*)(_t191 - 4)) - 1;
					_pop(_t178);
					if( *((intOrPtr*)(_t191 - 4)) > 1) {
						E01327454(_t178, _t192 - 0x88,  *((intOrPtr*)(_t191 - 0xc)));
						_t191 =  *((intOrPtr*)(_t192 - 0x88));
					}
					E01319B30(_t192 - 0x48, _t191);
					_push(_t192 - 0x2c);
					 *(_t192 - 4) = 1;
					E0135BE26(0, _t192 - 0x48, 0x13c2b18, _t191, _t198);
					 *(_t192 - 4) = 3;
					E0131AA87(_t192 - 0x48, 1, 0);
					_t193 = _t193 - 0x1c;
					 *((intOrPtr*)(_t192 - 0x8c)) = _t193;
					E013116F0(_t193, _t192 - 0x2c);
					E0134BA76(0, 0x13c2b18, _t186, 0x13c2b18, _t191, _t198);
					E01311524(_t192 - 0x2c, 1, 0);
					 *(_t192 - 4) =  *(_t192 - 4) | 0xffffffff;
					E0131EAF8(_t191 - 0x10, _t186);
					_t190 =  *((intOrPtr*)(_t192 - 0x90));
				}
				_t77 =  *((intOrPtr*)(_t192 + 8));
				if(_t77 != 0xffffffff) {
					_t78 = _t77;
					__eflags = _t78;
					 *((char*)(_t192 - 0x81)) = 1;
					if(_t78 == 0) {
						__eflags =  *0x13c2a33; // 0x0
						if(__eflags != 0) {
							_t193 = _t193 - 0x1c;
							_t160 = _t193;
							 *((intOrPtr*)(_t192 - 0x8c)) = _t193;
							_push("Handling pip_local_error");
							goto L28;
						}
						goto L29;
					} else {
						_t103 = _t78 - 1;
						__eflags = _t103;
						if(_t103 == 0) {
							__eflags =  *0x13c2a33; // 0x0
							if(__eflags != 0) {
								_t193 = _t193 - 0x1c;
								_t162 = _t193;
								 *((intOrPtr*)(_t192 - 0x8c)) = _t193;
								_push("Handling remote exit event");
								goto L17;
							}
							goto L31;
						} else {
							_t106 = _t103 - 1;
							__eflags = _t106;
							if(_t106 == 0) {
								__eflags =  *0x13c2a33; // 0x0
								if(__eflags != 0) {
									_t193 = _t193 - 0x1c;
									_t160 = _t193;
									 *((intOrPtr*)(_t192 - 0x8c)) = _t193;
									_push("Handling pip_ui_ready_local");
									L28:
									E01319638(_t160);
									E0134BA76(0, 0x13c2b18, _t186, 0x13c2b18, _t190, __eflags);
								}
								L29:
								__eflags =  *((intOrPtr*)(_t190 + 0xb8));
								if( *((intOrPtr*)(_t190 + 0xb8)) == 0) {
									goto L30;
								}
								goto L31;
							} else {
								_t107 = _t106 - 1;
								__eflags = _t107;
								if(_t107 == 0) {
									__eflags =  *0x13c2a33; // 0x0
									if(__eflags != 0) {
										_t193 = _t193 - 0x1c;
										 *((intOrPtr*)(_t192 - 0x8c)) = _t193;
										E01319638(_t193, "Handling pip_ui_ready_remote");
										E0134BA76(0, 0x13c2b18, _t186, 0x13c2b18, _t190, __eflags);
									}
									__eflags =  *((intOrPtr*)(_t190 + 0xb8));
									if( *((intOrPtr*)(_t190 + 0xb8)) != 0) {
										L30:
										E013578DF(_t190);
									}
									goto L31;
								} else {
									__eflags = _t107 == 1;
									if(_t107 == 1) {
										__eflags =  *0x13c2a33; // 0x0
										if(__eflags != 0) {
											_t193 = _t193 - 0x1c;
											_t162 = _t193;
											 *((intOrPtr*)(_t192 - 0x8c)) = _t193;
											_push("Handling remote process exited.");
											L17:
											E01319638(_t162);
											E0134BA76(0, 0x13c2b18, _t186, 0x13c2b18, _t190, __eflags);
										}
										L31:
										 *((char*)(_t192 - 0x81)) = 0;
									}
								}
							}
						}
					}
					__eflags =  *0x13c2a33; // 0x0
					if(__eflags != 0) {
						_t81 =  *0x13bc000; // 0x139c820
						 *((intOrPtr*)(_t192 - 0x88)) =  *((intOrPtr*)(_t81 + 0xc))() + 0x10;
						 *(_t192 - 4) = 8;
						_t84 = L"continue";
						__eflags =  *((intOrPtr*)(_t192 - 0x81));
						if( *((intOrPtr*)(_t192 - 0x81)) == 0) {
							_t84 = L"abort";
						}
						E01327581(_t192 - 0x88, _t186, L"HandleEvents returning %s further.", _t84);
						_t190 =  *((intOrPtr*)(_t192 - 0x88));
						__eflags =  *((intOrPtr*)(_t190 - 4)) - 1;
						_pop(_t152);
						if( *((intOrPtr*)(_t190 - 4)) > 1) {
							E01327454(_t152, _t192 - 0x88,  *((intOrPtr*)(_t190 - 0xc)));
							_t190 =  *((intOrPtr*)(_t192 - 0x88));
						}
						E01319B30(_t192 - 0x80, _t190);
						_push(_t192 - 0x64);
						 *(_t192 - 4) = 9;
						E0135BE26(0, _t192 - 0x80, 0x13c2b18, _t190, __eflags);
						 *(_t192 - 4) = 0xb;
						E0131AA87(_t192 - 0x80, 1, 0);
						 *((intOrPtr*)(_t192 - 0x8c)) = _t193 - 0x1c;
						E013116F0(_t193 - 0x1c, _t192 - 0x64);
						E0134BA76(0, 0x13c2b18, _t186, 0x13c2b18, _t190, __eflags);
						E01311524(_t192 - 0x64, 1, 0);
						E0131EAF8(_t190 - 0x10, _t186);
					}
				} else {
					_t201 =  *0x13c2a33; // 0x0
					if(_t201 != 0) {
						_t112 =  *0x13bc000; // 0x139c820
						 *((intOrPtr*)(_t192 - 0x88)) =  *((intOrPtr*)(_t112 + 0xc))() + 0x10;
						 *(_t192 - 4) = 4;
						E01327581(_t192 - 0x88, _t186, L"HandleEvents returning abort. LastError %d", GetLastError());
						_t190 =  *((intOrPtr*)(_t192 - 0x88));
						_t202 =  *((intOrPtr*)(_t190 - 4)) - 1;
						_pop(_t168);
						if( *((intOrPtr*)(_t190 - 4)) > 1) {
							E01327454(_t168, _t192 - 0x88,  *((intOrPtr*)(_t190 - 0xc)));
							_t190 =  *((intOrPtr*)(_t192 - 0x88));
						}
						E01319B30(_t192 - 0x2c, _t190);
						_push(_t192 - 0x48);
						 *(_t192 - 4) = 5;
						E0135BE26(0, _t192 - 0x2c, 0x13c2b18, _t190, _t202);
						 *(_t192 - 4) = 7;
						E0131AA87(_t192 - 0x2c, 1, 0);
						 *((intOrPtr*)(_t192 - 0x8c)) = _t193 - 0x1c;
						E013116F0(_t193 - 0x1c, _t192 - 0x48);
						E0134BA76(0, 0x13c2b18, _t186, 0x13c2b18, _t190, _t202);
						E01311524(_t192 - 0x48, 1, 0);
						_t44 = _t190 - 0x10; // -16
						E0131EAF8(_t44, _t186);
					}
				}
				return E0137C2C5(0, 0x13c2b18, _t190);
			}























                                                                                                                                                                                                                                0x01357579
                                                                                                                                                                                                                                0x01357579
                                                                                                                                                                                                                                0x01357583
                                                                                                                                                                                                                                0x0135758a
                                                                                                                                                                                                                                0x0135758c
                                                                                                                                                                                                                                0x01357597
                                                                                                                                                                                                                                0x0135759d
                                                                                                                                                                                                                                0x013575a3
                                                                                                                                                                                                                                0x013575b3
                                                                                                                                                                                                                                0x013575c7
                                                                                                                                                                                                                                0x013575ca
                                                                                                                                                                                                                                0x013575cf
                                                                                                                                                                                                                                0x013575d5
                                                                                                                                                                                                                                0x013575da
                                                                                                                                                                                                                                0x013575db
                                                                                                                                                                                                                                0x013575e7
                                                                                                                                                                                                                                0x013575ec
                                                                                                                                                                                                                                0x013575ec
                                                                                                                                                                                                                                0x013575f6
                                                                                                                                                                                                                                0x013575fe
                                                                                                                                                                                                                                0x01357602
                                                                                                                                                                                                                                0x01357606
                                                                                                                                                                                                                                0x01357612
                                                                                                                                                                                                                                0x01357616
                                                                                                                                                                                                                                0x0135761b
                                                                                                                                                                                                                                0x01357623
                                                                                                                                                                                                                                0x0135762a
                                                                                                                                                                                                                                0x01357631
                                                                                                                                                                                                                                0x0135763c
                                                                                                                                                                                                                                0x01357641
                                                                                                                                                                                                                                0x01357648
                                                                                                                                                                                                                                0x0135764d
                                                                                                                                                                                                                                0x0135764d
                                                                                                                                                                                                                                0x01357653
                                                                                                                                                                                                                                0x01357659
                                                                                                                                                                                                                                0x01357720
                                                                                                                                                                                                                                0x01357720
                                                                                                                                                                                                                                0x01357722
                                                                                                                                                                                                                                0x01357729
                                                                                                                                                                                                                                0x013577d2
                                                                                                                                                                                                                                0x013577d8
                                                                                                                                                                                                                                0x013577da
                                                                                                                                                                                                                                0x013577dd
                                                                                                                                                                                                                                0x013577df
                                                                                                                                                                                                                                0x013577e5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013577e5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135772f
                                                                                                                                                                                                                                0x0135772f
                                                                                                                                                                                                                                0x0135772f
                                                                                                                                                                                                                                0x01357730
                                                                                                                                                                                                                                0x013577b8
                                                                                                                                                                                                                                0x013577be
                                                                                                                                                                                                                                0x013577c0
                                                                                                                                                                                                                                0x013577c3
                                                                                                                                                                                                                                0x013577c5
                                                                                                                                                                                                                                0x013577cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013577cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01357736
                                                                                                                                                                                                                                0x01357736
                                                                                                                                                                                                                                0x01357736
                                                                                                                                                                                                                                0x01357737
                                                                                                                                                                                                                                0x0135779e
                                                                                                                                                                                                                                0x013577a4
                                                                                                                                                                                                                                0x013577a6
                                                                                                                                                                                                                                0x013577a9
                                                                                                                                                                                                                                0x013577ab
                                                                                                                                                                                                                                0x013577b1
                                                                                                                                                                                                                                0x013577ea
                                                                                                                                                                                                                                0x013577ea
                                                                                                                                                                                                                                0x013577f1
                                                                                                                                                                                                                                0x013577f1
                                                                                                                                                                                                                                0x013577f6
                                                                                                                                                                                                                                0x013577f6
                                                                                                                                                                                                                                0x013577fc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01357739
                                                                                                                                                                                                                                0x01357739
                                                                                                                                                                                                                                0x01357739
                                                                                                                                                                                                                                0x0135773a
                                                                                                                                                                                                                                0x01357770
                                                                                                                                                                                                                                0x01357776
                                                                                                                                                                                                                                0x01357778
                                                                                                                                                                                                                                0x0135777d
                                                                                                                                                                                                                                0x01357788
                                                                                                                                                                                                                                0x0135778f
                                                                                                                                                                                                                                0x0135778f
                                                                                                                                                                                                                                0x01357794
                                                                                                                                                                                                                                0x0135779a
                                                                                                                                                                                                                                0x013577fe
                                                                                                                                                                                                                                0x01357800
                                                                                                                                                                                                                                0x01357800
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135773c
                                                                                                                                                                                                                                0x0135773c
                                                                                                                                                                                                                                0x0135773d
                                                                                                                                                                                                                                0x01357743
                                                                                                                                                                                                                                0x01357749
                                                                                                                                                                                                                                0x0135774f
                                                                                                                                                                                                                                0x01357752
                                                                                                                                                                                                                                0x01357754
                                                                                                                                                                                                                                0x0135775a
                                                                                                                                                                                                                                0x0135775f
                                                                                                                                                                                                                                0x0135775f
                                                                                                                                                                                                                                0x01357766
                                                                                                                                                                                                                                0x01357766
                                                                                                                                                                                                                                0x01357805
                                                                                                                                                                                                                                0x01357805
                                                                                                                                                                                                                                0x01357805
                                                                                                                                                                                                                                0x0135773d
                                                                                                                                                                                                                                0x0135773a
                                                                                                                                                                                                                                0x01357737
                                                                                                                                                                                                                                0x01357730
                                                                                                                                                                                                                                0x0135780b
                                                                                                                                                                                                                                0x01357811
                                                                                                                                                                                                                                0x01357817
                                                                                                                                                                                                                                0x01357827
                                                                                                                                                                                                                                0x0135782d
                                                                                                                                                                                                                                0x01357834
                                                                                                                                                                                                                                0x01357839
                                                                                                                                                                                                                                0x0135783f
                                                                                                                                                                                                                                0x01357841
                                                                                                                                                                                                                                0x01357841
                                                                                                                                                                                                                                0x01357852
                                                                                                                                                                                                                                0x01357857
                                                                                                                                                                                                                                0x0135785d
                                                                                                                                                                                                                                0x01357862
                                                                                                                                                                                                                                0x01357863
                                                                                                                                                                                                                                0x0135786f
                                                                                                                                                                                                                                0x01357874
                                                                                                                                                                                                                                0x01357874
                                                                                                                                                                                                                                0x0135787e
                                                                                                                                                                                                                                0x01357886
                                                                                                                                                                                                                                0x0135788a
                                                                                                                                                                                                                                0x0135788e
                                                                                                                                                                                                                                0x0135789a
                                                                                                                                                                                                                                0x0135789e
                                                                                                                                                                                                                                0x013578ab
                                                                                                                                                                                                                                0x013578b2
                                                                                                                                                                                                                                0x013578b9
                                                                                                                                                                                                                                0x013578c4
                                                                                                                                                                                                                                0x013578cc
                                                                                                                                                                                                                                0x013578cc
                                                                                                                                                                                                                                0x0135765f
                                                                                                                                                                                                                                0x0135765f
                                                                                                                                                                                                                                0x01357665
                                                                                                                                                                                                                                0x0135766b
                                                                                                                                                                                                                                0x0135767b
                                                                                                                                                                                                                                0x01357681
                                                                                                                                                                                                                                0x0135769a
                                                                                                                                                                                                                                0x0135769f
                                                                                                                                                                                                                                0x013576a5
                                                                                                                                                                                                                                0x013576aa
                                                                                                                                                                                                                                0x013576ab
                                                                                                                                                                                                                                0x013576b7
                                                                                                                                                                                                                                0x013576bc
                                                                                                                                                                                                                                0x013576bc
                                                                                                                                                                                                                                0x013576c6
                                                                                                                                                                                                                                0x013576ce
                                                                                                                                                                                                                                0x013576d2
                                                                                                                                                                                                                                0x013576d6
                                                                                                                                                                                                                                0x013576e2
                                                                                                                                                                                                                                0x013576e6
                                                                                                                                                                                                                                0x013576f3
                                                                                                                                                                                                                                0x013576fa
                                                                                                                                                                                                                                0x01357701
                                                                                                                                                                                                                                0x0135770c
                                                                                                                                                                                                                                0x01357711
                                                                                                                                                                                                                                0x01357714
                                                                                                                                                                                                                                0x01357714
                                                                                                                                                                                                                                0x01357719
                                                                                                                                                                                                                                0x013578dc

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01357583
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 01357688
                                                                                                                                                                                                                                  • Part of subcall function 01327581: _vwprintf.LIBCMT ref: 0132759F
                                                                                                                                                                                                                                  • Part of subcall function 01327581: _vswprintf_s.LIBCMT ref: 013275C3
                                                                                                                                                                                                                                  • Part of subcall function 01327454: _memcpy_s.LIBCMT ref: 01327498
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0134BC6C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_$CurrentErrorIos_base_dtorLastLocalProcessTime_memcpy_s_memset_strlen_vswprintf_s_vwprintfstd::ios_base::_swprintf
                                                                                                                                                                                                                                • String ID: HandleEvents returning %s further.$HandleEvents returning abort. LastError %d$HandleEvents. EventID %d$Handling pip_local_error$Handling pip_ui_ready_local$Handling pip_ui_ready_remote$Handling remote exit event$Handling remote process exited.$abort$continue
                                                                                                                                                                                                                                • API String ID: 1041530440-470094772
                                                                                                                                                                                                                                • Opcode ID: 9d53d0d7e991675bf0c357a1c9cf9abf2918ae9b67c13bb5b5131f249ea87924
                                                                                                                                                                                                                                • Instruction ID: fe98bd63ce64ad7be0f7513e905eec96ebbcf76bb8d374ad6a3d28fff2d0ba51
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d53d0d7e991675bf0c357a1c9cf9abf2918ae9b67c13bb5b5131f249ea87924
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A91B171D04259DFEB64EB6CC891FEDBF78BF11208F848089D849A7284DE705A88DB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01346030, Relevance: 21.2, APIs: 14, Instructions: 188COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 71%
                                                                                                                                                                                                                                			E01346030(void* __ecx, void* __edx) {
				signed int _v8;
				void* _v20;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				WCHAR* _v60;
				void* _v64;
				int _v68;
				struct HDC__* _v76;
				struct tagRECT* _v80;
				WCHAR* _v84;
				void* _v88;
				struct HWND__* _v92;
				char _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t88;
				struct HWND__* _t91;
				void* _t97;
				void* _t101;
				WCHAR* _t102;
				signed int _t104;
				int _t108;
				void* _t123;
				void* _t136;
				signed int _t139;
				long _t142;
				signed int _t145;

				_t136 = __edx;
				_t88 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t88 ^ _t145;
				_t131 = __ecx;
				if(IsWindow( *(__ecx + 4)) != 0) {
					_t142 = 0;
					if( *((intOrPtr*)(_t131 + 0x24)) != 0 ||  *((intOrPtr*)(_t131 + 0x28)) != 0) {
						_t91 =  *(_t131 + 4);
						_v92 = _t91;
						_v76 = GetDC(_t91);
						_v24.left = _t142;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						GetClientRect( *(_t131 + 4),  &_v24);
						_t137 = _t131 + 0x38;
						_v80 = _t131 + 0x38;
						_t142 =  &_v24;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(( *(_t131 + 0x58) & 0x00000001) == 0) {
							L26:
							ReleaseDC(_v92, _v76);
							_t97 = 1;
							L27:
							return E013748C1(_t97, _t131, _v8 ^ _t145, _t136, _t137, _t142);
						}
						if(( *(_t131 + 0x54) >> 0x00000004 & 0x00000001) == 0) {
							_t101 =  *(_t131 + 0x30);
							_v64 = _v64 & 0x00000000;
							_t142 = SelectObject;
							if(_t101 != 0) {
								_v64 = SelectObject(_v76, _t101);
							}
							_t102 =  *((intOrPtr*)(_t131 + 0x24));
							if(_t102 == 0) {
								_t102 =  *((intOrPtr*)(_t131 + 0x28));
							}
							_v60 = _t102;
							_t139 = GetWindowLongW( *(_t131 + 4), 0xfffffff0);
							_v68 = _t139;
							_t104 = 0;
							_t137 = _t139 & 0x00000001;
							if(_t137 == 0) {
								if((_v68 & 0x00000002) != 0) {
									_t104 = 2;
								}
							} else {
								_t104 = 1;
							}
							DrawTextW(_v76, _v60, 0xffffffff, _v80, _t104 | 0x00000410);
							if( *(_t131 + 0x30) != 0) {
								SelectObject(_v76, _v64);
							}
							if(_t137 == 0) {
								if((_v68 & 0x00000002) == 0) {
									goto L26;
								}
								_t108 = _v24.right -  *((intOrPtr*)(_t131 + 0x40));
								goto L25;
							} else {
								asm("cdq");
								_t108 = _v24.right -  *((intOrPtr*)(_t131 + 0x40)) - _t136 >> 1;
								L25:
								OffsetRect(_v80, _t108, 0);
								goto L26;
							}
						}
						_v84 = 0;
						_v68 = 0;
						_v60 = 0;
						_v64 = 0;
						_v88 = 0;
						_v96 = 0;
						E0134686A(_t131,  &_v84,  &_v68,  &_v60,  &_v64,  &_v88,  &_v96);
						_t123 = SelectObject(_v76,  *(_t131 + 0x34));
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_v88 = _t123;
						asm("movsd");
						if(_v84 != 0) {
							DrawTextW(_v76, _v84, _v68,  &_v56, 0x410);
						}
						_t131 = SelectObject;
						SelectObject(_v76,  *0x00000030);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_v84 != 0) {
							_v40.left = _v56.right;
						}
						DrawTextW(_v76, _v60, _v64,  &_v40, 0x410);
						SelectObject(_v76, _v88);
						_t137 = _v80;
						_t142 =  &_v40;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						goto L26;
					} else {
						goto L1;
					}
				}
				L1:
				_t97 = 0;
				goto L27;
			}
































                                                                                                                                                                                                                                0x01346030
                                                                                                                                                                                                                                0x01346036
                                                                                                                                                                                                                                0x0134603d
                                                                                                                                                                                                                                0x01346043
                                                                                                                                                                                                                                0x01346050
                                                                                                                                                                                                                                0x01346059
                                                                                                                                                                                                                                0x0134605e
                                                                                                                                                                                                                                0x01346065
                                                                                                                                                                                                                                0x01346069
                                                                                                                                                                                                                                0x01346072
                                                                                                                                                                                                                                0x01346077
                                                                                                                                                                                                                                0x0134607d
                                                                                                                                                                                                                                0x0134607e
                                                                                                                                                                                                                                0x0134607f
                                                                                                                                                                                                                                0x01346087
                                                                                                                                                                                                                                0x01346091
                                                                                                                                                                                                                                0x01346094
                                                                                                                                                                                                                                0x01346097
                                                                                                                                                                                                                                0x0134609a
                                                                                                                                                                                                                                0x0134609b
                                                                                                                                                                                                                                0x0134609c
                                                                                                                                                                                                                                0x0134609d
                                                                                                                                                                                                                                0x0134609e
                                                                                                                                                                                                                                0x01346207
                                                                                                                                                                                                                                0x0134620d
                                                                                                                                                                                                                                0x01346213
                                                                                                                                                                                                                                0x01346215
                                                                                                                                                                                                                                0x01346223
                                                                                                                                                                                                                                0x01346223
                                                                                                                                                                                                                                0x013460ac
                                                                                                                                                                                                                                0x0134616f
                                                                                                                                                                                                                                0x01346172
                                                                                                                                                                                                                                0x01346176
                                                                                                                                                                                                                                0x0134617e
                                                                                                                                                                                                                                0x01346186
                                                                                                                                                                                                                                0x01346186
                                                                                                                                                                                                                                0x01346189
                                                                                                                                                                                                                                0x0134618e
                                                                                                                                                                                                                                0x01346190
                                                                                                                                                                                                                                0x01346190
                                                                                                                                                                                                                                0x01346198
                                                                                                                                                                                                                                0x013461a1
                                                                                                                                                                                                                                0x013461a3
                                                                                                                                                                                                                                0x013461a6
                                                                                                                                                                                                                                0x013461a8
                                                                                                                                                                                                                                0x013461ab
                                                                                                                                                                                                                                0x013461b4
                                                                                                                                                                                                                                0x013461b8
                                                                                                                                                                                                                                0x013461b8
                                                                                                                                                                                                                                0x013461ad
                                                                                                                                                                                                                                0x013461ad
                                                                                                                                                                                                                                0x013461ad
                                                                                                                                                                                                                                0x013461ca
                                                                                                                                                                                                                                0x013461d4
                                                                                                                                                                                                                                0x013461dc
                                                                                                                                                                                                                                0x013461dc
                                                                                                                                                                                                                                0x013461e0
                                                                                                                                                                                                                                0x013461f3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013461f8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013461e2
                                                                                                                                                                                                                                0x013461e8
                                                                                                                                                                                                                                0x013461eb
                                                                                                                                                                                                                                0x013461fb
                                                                                                                                                                                                                                0x01346201
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01346201
                                                                                                                                                                                                                                0x013461e0
                                                                                                                                                                                                                                0x013460b4
                                                                                                                                                                                                                                0x013460b7
                                                                                                                                                                                                                                0x013460ba
                                                                                                                                                                                                                                0x013460bd
                                                                                                                                                                                                                                0x013460c0
                                                                                                                                                                                                                                0x013460c3
                                                                                                                                                                                                                                0x013460e0
                                                                                                                                                                                                                                0x013460eb
                                                                                                                                                                                                                                0x013460fb
                                                                                                                                                                                                                                0x013460fc
                                                                                                                                                                                                                                0x013460fd
                                                                                                                                                                                                                                0x013460fe
                                                                                                                                                                                                                                0x01346101
                                                                                                                                                                                                                                0x01346102
                                                                                                                                                                                                                                0x01346116
                                                                                                                                                                                                                                0x01346116
                                                                                                                                                                                                                                0x0134611f
                                                                                                                                                                                                                                0x01346128
                                                                                                                                                                                                                                0x01346134
                                                                                                                                                                                                                                0x01346135
                                                                                                                                                                                                                                0x01346136
                                                                                                                                                                                                                                0x01346137
                                                                                                                                                                                                                                0x01346138
                                                                                                                                                                                                                                0x0134613d
                                                                                                                                                                                                                                0x0134613d
                                                                                                                                                                                                                                0x01346152
                                                                                                                                                                                                                                0x0134615e
                                                                                                                                                                                                                                0x01346160
                                                                                                                                                                                                                                0x01346163
                                                                                                                                                                                                                                0x01346166
                                                                                                                                                                                                                                0x01346167
                                                                                                                                                                                                                                0x01346168
                                                                                                                                                                                                                                0x01346169
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0134605e
                                                                                                                                                                                                                                0x01346052
                                                                                                                                                                                                                                0x01346052
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ObjectSelect$DrawText$ClientRectWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3018681926-0
                                                                                                                                                                                                                                • Opcode ID: 0cee84563bda876105f1a74557c0039311ae19d41796aef12d40114e380fc5c6
                                                                                                                                                                                                                                • Instruction ID: 51a41b8e50f5e061cb3a462da6c89d669f3ef3ca22edb0a458eea232ef858a8b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cee84563bda876105f1a74557c0039311ae19d41796aef12d40114e380fc5c6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE61F5B1900108EFDF12CFE8D985AEEBBFAFF09304F144125EA05AA165D772A945CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135713D, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                                                                			E0135713D(void* __ecx, void* __edx) {
				int _v8;
				char _v12;
				char _v16;
				signed int _v24;
				char _v56;
				signed int _v60;
				char _v64;
				char _v80;
				char _v84;
				char _v88;
				void* _v92;
				signed int _v96;
				void* _v100;
				void* _v104;
				int _v108;
				int _v112;
				int _v116;
				char _v120;
				struct _SECURITY_ATTRIBUTES _v132;
				char _v136;
				intOrPtr _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t56;
				signed int _t58;
				void* _t64;
				void* _t66;
				void* _t70;
				void* _t72;
				intOrPtr _t80;
				void* _t100;
				void* _t110;
				void* _t118;
				void* _t120;
				void* _t121;
				char _t122;
				void* _t124;
				long _t125;
				signed int _t126;
				signed int _t128;
				intOrPtr _t129;

				_t118 = __edx;
				_push(0xffffffff);
				_push(E01395DD2);
				_push( *[fs:0x0]);
				_t128 = (_t126 & 0xfffffff8) - 0x78;
				_t56 =  *0x13bce20; // 0xa1d783ff
				_v24 = _t56 ^ _t128;
				_push(_t122);
				_t58 =  *0x13bce20; // 0xa1d783ff
				_push(_t58 ^ _t128);
				 *[fs:0x0] =  &_v16;
				_t120 = __ecx;
				_t129 =  *0x13c2a33; // 0x0
				if(_t129 != 0) {
					_t80 =  *0x13bc000; // 0x139c820
					_v136 =  *((intOrPtr*)(_t80 + 0xc))() + 0x10;
					_v8 = 0;
					E01327581( &_v136, _t118, L"Eventmanager running. ThreadID %d", GetCurrentThreadId());
					_t122 = _v136;
					_t130 =  *((intOrPtr*)(_t122 - 4)) - 1;
					_pop(_t110);
					if( *((intOrPtr*)(_t122 - 4)) > 1) {
						E01327454(_t110,  &_v136,  *((intOrPtr*)(_t122 - 0xc)));
						_t122 = _v144;
					}
					E01319B30( &_v80, _t122);
					_push( &_v56);
					_v12 = 1;
					E0135BE26(0,  &_v84, _t120, _t122, _t130);
					_v12 = 3;
					E0131AA87( &_v84, 1, 0);
					_v96 = _t128;
					E013116F0(_t128,  &_v64);
					E0134BA76(0, 0x13c2b18, _t118, _t120, _t122, _t130);
					E01311524( &_v96, 1, 0);
					_v60 = _v60 | 0xffffffff;
					E0131EAF8(_t122 - 0x10, _t118);
				}
				_v120 = 0;
				_v116 = 0;
				_v112 = 0;
				_v108 = 0;
				_t132 =  *(_t120 + 0xb8);
				if( *(_t120 + 0xb8) == 0) {
					L6:
					_v132.bInheritHandle = 1;
					_v132.nLength = 0;
					_v132.lpSecurityDescriptor = 0;
					_t64 = CreateEventW( &_v132, 1, 0, L"Global\\PIP_UI_Ready_Local");
					 *(_t120 + 0xdc) = _t64;
					if(_t64 != 0) {
						_t66 = CreateEventW( &_v132, 1, 0, L"Global\\PIP_UI_Ready_Remote");
						 *(_t120 + 0xe0) = _t66;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L7;
						}
						_t70 = CreateEventW( &_v132, 1, 0, L"Global\\PIP_Local_Error");
						 *(_t120 + 0xe4) = _t70;
						__eflags = _t70;
						if(_t70 == 0) {
							goto L7;
						}
						_t72 = CreateEventW( &_v132, 1, 0, L"Global\\PIP_Remote_Exit");
						 *(_t120 + 0xec) = _t72;
						__eflags = _t72;
						if(_t72 == 0) {
							goto L7;
						}
						_v100 = _t72;
						_v96 =  *(_t120 + 0xdc);
						_v88 = 0;
						_v104 =  *(_t120 + 0xe4);
						_v92 =  *(_t120 + 0xe0);
						_t125 = 4;
						__eflags =  *(_t120 + 0xb8);
						if(__eflags != 0) {
							_v88 = _v120;
							_t125 = 5;
						}
						do {
							__eflags = E01357579(0, _t120, _t118, _t120, _t125, __eflags, WaitForMultipleObjects(_t125,  &_v104, 0, 0xffffffff));
						} while (__eflags != 0);
						_t67 = 0;
						__eflags = 0;
						goto L15;
					}
					L7:
					_t67 = GetLastError();
					goto L15;
				} else {
					_push( &_v120);
					if(E0135736C(0, _t118, _t120, _t122, _t132) != 0) {
						L15:
						 *[fs:0x0] = _v16;
						_pop(_t121);
						_pop(_t124);
						_pop(_t100);
						return E013748C1(_t67, _t100, _v24 ^ _t128, _t118, _t121, _t124);
					}
					goto L6;
				}
			}














































                                                                                                                                                                                                                                0x0135713d
                                                                                                                                                                                                                                0x01357143
                                                                                                                                                                                                                                0x01357145
                                                                                                                                                                                                                                0x01357150
                                                                                                                                                                                                                                0x01357151
                                                                                                                                                                                                                                0x01357154
                                                                                                                                                                                                                                0x0135715b
                                                                                                                                                                                                                                0x01357160
                                                                                                                                                                                                                                0x01357162
                                                                                                                                                                                                                                0x01357169
                                                                                                                                                                                                                                0x01357171
                                                                                                                                                                                                                                0x01357179
                                                                                                                                                                                                                                0x0135717b
                                                                                                                                                                                                                                0x01357181
                                                                                                                                                                                                                                0x01357187
                                                                                                                                                                                                                                0x01357197
                                                                                                                                                                                                                                0x0135719b
                                                                                                                                                                                                                                0x013571b2
                                                                                                                                                                                                                                0x013571b7
                                                                                                                                                                                                                                0x013571bb
                                                                                                                                                                                                                                0x013571c0
                                                                                                                                                                                                                                0x013571c1
                                                                                                                                                                                                                                0x013571cb
                                                                                                                                                                                                                                0x013571d0
                                                                                                                                                                                                                                0x013571d0
                                                                                                                                                                                                                                0x013571d9
                                                                                                                                                                                                                                0x013571e2
                                                                                                                                                                                                                                0x013571e7
                                                                                                                                                                                                                                0x013571ef
                                                                                                                                                                                                                                0x013571fc
                                                                                                                                                                                                                                0x01357204
                                                                                                                                                                                                                                0x01357215
                                                                                                                                                                                                                                0x0135721a
                                                                                                                                                                                                                                0x01357224
                                                                                                                                                                                                                                0x01357230
                                                                                                                                                                                                                                0x01357235
                                                                                                                                                                                                                                0x01357240
                                                                                                                                                                                                                                0x01357240
                                                                                                                                                                                                                                0x01357245
                                                                                                                                                                                                                                0x01357249
                                                                                                                                                                                                                                0x0135724d
                                                                                                                                                                                                                                0x01357251
                                                                                                                                                                                                                                0x01357255
                                                                                                                                                                                                                                0x0135725b
                                                                                                                                                                                                                                0x0135726f
                                                                                                                                                                                                                                0x0135727f
                                                                                                                                                                                                                                0x01357288
                                                                                                                                                                                                                                0x0135728c
                                                                                                                                                                                                                                0x01357290
                                                                                                                                                                                                                                0x01357292
                                                                                                                                                                                                                                0x0135729a
                                                                                                                                                                                                                                0x013572b4
                                                                                                                                                                                                                                0x013572b6
                                                                                                                                                                                                                                0x013572bc
                                                                                                                                                                                                                                0x013572be
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013572cd
                                                                                                                                                                                                                                0x013572cf
                                                                                                                                                                                                                                0x013572d5
                                                                                                                                                                                                                                0x013572d7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013572e6
                                                                                                                                                                                                                                0x013572e8
                                                                                                                                                                                                                                0x013572ee
                                                                                                                                                                                                                                0x013572f0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013572f8
                                                                                                                                                                                                                                0x01357302
                                                                                                                                                                                                                                0x0135730e
                                                                                                                                                                                                                                0x01357312
                                                                                                                                                                                                                                0x01357316
                                                                                                                                                                                                                                0x0135731a
                                                                                                                                                                                                                                0x0135731b
                                                                                                                                                                                                                                0x01357321
                                                                                                                                                                                                                                0x01357329
                                                                                                                                                                                                                                0x0135732d
                                                                                                                                                                                                                                0x0135732d
                                                                                                                                                                                                                                0x0135732e
                                                                                                                                                                                                                                0x01357345
                                                                                                                                                                                                                                0x01357345
                                                                                                                                                                                                                                0x01357349
                                                                                                                                                                                                                                0x01357349
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01357349
                                                                                                                                                                                                                                0x0135729c
                                                                                                                                                                                                                                0x0135729c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135725d
                                                                                                                                                                                                                                0x01357261
                                                                                                                                                                                                                                0x01357269
                                                                                                                                                                                                                                0x0135734b
                                                                                                                                                                                                                                0x01357352
                                                                                                                                                                                                                                0x0135735a
                                                                                                                                                                                                                                0x0135735b
                                                                                                                                                                                                                                0x0135735c
                                                                                                                                                                                                                                0x0135736b
                                                                                                                                                                                                                                0x0135736b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01357269

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 013571A2
                                                                                                                                                                                                                                  • Part of subcall function 01327581: _vwprintf.LIBCMT ref: 0132759F
                                                                                                                                                                                                                                  • Part of subcall function 01327581: _vswprintf_s.LIBCMT ref: 013275C3
                                                                                                                                                                                                                                • CreateEventW.KERNEL32(?,00000001,00000000,Global\PIP_UI_Ready_Local,A1D783FF), ref: 01357290
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0135729C
                                                                                                                                                                                                                                • CreateEventW.KERNEL32(?,00000001,00000000,Global\PIP_UI_Ready_Remote), ref: 013572B4
                                                                                                                                                                                                                                • CreateEventW.KERNEL32(?,00000001,00000000,Global\PIP_Local_Error), ref: 013572CD
                                                                                                                                                                                                                                • CreateEventW.KERNEL32(?,00000001,00000000,Global\PIP_Remote_Exit), ref: 013572E6
                                                                                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000004,?,00000000,000000FF), ref: 01357337
                                                                                                                                                                                                                                  • Part of subcall function 01327454: _memcpy_s.LIBCMT ref: 01327498
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Eventmanager running. ThreadID %d, xrefs: 013571A9
                                                                                                                                                                                                                                • Global\PIP_UI_Ready_Remote, xrefs: 013572A7
                                                                                                                                                                                                                                • Global\PIP_UI_Ready_Local, xrefs: 01357275
                                                                                                                                                                                                                                • Global\PIP_Local_Error, xrefs: 013572C0
                                                                                                                                                                                                                                • Global\PIP_Remote_Exit, xrefs: 013572D9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateEvent$CurrentErrorLastMultipleObjectsThreadWait_memcpy_s_vswprintf_s_vwprintf
                                                                                                                                                                                                                                • String ID: Eventmanager running. ThreadID %d$Global\PIP_Local_Error$Global\PIP_Remote_Exit$Global\PIP_UI_Ready_Local$Global\PIP_UI_Ready_Remote
                                                                                                                                                                                                                                • API String ID: 4246286612-24945329
                                                                                                                                                                                                                                • Opcode ID: b6fb708df736011cd871aacdf91a74353c3ae8dcc5e0469af1c224b18153c9f3
                                                                                                                                                                                                                                • Instruction ID: 29ab9e790e8e92bbd98e843a6428e63273e12a1a61820b1531a255bb8fb41d34
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6fb708df736011cd871aacdf91a74353c3ae8dcc5e0469af1c224b18153c9f3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5519371508381AFD364DF68C885FAAFBE8FB48718F440A2EF589D3240DB71A544CB92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01316A8D, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 114comCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 56%
                                                                                                                                                                                                                                			E01316A8D(signed int __edx, void* __edi, void* __esi, struct HDC__* _a4, signed int* _a8) {
				signed int _v8;
				char _v72;
				signed char _v77;
				signed char _v78;
				signed char _v79;
				signed char _v80;
				short _v84;
				void _v100;
				signed int _v104;
				signed int _v108;
				signed int* _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				short _v126;
				short _v128;
				signed int _v132;
				signed int _v136;
				char* _v140;
				char _v144;
				void* __ebx;
				signed int _t41;
				signed int* _t43;
				void* _t44;
				void* _t48;
				signed int _t56;
				struct HWND__* _t57;
				int _t60;
				signed int _t64;
				int _t68;
				struct HDC__* _t70;
				signed int _t75;
				struct HDC__* _t79;
				signed int* _t81;
				signed int _t82;
				signed int _t83;

				_t80 = __esi;
				_t76 = __edi;
				_t75 = __edx;
				_t41 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t41 ^ _t83;
				_t43 = _a8;
				_t70 = _a4;
				_v112 = _t43;
				if(_t43 != 0) {
					 *_t43 =  *_t43 & 0x00000000;
					_push(__esi);
					_t81 = _t70 + 0x8c;
					_push(__edi);
					if( *_t81 != 0) {
						L14:
						 *_t43 =  *_t81;
						_t82 =  *_t81;
						if(_t82 != 0) {
							 *((intOrPtr*)( *_t82 + 4))(_t82);
						}
						_t44 = 0;
					} else {
						_t48 = GetStockObject(0x11);
						if(_t48 != 0) {
							L5:
							GetObjectW(_t48, 0x5c,  &_v100);
							_v140 =  &_v72;
							_v128 = _v84;
							_v126 = _v77 & 0x000000ff;
							_v124 = _v80 & 0x000000ff;
							_v120 = _v79 & 0x000000ff;
							_v116 = _v78 & 0x000000ff;
							_t56 = _v100;
							_v144 = 0x20;
							_v108 = _t56;
							if(_t56 < 0) {
								_v108 =  ~_t56;
							}
							_t57 =  *(_t70 - 0x48);
							if(_t57 == 0) {
								_t70 = GetDC(GetDesktopWindow());
								if(_t70 != 0) {
									_t60 = GetDeviceCaps(_t70, 0x5a);
									_push(_t70);
									_v104 = _t60;
									_push(GetDesktopWindow());
									goto L13;
								} else {
									goto L11;
								}
							} else {
								_t79 = GetDC(_t57);
								if(_t79 == 0) {
									goto L11;
								} else {
									_t68 = GetDeviceCaps(_t79, 0x5a);
									_push(_t79);
									_push( *(_t70 - 0x48));
									_v104 = _t68;
									L13:
									ReleaseDC();
									_t64 = _v108 * 0xafc80;
									asm("cdq");
									_t75 = _t64 % _v104;
									_v132 = _v132 & 0x00000000;
									_v136 = _t64 / _v104;
									__imp__#420( &_v144, 0x13a1964, _t81);
									_t43 = _v112;
									goto L14;
								}
							}
						} else {
							_t48 = GetStockObject(0xd);
							if(_t48 == 0) {
								L11:
								_t44 = E01311BDC();
							} else {
								goto L5;
							}
						}
					}
					_pop(_t76);
					_pop(_t80);
				} else {
					_t44 = 0x80004003;
				}
				return E013748C1(_t44, _t70, _v8 ^ _t83, _t75, _t76, _t80);
			}







































                                                                                                                                                                                                                                0x01316a8d
                                                                                                                                                                                                                                0x01316a8d
                                                                                                                                                                                                                                0x01316a8d
                                                                                                                                                                                                                                0x01316a96
                                                                                                                                                                                                                                0x01316a9d
                                                                                                                                                                                                                                0x01316aa0
                                                                                                                                                                                                                                0x01316aa4
                                                                                                                                                                                                                                0x01316aa7
                                                                                                                                                                                                                                0x01316aac
                                                                                                                                                                                                                                0x01316ab8
                                                                                                                                                                                                                                0x01316abb
                                                                                                                                                                                                                                0x01316abc
                                                                                                                                                                                                                                0x01316ac5
                                                                                                                                                                                                                                0x01316ac6
                                                                                                                                                                                                                                0x01316bbf
                                                                                                                                                                                                                                0x01316bc1
                                                                                                                                                                                                                                0x01316bc3
                                                                                                                                                                                                                                0x01316bc7
                                                                                                                                                                                                                                0x01316bcc
                                                                                                                                                                                                                                0x01316bcc
                                                                                                                                                                                                                                0x01316bcf
                                                                                                                                                                                                                                0x01316acc
                                                                                                                                                                                                                                0x01316ad4
                                                                                                                                                                                                                                0x01316ad8
                                                                                                                                                                                                                                0x01316ae6
                                                                                                                                                                                                                                0x01316aed
                                                                                                                                                                                                                                0x01316af6
                                                                                                                                                                                                                                0x01316b00
                                                                                                                                                                                                                                0x01316b08
                                                                                                                                                                                                                                0x01316b10
                                                                                                                                                                                                                                0x01316b17
                                                                                                                                                                                                                                0x01316b1e
                                                                                                                                                                                                                                0x01316b21
                                                                                                                                                                                                                                0x01316b24
                                                                                                                                                                                                                                0x01316b2e
                                                                                                                                                                                                                                0x01316b33
                                                                                                                                                                                                                                0x01316b37
                                                                                                                                                                                                                                0x01316b37
                                                                                                                                                                                                                                0x01316b3a
                                                                                                                                                                                                                                0x01316b3f
                                                                                                                                                                                                                                0x01316b6f
                                                                                                                                                                                                                                0x01316b73
                                                                                                                                                                                                                                0x01316b7f
                                                                                                                                                                                                                                0x01316b85
                                                                                                                                                                                                                                0x01316b86
                                                                                                                                                                                                                                0x01316b8b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01316b41
                                                                                                                                                                                                                                0x01316b48
                                                                                                                                                                                                                                0x01316b4c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01316b4e
                                                                                                                                                                                                                                0x01316b51
                                                                                                                                                                                                                                0x01316b57
                                                                                                                                                                                                                                0x01316b58
                                                                                                                                                                                                                                0x01316b5b
                                                                                                                                                                                                                                0x01316b8c
                                                                                                                                                                                                                                0x01316b8c
                                                                                                                                                                                                                                0x01316b95
                                                                                                                                                                                                                                0x01316b9b
                                                                                                                                                                                                                                0x01316b9c
                                                                                                                                                                                                                                0x01316b9f
                                                                                                                                                                                                                                0x01316ba9
                                                                                                                                                                                                                                0x01316bb6
                                                                                                                                                                                                                                0x01316bbc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01316bbc
                                                                                                                                                                                                                                0x01316b4c
                                                                                                                                                                                                                                0x01316ada
                                                                                                                                                                                                                                0x01316adc
                                                                                                                                                                                                                                0x01316ae0
                                                                                                                                                                                                                                0x01316b75
                                                                                                                                                                                                                                0x01316b75
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01316ae0
                                                                                                                                                                                                                                0x01316ad8
                                                                                                                                                                                                                                0x01316bd1
                                                                                                                                                                                                                                0x01316bd2
                                                                                                                                                                                                                                0x01316aae
                                                                                                                                                                                                                                0x01316aae
                                                                                                                                                                                                                                0x01316aae
                                                                                                                                                                                                                                0x01316bdf

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 01316AD4
                                                                                                                                                                                                                                • GetStockObject.GDI32(0000000D), ref: 01316ADC
                                                                                                                                                                                                                                • GetObjectW.GDI32(00000000,0000005C,?), ref: 01316AED
                                                                                                                                                                                                                                • GetDC.USER32 ref: 01316B42
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01316B51
                                                                                                                                                                                                                                • ReleaseDC.USER32 ref: 01316B8C
                                                                                                                                                                                                                                • OleCreateFontIndirect.OLEAUT32(00000020,013A1964,?), ref: 01316BB6
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Object$Stock$CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2212500748-3916222277
                                                                                                                                                                                                                                • Opcode ID: ccd6b31294c82f32fb7cb7452ddc1179e294a8d6165d05e4ac1671289ba9cfbd
                                                                                                                                                                                                                                • Instruction ID: 8e5de143d7d69f2e029a3b911b21794dab8154a8404f2823f210e4d3e0fd8e8f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ccd6b31294c82f32fb7cb7452ddc1179e294a8d6165d05e4ac1671289ba9cfbd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32412BB5A003199FDB25DFBAC845BAEBBF8BF09305F108059E945EB245EB759900CF60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01354257, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 88windowmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                                                                                                			E01354257(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t27;
				intOrPtr* _t28;
				intOrPtr* _t37;
				struct HWND__* _t39;
				intOrPtr* _t54;
				void* _t56;
				intOrPtr* _t59;
				intOrPtr _t61;
				intOrPtr _t63;
				void* _t64;

				E0137C1D9(0x1391bfb, __ebx, __edi, __esi);
				_t27 = _t64 - 0x20;
				__imp__#8(_t27, 0x30);
				 *((intOrPtr*)(_t64 - 4)) = 0;
				__imp__#2(L"about:blank");
				_t61 = _t27;
				 *((intOrPtr*)(_t64 - 0x10)) = _t61;
				if(_t61 == 0) {
					E01311000(0x8007000e);
				}
				_t59 =  *((intOrPtr*)(_t64 + 8)) + 0x2c;
				 *((char*)(_t64 - 4)) = 1;
				_t28 =  *((intOrPtr*)(_t59 + 0x38));
				if(_t28 != 0) {
					_t56 = _t64 - 0x20;
					 *((intOrPtr*)( *_t28 + 0x2c))(_t28, _t61, _t56, _t56, _t56, _t56);
				}
				 *((intOrPtr*)( *_t59 + 0x28))(_t61);
				 *((char*)(_t64 - 4)) = 0;
				__imp__#6(_t61);
				while(PeekMessageW(_t64 - 0x3c, 0, 0, 0, 1) != 0) {
					TranslateMessage(_t64 - 0x3c);
					DispatchMessageW(_t64 - 0x3c);
				}
				_t63 =  *((intOrPtr*)(_t64 + 8));
				if( *((intOrPtr*)(_t63 + 0xb0)) != 0) {
					_t54 =  *((intOrPtr*)(_t63 + 0xb0));
					if(_t54 != 0) {
						 *((intOrPtr*)(_t63 + 0xb0)) = 0;
						 *((intOrPtr*)( *_t54 + 8))(_t54);
					}
				}
				_t37 =  *((intOrPtr*)(_t59 + 0x78));
				if(_t37 != 0) {
					 *((intOrPtr*)(_t59 + 0x78)) = 0;
					 *((intOrPtr*)( *_t37 + 8))(_t37);
				}
				E013622D6(_t59, _t63);
				_t39 =  *(_t63 + 8);
				if(_t39 != 0 && IsWindow(_t39) != 0) {
					DestroyWindow( *(_t63 + 8));
				}
				__imp__#9(_t64 - 0x20);
				return E0137C2B1(0);
			}













                                                                                                                                                                                                                                0x0135425e
                                                                                                                                                                                                                                0x01354263
                                                                                                                                                                                                                                0x01354267
                                                                                                                                                                                                                                0x01354274
                                                                                                                                                                                                                                0x01354277
                                                                                                                                                                                                                                0x0135427d
                                                                                                                                                                                                                                0x0135427f
                                                                                                                                                                                                                                0x01354284
                                                                                                                                                                                                                                0x0135428b
                                                                                                                                                                                                                                0x0135428b
                                                                                                                                                                                                                                0x01354293
                                                                                                                                                                                                                                0x01354296
                                                                                                                                                                                                                                0x0135429a
                                                                                                                                                                                                                                0x0135429f
                                                                                                                                                                                                                                0x013542a3
                                                                                                                                                                                                                                0x013542ac
                                                                                                                                                                                                                                0x013542ac
                                                                                                                                                                                                                                0x013542b4
                                                                                                                                                                                                                                0x013542b8
                                                                                                                                                                                                                                0x013542bb
                                                                                                                                                                                                                                0x013542dd
                                                                                                                                                                                                                                0x013542cd
                                                                                                                                                                                                                                0x013542d7
                                                                                                                                                                                                                                0x013542d7
                                                                                                                                                                                                                                0x013542ec
                                                                                                                                                                                                                                0x013542f5
                                                                                                                                                                                                                                0x013542f7
                                                                                                                                                                                                                                0x013542ff
                                                                                                                                                                                                                                0x01354301
                                                                                                                                                                                                                                0x0135430a
                                                                                                                                                                                                                                0x0135430a
                                                                                                                                                                                                                                0x013542ff
                                                                                                                                                                                                                                0x0135430d
                                                                                                                                                                                                                                0x01354312
                                                                                                                                                                                                                                0x01354314
                                                                                                                                                                                                                                0x0135431a
                                                                                                                                                                                                                                0x0135431a
                                                                                                                                                                                                                                0x0135431d
                                                                                                                                                                                                                                0x01354322
                                                                                                                                                                                                                                0x01354327
                                                                                                                                                                                                                                0x01354337
                                                                                                                                                                                                                                0x01354337
                                                                                                                                                                                                                                0x01354341
                                                                                                                                                                                                                                0x0135434e

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0135425E
                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 01354267
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(about:blank), ref: 01354277
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 013542BB
                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 013542CD
                                                                                                                                                                                                                                • DispatchMessageW.USER32 ref: 013542D7
                                                                                                                                                                                                                                • PeekMessageW.USER32 ref: 013542E6
                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 0135432A
                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 01354337
                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 01354341
                                                                                                                                                                                                                                  • Part of subcall function 01311000: __CxxThrowException@8.LIBCMT ref: 01311012
                                                                                                                                                                                                                                  • Part of subcall function 01311000: SysFreeString.OLEAUT32(00000000), ref: 0131101A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MessageString$FreeVariantWindow$AllocClearDestroyDispatchException@8H_prolog3InitPeekThrowTranslate
                                                                                                                                                                                                                                • String ID: about:blank
                                                                                                                                                                                                                                • API String ID: 3151798191-258612819
                                                                                                                                                                                                                                • Opcode ID: f780ceeadbd34e11592b217e4e0ad46d8ac6842f879da270687014b2f0f1d4a8
                                                                                                                                                                                                                                • Instruction ID: acd6b16bd3630e728416f1faaa57fa66d14142d02f1b9015a12c2ac92642f141
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f780ceeadbd34e11592b217e4e0ad46d8ac6842f879da270687014b2f0f1d4a8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00316D71A00206EFDB249FB8C888EAE7BBDBF48748F444429F505E7114D735E990CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01363BB1, Relevance: 18.1, APIs: 12, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E01363BB1(short* _a4, int _a8, intOrPtr _a12, char* _a16, char _a20) {
				void* __edi;
				void* __esi;
				char _t35;
				int _t36;
				char _t37;
				char _t40;
				signed int _t46;
				void* _t48;
				void* _t49;
				char _t54;
				void* _t56;
				void* _t60;
				char _t63;
				char _t64;
				short* _t66;
				char _t67;
				void* _t78;
				char* _t79;
				void* _t80;
				char _t81;
				char* _t82;

				_t79 = _a8;
				if(_t79 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t79 != 0) {
						_t35 = _a20;
						__eflags = _t35;
						if(__eflags != 0) {
							_t81 =  *_t35;
							_t36 =  *((intOrPtr*)(_t35 + 4));
						} else {
							_t81 =  *(E01379A45(_t78, _t79, _t80, __eflags) + 8);
							_t36 = E013799F9(_t78, _t79, _t81, __eflags);
						}
						_a8 = _t36;
						__eflags = _t81;
						if(_t81 != 0) {
							_t37 = E01363AC3(_a8);
							_t82 = _a16;
							__eflags =  *_t82;
							_t67 = _t37;
							if( *_t82 == 0) {
								__eflags = _t67;
								if(__eflags != 0) {
									_t40 =  *( *((intOrPtr*)(_t67 + 4)) + ( *_t79 & 0x000000ff) + 0x1d) & 4;
									__eflags = _t40;
								} else {
									_t40 =  *(E0137C73D(_t78, _t79, _t82, __eflags) + ( *_t79 & 0x000000ff) * 2) & 0x8000;
								}
								__eflags = _t40;
								if(_t40 == 0) {
									__eflags = _a4;
									__eflags = MultiByteToWideChar(_a8, 9, _t79, 1, _a4, 0 | _a4 != 0x00000000);
									if(__eflags != 0) {
										goto L13;
									}
									goto L20;
								} else {
									_t48 = E013799DD(_t78, _t79, _t82, _t67);
									__eflags = _a12 - _t48;
									if(_a12 >= _t48) {
										_t49 = E013799DD(_t78, _t79, _t82, _t67);
										__eflags = _t49 - 1;
										if(_t49 <= 1) {
											L29:
											__eflags = _t79[1];
											if(_t79[1] != 0) {
												L18:
												return E013799DD(_t78, _t79, _t82, _t67);
											}
											L19:
											 *_t82 =  *_t82 & 0x00000000;
											__eflags =  *_t82;
											L20:
											_t46 = E0137BDAC(__eflags);
											 *_t46 = 0x2a;
											return _t46 | 0xffffffff;
										}
										__eflags = _a4;
										_t54 = MultiByteToWideChar(_a8, 9, _t79, E013799DD(_t78, _t79, _t82, _t67), _a4, 0 | _a4 != 0x00000000);
										__eflags = _t54;
										if(_t54 != 0) {
											goto L18;
										}
										goto L29;
									}
									 *_t82 =  *_t79;
									_t56 = 0xfffffffe;
									return _t56;
								}
							}
							_t82[1] =  *_t79;
							_t60 = E013799DD(_t78, _t79, _t82, _t67);
							__eflags = _t60 - 1;
							if(_t60 <= 1) {
								goto L19;
							}
							__eflags = _a4;
							_t63 = MultiByteToWideChar(_a8, 9, _t82, 2, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t63;
							if(_t63 == 0) {
								goto L19;
							}
							 *_t82 =  *_t82 & 0x00000000;
							__eflags =  *_t82;
							goto L18;
						} else {
							_t64 = _a4;
							__eflags = _t64;
							if(_t64 != 0) {
								 *_t64 =  *_t79 & 0x000000ff;
							}
							L13:
							return 1;
						}
					} else {
						_t66 = _a4;
						if(_t66 != 0) {
							 *_t66 = 0;
						}
						goto L5;
					}
				}
			}
























                                                                                                                                                                                                                                0x01363bb9
                                                                                                                                                                                                                                0x01363bbe
                                                                                                                                                                                                                                0x01363bd7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01363bc6
                                                                                                                                                                                                                                0x01363bc9
                                                                                                                                                                                                                                0x01363bde
                                                                                                                                                                                                                                0x01363be1
                                                                                                                                                                                                                                0x01363be3
                                                                                                                                                                                                                                0x01363bf4
                                                                                                                                                                                                                                0x01363bf6
                                                                                                                                                                                                                                0x01363be5
                                                                                                                                                                                                                                0x01363bea
                                                                                                                                                                                                                                0x01363bed
                                                                                                                                                                                                                                0x01363bed
                                                                                                                                                                                                                                0x01363bf9
                                                                                                                                                                                                                                0x01363bfc
                                                                                                                                                                                                                                0x01363bfe
                                                                                                                                                                                                                                0x01363c15
                                                                                                                                                                                                                                0x01363c1a
                                                                                                                                                                                                                                0x01363c1d
                                                                                                                                                                                                                                0x01363c21
                                                                                                                                                                                                                                0x01363c23
                                                                                                                                                                                                                                0x01363c79
                                                                                                                                                                                                                                0x01363c7b
                                                                                                                                                                                                                                0x01363c9b
                                                                                                                                                                                                                                0x01363c9b
                                                                                                                                                                                                                                0x01363c7d
                                                                                                                                                                                                                                0x01363c89
                                                                                                                                                                                                                                0x01363c89
                                                                                                                                                                                                                                0x01363c9e
                                                                                                                                                                                                                                0x01363ca0
                                                                                                                                                                                                                                0x01363cff
                                                                                                                                                                                                                                0x01363d17
                                                                                                                                                                                                                                0x01363d19
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01363ca2
                                                                                                                                                                                                                                0x01363ca3
                                                                                                                                                                                                                                0x01363ca9
                                                                                                                                                                                                                                0x01363cac
                                                                                                                                                                                                                                0x01363cbb
                                                                                                                                                                                                                                0x01363cc1
                                                                                                                                                                                                                                0x01363cc4
                                                                                                                                                                                                                                0x01363cee
                                                                                                                                                                                                                                0x01363cee
                                                                                                                                                                                                                                0x01363cf2
                                                                                                                                                                                                                                0x01363c57
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01363c5d
                                                                                                                                                                                                                                0x01363c63
                                                                                                                                                                                                                                0x01363c63
                                                                                                                                                                                                                                0x01363c63
                                                                                                                                                                                                                                0x01363c66
                                                                                                                                                                                                                                0x01363c66
                                                                                                                                                                                                                                0x01363c6b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01363c71
                                                                                                                                                                                                                                0x01363cc8
                                                                                                                                                                                                                                0x01363ce0
                                                                                                                                                                                                                                0x01363ce6
                                                                                                                                                                                                                                0x01363ce8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01363ce8
                                                                                                                                                                                                                                0x01363cb2
                                                                                                                                                                                                                                0x01363cb4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01363cb4
                                                                                                                                                                                                                                0x01363ca0
                                                                                                                                                                                                                                0x01363c28
                                                                                                                                                                                                                                0x01363c2b
                                                                                                                                                                                                                                0x01363c31
                                                                                                                                                                                                                                0x01363c34
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01363c38
                                                                                                                                                                                                                                0x01363c4a
                                                                                                                                                                                                                                0x01363c50
                                                                                                                                                                                                                                0x01363c52
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01363c54
                                                                                                                                                                                                                                0x01363c54
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01363c00
                                                                                                                                                                                                                                0x01363c00
                                                                                                                                                                                                                                0x01363c03
                                                                                                                                                                                                                                0x01363c05
                                                                                                                                                                                                                                0x01363c0a
                                                                                                                                                                                                                                0x01363c0a
                                                                                                                                                                                                                                0x01363c0d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01363c0f
                                                                                                                                                                                                                                0x01363bcb
                                                                                                                                                                                                                                0x01363bcb
                                                                                                                                                                                                                                0x01363bd0
                                                                                                                                                                                                                                0x01363bd4
                                                                                                                                                                                                                                0x01363bd4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01363bd0
                                                                                                                                                                                                                                0x01363bc9

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ____lc_handle_func.LIBCMT ref: 01363BE5
                                                                                                                                                                                                                                • ____lc_codepage_func.LIBCMT ref: 01363BED
                                                                                                                                                                                                                                • __GetLocaleForCP.LIBCPMT ref: 01363C15
                                                                                                                                                                                                                                • ____mb_cur_max_l_func.LIBCMT ref: 01363C2B
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000002,?,00000000,00000001,00000001,00000000,?,0131468F,00000000,00000000,00000001,00000000), ref: 01363C4A
                                                                                                                                                                                                                                • ____mb_cur_max_l_func.LIBCMT ref: 01363C58
                                                                                                                                                                                                                                • ___pctype_func.LIBCMT ref: 01363C7D
                                                                                                                                                                                                                                • ____mb_cur_max_l_func.LIBCMT ref: 01363CA3
                                                                                                                                                                                                                                • ____mb_cur_max_l_func.LIBCMT ref: 01363CBB
                                                                                                                                                                                                                                • ____mb_cur_max_l_func.LIBCMT ref: 01363CD3
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,?,00000000,00000001,00000001,00000000,?,0131468F,00000000,00000000,00000001,00000000), ref: 01363CE0
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000001,?,00000000,00000001,00000001,00000000,?,0131468F,00000000,00000000,00000001,00000000), ref: 01363D11
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ____mb_cur_max_l_func$ByteCharMultiWide$Locale____lc_codepage_func____lc_handle_func___pctype_func
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3819326198-0
                                                                                                                                                                                                                                • Opcode ID: 56fe75a831f923811ff56741f46e07b28f6759f52f1afca158b3e6f1aba815ac
                                                                                                                                                                                                                                • Instruction ID: e8df5ff88414886b831fe6fd6ccaff1e1e080ea60789ffcb161e3f1ea62bd698
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56fe75a831f923811ff56741f46e07b28f6759f52f1afca158b3e6f1aba815ac
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B941B331204246AEEF215F3ACC84B7A7BACBF01769F14C52AF859CB199E734C590DB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01321318, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 189windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                                                                			E01321318(signed int __ebx, void* __ecx, void* __edi, char _a4, long _a8, long _a12, int _a16, long _a20) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				int _v20;
				struct HWND__** _v28;
				char _v36;
				void* __esi;
				void* __ebp;
				signed char _t92;
				int _t93;
				intOrPtr _t95;
				intOrPtr _t96;
				signed int _t97;
				struct HWND__* _t102;
				long _t108;
				intOrPtr _t112;
				intOrPtr _t114;
				intOrPtr _t118;
				intOrPtr _t124;
				intOrPtr _t126;
				struct HWND__* _t130;
				signed int _t132;
				signed int _t137;
				intOrPtr _t147;
				void* _t148;
				struct HWND__* _t153;
				struct HWND__** _t155;
				intOrPtr _t159;

				_t148 = __edi;
				_t132 = __ebx;
				_t92 = _a4;
				_push(__ebx);
				 *(__edi + 0x28) = _t92;
				_t93 = _t92 & 0x000000ff;
				_v20 = _t93;
				SendMessageW( *(__edi + 0x24), 0xf1, _t93, 0);
				_t153 = __edi + 0xa0;
				_t95 = E0132061F(_t153, "control");
				if(_t95 != 0) {
					L2:
					return _t95;
				} else {
					_t95 =  *((intOrPtr*)(__edi + 0x9c));
					_t137 = 0;
					_v8 = 0;
					if( *((intOrPtr*)(_t95 + 0x610)) > 0) {
						while(1) {
							_t96 =  *((intOrPtr*)(_t148 + 0x9c));
							__eflags = _t137;
							if(_t137 < 0) {
								break;
							}
							__eflags = _t137 -  *((intOrPtr*)(_t96 + 0x610));
							if(_t137 >=  *((intOrPtr*)(_t96 + 0x610))) {
								break;
							} else {
								_t147 =  *((intOrPtr*)(_t148 + 0xbc));
								_t132 = _t137;
								_t153 =  *( *((intOrPtr*)(_t96 + 0x60c)) + _t132 * 4);
								_t112 =  *((intOrPtr*)(_t148 + 0xc0));
								_v16 = _t112;
								_v12 = _t147;
								__eflags = _t147 - _t112;
								if(_t147 != _t112) {
									while(1) {
										_t130 = E01320930(_t153 + 0x38, _v12);
										__eflags = _t130;
										if(_t130 != 0) {
											break;
										}
										_v12 = _v12 + 0x1c;
										__eflags = _v12 - _v16;
										if(_v12 != _v16) {
											continue;
										}
										break;
									}
									_t137 = _v8;
								}
								__eflags = _v12 -  *((intOrPtr*)(_t148 + 0xc0));
								if(_v12 ==  *((intOrPtr*)(_t148 + 0xc0))) {
									L15:
									_t114 =  *((intOrPtr*)(_t148 + 0x9c));
									_push(0);
									_push(0);
									__eflags = _t137 -  *((intOrPtr*)(_t114 + 0x610));
									if(_t137 >=  *((intOrPtr*)(_t114 + 0x610))) {
										L20:
										RaiseException(0xc000008c, 1, ??, ??);
										asm("int3");
										_push(_t153);
										_t155 = _v28;
										__eflags = _t155;
										if(_t155 == 0) {
											L32:
											_t97 = 0;
											__eflags = 0;
										} else {
											_t138 =  *_t155;
											__eflags =  *_t155;
											if( *_t155 == 0) {
												goto L32;
											} else {
												__eflags = _t155[7];
												if(_t155[7] == 0) {
													goto L32;
												} else {
													E01314B1D( &_v36, _t138, _a12, _a16, _a20);
													_a8 = _a8 & 0x00000000;
													_t155[9] =  &_v36;
													_t102 =  *( *(_t155[7]))( *_t155, _a12, _a16, _a20,  &_a8, _t155[8], _t148);
													__eflags = _t102;
													if(_t102 == 0) {
														_push(_t132);
														__eflags = _a12 - 0x82;
														if(_a12 == 0x82) {
															_a12 = GetWindowLongW( *_t155, 0xfffffffc);
															_a8 = CallWindowProcW(_t155[6],  *_t155, 0x82, _a16, _a20);
															__eflags = _t155[6] - __imp__DefWindowProcW; // 0x7731d1d0
															if(__eflags != 0) {
																_t108 = GetWindowLongW( *_t155, 0xfffffffc);
																__eflags = _t108 - _a12;
																if(_t108 == _a12) {
																	SetWindowLongW( *_t155, 0xfffffffc, _t155[6]);
																}
															}
															 *_t155 =  *_t155 & 0x00000000;
															__eflags =  *_t155;
														} else {
															_a8 = CallWindowProcW(_t155[6],  *_t155, _a12, _a16, _a20);
														}
													}
													_t97 = _a8;
												}
											}
										}
										return _t97;
									} else {
										InvalidateRect( *( *((intOrPtr*)( *((intOrPtr*)(_t114 + 0x60c)) + _t132 * 4)) + 4), ??, ??);
										goto L17;
									}
								} else {
									_t118 =  *((intOrPtr*)(_t148 + 0x9c));
									__eflags = _t137 -  *((intOrPtr*)(_t118 + 0x610));
									if(_t137 >=  *((intOrPtr*)(_t118 + 0x610))) {
										break;
									} else {
										_t159 = _t159 - 0x1c;
										_v16 = _t159;
										E013116F0(_t159,  *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x60c)) + _t132 * 4)) + 0x38);
										_t153 = E0134032A(_t132,  *((intOrPtr*)(_t148 + 0x9c)), _t148, _t153, __eflags);
										__eflags = _t153;
										if(_t153 == 0) {
											L17:
											_v8 = _v8 + 1;
											_t95 =  *((intOrPtr*)(_t148 + 0x9c));
											__eflags = _v8 -  *((intOrPtr*)(_t95 + 0x610));
											if(_v8 <  *((intOrPtr*)(_t95 + 0x610))) {
												_t137 = _v8;
												continue;
											} else {
												goto L2;
											}
										} else {
											_t124 =  *((intOrPtr*)(_t148 + 0x9c));
											__eflags = _v8 -  *((intOrPtr*)(_t124 + 0x610));
											if(_v8 >=  *((intOrPtr*)(_t124 + 0x610))) {
												break;
											} else {
												_t126 =  *((intOrPtr*)( *((intOrPtr*)(_t124 + 0x60c)) + _t132 * 4));
												 *((char*)(_t126 + 0x29)) = _a4;
												EnableWindow( *(_t126 + 0x24), _v20);
												_t137 = _v8;
												 *((char*)(_t153 + 0x194)) = _a4;
												goto L15;
											}
										}
									}
								}
							}
							goto L34;
						}
						_push(0);
						_push(0);
						goto L20;
					} else {
						goto L2;
					}
				}
				L34:
			}































                                                                                                                                                                                                                                0x01321318
                                                                                                                                                                                                                                0x01321318
                                                                                                                                                                                                                                0x0132131e
                                                                                                                                                                                                                                0x01321321
                                                                                                                                                                                                                                0x01321323
                                                                                                                                                                                                                                0x01321326
                                                                                                                                                                                                                                0x01321334
                                                                                                                                                                                                                                0x01321337
                                                                                                                                                                                                                                0x01321342
                                                                                                                                                                                                                                0x01321348
                                                                                                                                                                                                                                0x0132134f
                                                                                                                                                                                                                                0x01321364
                                                                                                                                                                                                                                0x01321367
                                                                                                                                                                                                                                0x01321351
                                                                                                                                                                                                                                0x01321351
                                                                                                                                                                                                                                0x01321357
                                                                                                                                                                                                                                0x01321359
                                                                                                                                                                                                                                0x01321362
                                                                                                                                                                                                                                0x0132136d
                                                                                                                                                                                                                                0x0132136d
                                                                                                                                                                                                                                0x01321373
                                                                                                                                                                                                                                0x01321375
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132137b
                                                                                                                                                                                                                                0x01321381
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01321387
                                                                                                                                                                                                                                0x0132138d
                                                                                                                                                                                                                                0x01321393
                                                                                                                                                                                                                                0x01321395
                                                                                                                                                                                                                                0x01321398
                                                                                                                                                                                                                                0x0132139e
                                                                                                                                                                                                                                0x013213a1
                                                                                                                                                                                                                                0x013213a4
                                                                                                                                                                                                                                0x013213a6
                                                                                                                                                                                                                                0x013213a8
                                                                                                                                                                                                                                0x013213ae
                                                                                                                                                                                                                                0x013213b3
                                                                                                                                                                                                                                0x013213b5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013213b7
                                                                                                                                                                                                                                0x013213be
                                                                                                                                                                                                                                0x013213c1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013213c1
                                                                                                                                                                                                                                0x013213c3
                                                                                                                                                                                                                                0x013213c3
                                                                                                                                                                                                                                0x013213c9
                                                                                                                                                                                                                                0x013213cf
                                                                                                                                                                                                                                0x01321446
                                                                                                                                                                                                                                0x01321446
                                                                                                                                                                                                                                0x0132144c
                                                                                                                                                                                                                                0x0132144e
                                                                                                                                                                                                                                0x01321450
                                                                                                                                                                                                                                0x01321456
                                                                                                                                                                                                                                0x0132148b
                                                                                                                                                                                                                                0x01321492
                                                                                                                                                                                                                                0x01321498
                                                                                                                                                                                                                                0x0132149f
                                                                                                                                                                                                                                0x013214a0
                                                                                                                                                                                                                                0x013214a3
                                                                                                                                                                                                                                0x013214a5
                                                                                                                                                                                                                                0x01321575
                                                                                                                                                                                                                                0x01321575
                                                                                                                                                                                                                                0x01321575
                                                                                                                                                                                                                                0x013214ab
                                                                                                                                                                                                                                0x013214ab
                                                                                                                                                                                                                                0x013214ad
                                                                                                                                                                                                                                0x013214af
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013214b5
                                                                                                                                                                                                                                0x013214b5
                                                                                                                                                                                                                                0x013214b9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013214bf
                                                                                                                                                                                                                                0x013214cc
                                                                                                                                                                                                                                0x013214da
                                                                                                                                                                                                                                0x013214eb
                                                                                                                                                                                                                                0x013214f5
                                                                                                                                                                                                                                0x013214fa
                                                                                                                                                                                                                                0x013214fc
                                                                                                                                                                                                                                0x013214fe
                                                                                                                                                                                                                                0x01321504
                                                                                                                                                                                                                                0x01321507
                                                                                                                                                                                                                                0x01321532
                                                                                                                                                                                                                                0x01321544
                                                                                                                                                                                                                                0x0132154a
                                                                                                                                                                                                                                0x01321550
                                                                                                                                                                                                                                0x01321557
                                                                                                                                                                                                                                0x01321559
                                                                                                                                                                                                                                0x0132155c
                                                                                                                                                                                                                                0x01321565
                                                                                                                                                                                                                                0x01321565
                                                                                                                                                                                                                                0x0132155c
                                                                                                                                                                                                                                0x0132156b
                                                                                                                                                                                                                                0x0132156b
                                                                                                                                                                                                                                0x01321509
                                                                                                                                                                                                                                0x0132151d
                                                                                                                                                                                                                                0x0132151d
                                                                                                                                                                                                                                0x0132156e
                                                                                                                                                                                                                                0x0132156f
                                                                                                                                                                                                                                0x01321572
                                                                                                                                                                                                                                0x013214b9
                                                                                                                                                                                                                                0x013214af
                                                                                                                                                                                                                                0x01321579
                                                                                                                                                                                                                                0x01321458
                                                                                                                                                                                                                                0x01321464
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01321464
                                                                                                                                                                                                                                0x013213d1
                                                                                                                                                                                                                                0x013213d1
                                                                                                                                                                                                                                0x013213d7
                                                                                                                                                                                                                                0x013213dd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013213e3
                                                                                                                                                                                                                                0x013213ec
                                                                                                                                                                                                                                0x013213f4
                                                                                                                                                                                                                                0x013213f8
                                                                                                                                                                                                                                0x01321408
                                                                                                                                                                                                                                0x0132140a
                                                                                                                                                                                                                                0x0132140c
                                                                                                                                                                                                                                0x0132146a
                                                                                                                                                                                                                                0x0132146a
                                                                                                                                                                                                                                0x0132146d
                                                                                                                                                                                                                                0x01321476
                                                                                                                                                                                                                                0x0132147c
                                                                                                                                                                                                                                0x0132136a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01321482
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01321482
                                                                                                                                                                                                                                0x0132140e
                                                                                                                                                                                                                                0x0132140e
                                                                                                                                                                                                                                0x01321417
                                                                                                                                                                                                                                0x0132141d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132141f
                                                                                                                                                                                                                                0x01321425
                                                                                                                                                                                                                                0x01321431
                                                                                                                                                                                                                                0x01321434
                                                                                                                                                                                                                                0x0132143d
                                                                                                                                                                                                                                0x01321440
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01321440
                                                                                                                                                                                                                                0x0132141d
                                                                                                                                                                                                                                0x0132140c
                                                                                                                                                                                                                                0x013213dd
                                                                                                                                                                                                                                0x013213cf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01321381
                                                                                                                                                                                                                                0x01321487
                                                                                                                                                                                                                                0x01321489
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01321362
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,?,00000000), ref: 01321337
                                                                                                                                                                                                                                  • Part of subcall function 0132061F: _strlen.LIBCMT ref: 01320626
                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 01321434
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000000,control), ref: 01321464
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,control), ref: 01321492
                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 01321517
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 0132152D
                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 0132153E
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 01321557
                                                                                                                                                                                                                                • SetWindowLongW.USER32 ref: 01321565
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Long$CallProc$EnableExceptionInvalidateMessageRaiseRectSend_strlen
                                                                                                                                                                                                                                • String ID: control
                                                                                                                                                                                                                                • API String ID: 2634654950-3990563915
                                                                                                                                                                                                                                • Opcode ID: 0a3a3f41b369c570056b37ddbc6c4c4852674be18ca3729b495e785cfccad126
                                                                                                                                                                                                                                • Instruction ID: 73952afdc97aedba36176765e3f49e7d2f202b628bbade7695f19154b1ce75c3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a3a3f41b369c570056b37ddbc6c4c4852674be18ca3729b495e785cfccad126
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25817131A00659EFDF25DF68C980EA9BBF6FF08304F148599F959A7251C731A950CF90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134BA76, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 148timeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                                                                                                			E0134BA76(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				wchar_t* _t60;
				void* _t66;
				void* _t67;
				void* _t73;
				intOrPtr _t76;
				signed int _t90;
				signed int _t91;
				void* _t120;
				void* _t121;
				void* _t126;
				void* _t129;
				intOrPtr _t135;

				_t121 = __edx;
				_push(0x550);
				E0137C242(0x1394aa7, __ebx, __edi, __esi);
				_t126 = __ecx;
				 *((intOrPtr*)(_t129 - 4)) = 0;
				GetLocalTime(_t129 - 0x424);
				_t135 =  *0x13c2f90; // 0x0
				if(_t135 == 0) {
					 *0x13c2f90 = GetCurrentProcessId();
				}
				 *(_t129 - 0x414) = 0;
				E01376F40(_t129 - 0x413, 0, 0x3ff);
				_t60 = "Local";
				_t136 =  *((intOrPtr*)(_t126 + 0x4c));
				if( *((intOrPtr*)(_t126 + 0x4c)) == 0) {
					_t60 = "Remote";
				}
				swprintf(_t129 - 0x414, 0x400, "%s %d %2d/%02d/%04d %02d:%02d:%02d.%03d", _t60,  *0x13c2f90,  *(_t129 - 0x422) & 0x0000ffff,  *(_t129 - 0x41e) & 0x0000ffff,  *(_t129 - 0x424) & 0x0000ffff,  *(_t129 - 0x41c) & 0x0000ffff,  *(_t129 - 0x41a) & 0x0000ffff,  *(_t129 - 0x418) & 0x0000ffff,  *(_t129 - 0x416) & 0x0000ffff);
				E01319638(_t129 - 0x45c, _t129 - 0x414);
				_push("\t\t");
				_push(_t129 - 0x494);
				 *((char*)(_t129 - 4)) = 1;
				_t66 = E0134CBDD(0, _t129 - 0x45c, _t126, _t136);
				 *((char*)(_t129 - 4)) = 2;
				_t67 = E01348074(_t66, _t129 - 0x478, _t129 + 8);
				 *((char*)(_t129 - 4)) = 3;
				E01347F01(_t66, _t129 - 0x440, _t67, "\r\n");
				E01311524(_t129 - 0x478, 1, 0);
				 *((char*)(_t129 - 4)) = 6;
				E01311524(_t129 - 0x494, 1, 0);
				_push("APNLog.txt");
				_push(_t129 - 0x4b0);
				_t124 = _t126;
				_t73 = E0134CBDD(0, _t126, _t126, _t136);
				_push(_t129 - 0x55c);
				 *((char*)(_t129 - 4)) = 7;
				E0134CA1C(0, _t73, _t126, _t126, _t136);
				 *((char*)(_t129 - 4)) = 9;
				E01311524(_t129 - 0x4b0, 1, 0);
				_t137 =  *((intOrPtr*)(_t129 - 0x42c)) - 0x10;
				_t76 =  *((intOrPtr*)(_t129 - 0x440));
				if( *((intOrPtr*)(_t129 - 0x42c)) < 0x10) {
					_t76 = _t129 - 0x440;
				}
				_push(0);
				_push( *((intOrPtr*)(_t129 - 0x430)));
				_push(_t76);
				_push(_t129 - 0x55c);
				E0134C957(0, _t121, _t124, 1, _t137);
				if(E01326EEC(_t129 - 0x558) == 0) {
					_t120 = _t129 +  *((intOrPtr*)( *((intOrPtr*)(_t129 - 0x55c)) + 4)) - 0x55c;
					_t90 =  *(_t120 + 0xc) | 0x00000002;
					if( *((intOrPtr*)(_t120 + 0x38)) == 0) {
						_t90 = _t90 | 0x00000004;
					}
					_t91 = _t90 & 0x00000017;
					 *(_t120 + 0xc) = _t91;
					_t141 =  *(_t120 + 0x10) & _t91;
					if(( *(_t120 + 0x10) & _t91) != 0) {
						E013149B3(0);
					}
				}
				 *((char*)(_t129 - 4)) = 6;
				E0134CB25(_t129 - 0x4fc, 1, _t141);
				 *((intOrPtr*)(_t129 - 0x4fc)) = 0x13a1494;
				E01363509(_t129 - 0x4fc);
				E01311524(_t129 - 0x440, 1, 0);
				E01311524(_t129 - 0x45c, 1, 0);
				E01311524(_t129 + 8, 1, 0);
				return E0137C2C5(0, _t124, 1);
			}















                                                                                                                                                                                                                                0x0134ba76
                                                                                                                                                                                                                                0x0134ba76
                                                                                                                                                                                                                                0x0134ba80
                                                                                                                                                                                                                                0x0134ba85
                                                                                                                                                                                                                                0x0134ba90
                                                                                                                                                                                                                                0x0134ba93
                                                                                                                                                                                                                                0x0134ba99
                                                                                                                                                                                                                                0x0134ba9f
                                                                                                                                                                                                                                0x0134baa7
                                                                                                                                                                                                                                0x0134baa7
                                                                                                                                                                                                                                0x0134bab9
                                                                                                                                                                                                                                0x0134babf
                                                                                                                                                                                                                                0x0134bac7
                                                                                                                                                                                                                                0x0134bacc
                                                                                                                                                                                                                                0x0134bacf
                                                                                                                                                                                                                                0x0134bad1
                                                                                                                                                                                                                                0x0134bad1
                                                                                                                                                                                                                                0x0134bb26
                                                                                                                                                                                                                                0x0134bb3b
                                                                                                                                                                                                                                0x0134bb46
                                                                                                                                                                                                                                0x0134bb4b
                                                                                                                                                                                                                                0x0134bb52
                                                                                                                                                                                                                                0x0134bb56
                                                                                                                                                                                                                                0x0134bb68
                                                                                                                                                                                                                                0x0134bb6c
                                                                                                                                                                                                                                0x0134bb7e
                                                                                                                                                                                                                                0x0134bb82
                                                                                                                                                                                                                                0x0134bb93
                                                                                                                                                                                                                                0x0134bba1
                                                                                                                                                                                                                                0x0134bba5
                                                                                                                                                                                                                                0x0134bbb0
                                                                                                                                                                                                                                0x0134bbb5
                                                                                                                                                                                                                                0x0134bbb6
                                                                                                                                                                                                                                0x0134bbb8
                                                                                                                                                                                                                                0x0134bbc5
                                                                                                                                                                                                                                0x0134bbc8
                                                                                                                                                                                                                                0x0134bbcc
                                                                                                                                                                                                                                0x0134bbd5
                                                                                                                                                                                                                                0x0134bbe0
                                                                                                                                                                                                                                0x0134bbe5
                                                                                                                                                                                                                                0x0134bbec
                                                                                                                                                                                                                                0x0134bbf2
                                                                                                                                                                                                                                0x0134bbf4
                                                                                                                                                                                                                                0x0134bbf4
                                                                                                                                                                                                                                0x0134bbfa
                                                                                                                                                                                                                                0x0134bbfb
                                                                                                                                                                                                                                0x0134bc01
                                                                                                                                                                                                                                0x0134bc08
                                                                                                                                                                                                                                0x0134bc09
                                                                                                                                                                                                                                0x0134bc1b
                                                                                                                                                                                                                                0x0134bc26
                                                                                                                                                                                                                                0x0134bc30
                                                                                                                                                                                                                                0x0134bc36
                                                                                                                                                                                                                                0x0134bc38
                                                                                                                                                                                                                                0x0134bc38
                                                                                                                                                                                                                                0x0134bc3b
                                                                                                                                                                                                                                0x0134bc3e
                                                                                                                                                                                                                                0x0134bc41
                                                                                                                                                                                                                                0x0134bc44
                                                                                                                                                                                                                                0x0134bc47
                                                                                                                                                                                                                                0x0134bc47
                                                                                                                                                                                                                                0x0134bc44
                                                                                                                                                                                                                                0x0134bc52
                                                                                                                                                                                                                                0x0134bc56
                                                                                                                                                                                                                                0x0134bc62
                                                                                                                                                                                                                                0x0134bc6c
                                                                                                                                                                                                                                0x0134bc7a
                                                                                                                                                                                                                                0x0134bc87
                                                                                                                                                                                                                                0x0134bc91
                                                                                                                                                                                                                                0x0134bc9b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                • swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0134BC6C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentH_prolog3_Ios_base_dtorLocalProcessTime_memsetstd::ios_base::_swprintf
                                                                                                                                                                                                                                • String ID: %s %d %2d/%02d/%04d %02d:%02d:%02d.%03d$APNLog.txt$Local$Remote
                                                                                                                                                                                                                                • API String ID: 3432463907-497205089
                                                                                                                                                                                                                                • Opcode ID: b1bb4e6e41cf86b6b746994fb39e45dd9473c87416e2b3cf9ccb42fb3e680398
                                                                                                                                                                                                                                • Instruction ID: f78bd0ec6024ca2f9ec77d391017356ad5d597bf63f523b15c3995e15f1fef28
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1bb4e6e41cf86b6b746994fb39e45dd9473c87416e2b3cf9ccb42fb3e680398
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 755143F1800119AEDB24DB58CD90BEEB7BCEB18309F4440DDE609A2145DB75AF89CF65
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135F16F, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                			E0135F16F(signed int __eax, signed int __ebx, void* __ecx, void* __edi, intOrPtr* __esi, intOrPtr* _a4, intOrPtr* _a8) {
				short _v8;
				signed int _v12;
				intOrPtr _v28;
				short _v32;
				char _v48;
				intOrPtr _v56;
				short _v60;
				char _v76;
				short _v80;
				signed char _t98;
				signed int _t111;
				intOrPtr _t115;
				intOrPtr _t123;
				intOrPtr* _t124;
				intOrPtr* _t127;
				intOrPtr _t129;
				intOrPtr* _t130;
				intOrPtr _t133;
				intOrPtr* _t140;
				signed int _t145;
				intOrPtr _t149;
				char* _t151;
				void* _t159;
				signed int _t160;
				intOrPtr* _t161;
				intOrPtr* _t162;
				signed int _t163;
				intOrPtr* _t165;
				intOrPtr* _t166;
				intOrPtr* _t167;
				intOrPtr* _t168;
				signed int* _t172;
				signed int _t173;
				signed int _t175;
				intOrPtr _t178;
				signed int _t190;
				intOrPtr _t191;
				intOrPtr* _t193;

				_t193 = __esi;
				_t149 =  *((intOrPtr*)(__esi + 0x10));
				_push(__ebx);
				_push(__edi);
				_t190 = __eax;
				_t145 = __ebx | 0xffffffff;
				if(_t149 < __eax) {
					E01363221("invalid string position");
					asm("int3");
					_push(0x40);
					E0137C242(0x139258f, _t145, _t190, __esi);
					_t98 =  *(_t149 + 0x40);
					_v80 = 0;
					__eflags = _t98 & 0x00000002;
					if((_t98 & 0x00000002) != 0) {
						L61:
						__eflags = _t98 & 0x00000004;
						if((_t98 & 0x00000004) != 0) {
							L64:
							_t191 = 0xf;
							_v56 = _t191;
							_v60 = 0;
							_v76 = 0;
							_v8 = 2;
							 *((intOrPtr*)(_t193 + 0x14)) = _t191;
							 *(_t193 + 0x10) = 0;
							 *_t193 = 0;
							E0131A79E(_t193,  &_v76);
							_t151 =  &_v76;
						} else {
							_t171 =  *(_t149 + 0x20);
							__eflags =  *( *(_t149 + 0x20));
							if(__eflags == 0) {
								goto L64;
							} else {
								_t191 = 0xf;
								_v28 = _t191;
								_v32 = 0;
								_v48 = 0;
								E01311568( &_v48, __eflags,  *((intOrPtr*)( *((intOrPtr*)(_t149 + 0x10)))),  *((intOrPtr*)( *((intOrPtr*)(_t149 + 0x30)))) +  *_t171 -  *((intOrPtr*)( *((intOrPtr*)(_t149 + 0x10)))));
								_v8 = 1;
								goto L60;
							}
						}
					} else {
						_t172 =  *(_t149 + 0x24);
						__eflags =  *_t172;
						if( *_t172 == 0) {
							goto L61;
						} else {
							_t173 =  *_t172;
							_t111 =  *(_t149 + 0x3c);
							__eflags = _t111 - _t173;
							if(_t111 < _t173) {
								_t111 = _t173;
							}
							_t191 = 0xf;
							__eflags = _t111 -  *((intOrPtr*)( *((intOrPtr*)(_t149 + 0x14))));
							_v28 = _t191;
							_v32 = 0;
							_v48 = 0;
							E01311568( &_v48, _t111 -  *((intOrPtr*)( *((intOrPtr*)(_t149 + 0x14)))),  *((intOrPtr*)( *((intOrPtr*)(_t149 + 0x14)))), _t111 -  *((intOrPtr*)( *((intOrPtr*)(_t149 + 0x14)))));
							_v8 = 0;
							L60:
							 *((intOrPtr*)(_t193 + 0x14)) = _t191;
							 *(_t193 + 0x10) = 0;
							 *_t193 = 0;
							E0131A79E(_t193,  &_v48);
							_t151 =  &_v48;
						}
					}
					E01311524(_t151, 1, 0);
					return E0137C2C5(0, _t191, _t193);
				} else {
					_t115 = _t149 - __eax;
					if(_t115 < _a4) {
						_a4 = _t115;
					}
					_t175 =  *(_a8 + 0x10);
					if(_t175 < 0xffffffff) {
						_t145 = _t175;
					}
					_t159 = _t149 - _a4;
					if((_t175 | 0xffffffff) - _t145 <= _t159) {
						_t115 = E013631D4("string too long");
					}
					_t178 = _a4;
					_t160 = _t159 + _t145;
					_t116 = _t115 - _t178;
					_v8 = _t115 - _t178;
					_v12 = _t160;
					if( *(_t193 + 0x10) < _t160) {
						E0131B8E0(_t145, _t193, _t190, _t160, 0);
						_t178 = _a4;
						_t116 = _v8;
					}
					if(_t193 == _a8) {
						__eflags = _t145 - _t178;
						if(_t145 > _t178) {
							__eflags =  *((intOrPtr*)(_t193 + 0x14)) - 8;
							if( *((intOrPtr*)(_t193 + 0x14)) < 8) {
								_a4 = _t193;
							} else {
								_a4 =  *_t193;
							}
							__eflags =  *((intOrPtr*)(_t193 + 0x14)) - 8;
							if( *((intOrPtr*)(_t193 + 0x14)) < 8) {
								_t161 = _t193;
							} else {
								_t161 =  *_t193;
							}
							E01374DB0(_t161 + (_t190 + _t145) * 2, _a4 + (_t190 + _t178) * 2, _t116 + _t116);
							_t123 =  *((intOrPtr*)(_t193 + 0x14));
							__eflags = _t123 - 8;
							if(_t123 < 8) {
								_t162 = _t193;
							} else {
								_t162 =  *_t193;
							}
							__eflags = _t123 - 8;
							if(_t123 < 8) {
								_t124 = _t193;
							} else {
								_t124 =  *_t193;
							}
							_push(_t145 + _t145);
						} else {
							_t129 =  *((intOrPtr*)(_t193 + 0x14));
							__eflags = _t129 - 8;
							if(_t129 < 8) {
								_t165 = _t193;
							} else {
								_t165 =  *_t193;
							}
							__eflags = _t129 - 8;
							if(_t129 < 8) {
								_t130 = _t193;
							} else {
								_t130 =  *_t193;
							}
							E01374DB0(_t130 + _t190 * 2, _t165, _t145 + _t145);
							_t133 =  *((intOrPtr*)(_t193 + 0x14));
							__eflags = _t133 - 8;
							if(_t133 < 8) {
								_t166 = _t193;
							} else {
								_t166 =  *_t193;
							}
							__eflags = _t133 - 8;
							if(_t133 < 8) {
								_t124 = _t193;
							} else {
								_t124 =  *_t193;
							}
							_push(_v8 + _v8);
							_t162 = _t166 + (_a4 + _t190) * 2;
							_t190 = _t190 + _t145;
						}
						_push(_t162);
						_push(_t124 + _t190 * 2);
						E01374DB0();
					} else {
						if( *((intOrPtr*)(_t193 + 0x14)) < 8) {
							_a4 = _t193;
						} else {
							_a4 =  *_t193;
						}
						if( *((intOrPtr*)(_t193 + 0x14)) < 8) {
							_t167 = _t193;
						} else {
							_t167 =  *_t193;
						}
						E01374DB0(_t167 + (_t190 + _t145) * 2, _a4 + (_t190 + _t178) * 2, _t116 + _t116);
						_t140 = _a8;
						if( *((intOrPtr*)(_t140 + 0x14)) >= 8) {
							_t140 =  *_t140;
						}
						if( *((intOrPtr*)(_t193 + 0x14)) < 8) {
							_t168 = _t193;
						} else {
							_t168 =  *_t193;
						}
						E013748D0(_t168 + _t190 * 2, _t140, _t145 + _t145);
					}
					_t163 = _v12;
					 *(_t193 + 0x10) = _t163;
					if( *((intOrPtr*)(_t193 + 0x14)) < 8) {
						_t127 = _t193;
					} else {
						_t127 =  *_t193;
					}
					 *((short*)(_t127 + _t163 * 2)) = 0;
					return _t193;
				}
			}









































                                                                                                                                                                                                                                0x0135f16f
                                                                                                                                                                                                                                0x0135f174
                                                                                                                                                                                                                                0x0135f177
                                                                                                                                                                                                                                0x0135f178
                                                                                                                                                                                                                                0x0135f179
                                                                                                                                                                                                                                0x0135f17b
                                                                                                                                                                                                                                0x0135f180
                                                                                                                                                                                                                                0x0135f31e
                                                                                                                                                                                                                                0x0135f323
                                                                                                                                                                                                                                0x0135f324
                                                                                                                                                                                                                                0x0135f32b
                                                                                                                                                                                                                                0x0135f330
                                                                                                                                                                                                                                0x0135f335
                                                                                                                                                                                                                                0x0135f338
                                                                                                                                                                                                                                0x0135f33a
                                                                                                                                                                                                                                0x0135f386
                                                                                                                                                                                                                                0x0135f386
                                                                                                                                                                                                                                0x0135f388
                                                                                                                                                                                                                                0x0135f3be
                                                                                                                                                                                                                                0x0135f3c0
                                                                                                                                                                                                                                0x0135f3c1
                                                                                                                                                                                                                                0x0135f3c4
                                                                                                                                                                                                                                0x0135f3c7
                                                                                                                                                                                                                                0x0135f3ca
                                                                                                                                                                                                                                0x0135f3d4
                                                                                                                                                                                                                                0x0135f3d7
                                                                                                                                                                                                                                0x0135f3dd
                                                                                                                                                                                                                                0x0135f3df
                                                                                                                                                                                                                                0x0135f3e4
                                                                                                                                                                                                                                0x0135f38a
                                                                                                                                                                                                                                0x0135f38a
                                                                                                                                                                                                                                0x0135f38d
                                                                                                                                                                                                                                0x0135f38f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135f391
                                                                                                                                                                                                                                0x0135f39f
                                                                                                                                                                                                                                0x0135f3a7
                                                                                                                                                                                                                                0x0135f3aa
                                                                                                                                                                                                                                0x0135f3ad
                                                                                                                                                                                                                                0x0135f3b0
                                                                                                                                                                                                                                0x0135f3b5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135f3b5
                                                                                                                                                                                                                                0x0135f38f
                                                                                                                                                                                                                                0x0135f33c
                                                                                                                                                                                                                                0x0135f33c
                                                                                                                                                                                                                                0x0135f33f
                                                                                                                                                                                                                                0x0135f341
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135f343
                                                                                                                                                                                                                                0x0135f343
                                                                                                                                                                                                                                0x0135f345
                                                                                                                                                                                                                                0x0135f348
                                                                                                                                                                                                                                0x0135f34a
                                                                                                                                                                                                                                0x0135f34c
                                                                                                                                                                                                                                0x0135f34c
                                                                                                                                                                                                                                0x0135f355
                                                                                                                                                                                                                                0x0135f356
                                                                                                                                                                                                                                0x0135f35d
                                                                                                                                                                                                                                0x0135f360
                                                                                                                                                                                                                                0x0135f363
                                                                                                                                                                                                                                0x0135f366
                                                                                                                                                                                                                                0x0135f36b
                                                                                                                                                                                                                                0x0135f36e
                                                                                                                                                                                                                                0x0135f371
                                                                                                                                                                                                                                0x0135f374
                                                                                                                                                                                                                                0x0135f37a
                                                                                                                                                                                                                                0x0135f37c
                                                                                                                                                                                                                                0x0135f381
                                                                                                                                                                                                                                0x0135f381
                                                                                                                                                                                                                                0x0135f341
                                                                                                                                                                                                                                0x0135f3ea
                                                                                                                                                                                                                                0x0135f3f6
                                                                                                                                                                                                                                0x0135f186
                                                                                                                                                                                                                                0x0135f188
                                                                                                                                                                                                                                0x0135f18d
                                                                                                                                                                                                                                0x0135f18f
                                                                                                                                                                                                                                0x0135f18f
                                                                                                                                                                                                                                0x0135f195
                                                                                                                                                                                                                                0x0135f19b
                                                                                                                                                                                                                                0x0135f19d
                                                                                                                                                                                                                                0x0135f19d
                                                                                                                                                                                                                                0x0135f19f
                                                                                                                                                                                                                                0x0135f1a9
                                                                                                                                                                                                                                0x0135f1b0
                                                                                                                                                                                                                                0x0135f1b0
                                                                                                                                                                                                                                0x0135f1b5
                                                                                                                                                                                                                                0x0135f1b8
                                                                                                                                                                                                                                0x0135f1ba
                                                                                                                                                                                                                                0x0135f1bc
                                                                                                                                                                                                                                0x0135f1bf
                                                                                                                                                                                                                                0x0135f1c5
                                                                                                                                                                                                                                0x0135f1cc
                                                                                                                                                                                                                                0x0135f1d1
                                                                                                                                                                                                                                0x0135f1d4
                                                                                                                                                                                                                                0x0135f1d4
                                                                                                                                                                                                                                0x0135f1da
                                                                                                                                                                                                                                0x0135f23e
                                                                                                                                                                                                                                0x0135f240
                                                                                                                                                                                                                                0x0135f297
                                                                                                                                                                                                                                0x0135f29b
                                                                                                                                                                                                                                0x0135f2a4
                                                                                                                                                                                                                                0x0135f29d
                                                                                                                                                                                                                                0x0135f29f
                                                                                                                                                                                                                                0x0135f29f
                                                                                                                                                                                                                                0x0135f2a7
                                                                                                                                                                                                                                0x0135f2ab
                                                                                                                                                                                                                                0x0135f2b1
                                                                                                                                                                                                                                0x0135f2ad
                                                                                                                                                                                                                                0x0135f2ad
                                                                                                                                                                                                                                0x0135f2ad
                                                                                                                                                                                                                                0x0135f2c7
                                                                                                                                                                                                                                0x0135f2cc
                                                                                                                                                                                                                                0x0135f2d2
                                                                                                                                                                                                                                0x0135f2d5
                                                                                                                                                                                                                                0x0135f2db
                                                                                                                                                                                                                                0x0135f2d7
                                                                                                                                                                                                                                0x0135f2d7
                                                                                                                                                                                                                                0x0135f2d7
                                                                                                                                                                                                                                0x0135f2dd
                                                                                                                                                                                                                                0x0135f2e0
                                                                                                                                                                                                                                0x0135f2e6
                                                                                                                                                                                                                                0x0135f2e2
                                                                                                                                                                                                                                0x0135f2e2
                                                                                                                                                                                                                                0x0135f2e2
                                                                                                                                                                                                                                0x0135f2eb
                                                                                                                                                                                                                                0x0135f242
                                                                                                                                                                                                                                0x0135f242
                                                                                                                                                                                                                                0x0135f245
                                                                                                                                                                                                                                0x0135f248
                                                                                                                                                                                                                                0x0135f24e
                                                                                                                                                                                                                                0x0135f24a
                                                                                                                                                                                                                                0x0135f24a
                                                                                                                                                                                                                                0x0135f24a
                                                                                                                                                                                                                                0x0135f250
                                                                                                                                                                                                                                0x0135f253
                                                                                                                                                                                                                                0x0135f259
                                                                                                                                                                                                                                0x0135f255
                                                                                                                                                                                                                                0x0135f255
                                                                                                                                                                                                                                0x0135f255
                                                                                                                                                                                                                                0x0135f264
                                                                                                                                                                                                                                0x0135f269
                                                                                                                                                                                                                                0x0135f26f
                                                                                                                                                                                                                                0x0135f272
                                                                                                                                                                                                                                0x0135f278
                                                                                                                                                                                                                                0x0135f274
                                                                                                                                                                                                                                0x0135f274
                                                                                                                                                                                                                                0x0135f274
                                                                                                                                                                                                                                0x0135f27a
                                                                                                                                                                                                                                0x0135f27d
                                                                                                                                                                                                                                0x0135f283
                                                                                                                                                                                                                                0x0135f27f
                                                                                                                                                                                                                                0x0135f27f
                                                                                                                                                                                                                                0x0135f27f
                                                                                                                                                                                                                                0x0135f28a
                                                                                                                                                                                                                                0x0135f290
                                                                                                                                                                                                                                0x0135f293
                                                                                                                                                                                                                                0x0135f293
                                                                                                                                                                                                                                0x0135f2ec
                                                                                                                                                                                                                                0x0135f2f0
                                                                                                                                                                                                                                0x0135f2f1
                                                                                                                                                                                                                                0x0135f1dc
                                                                                                                                                                                                                                0x0135f1e0
                                                                                                                                                                                                                                0x0135f1e9
                                                                                                                                                                                                                                0x0135f1e2
                                                                                                                                                                                                                                0x0135f1e4
                                                                                                                                                                                                                                0x0135f1e4
                                                                                                                                                                                                                                0x0135f1f0
                                                                                                                                                                                                                                0x0135f1f6
                                                                                                                                                                                                                                0x0135f1f2
                                                                                                                                                                                                                                0x0135f1f2
                                                                                                                                                                                                                                0x0135f1f2
                                                                                                                                                                                                                                0x0135f20c
                                                                                                                                                                                                                                0x0135f211
                                                                                                                                                                                                                                0x0135f21b
                                                                                                                                                                                                                                0x0135f21d
                                                                                                                                                                                                                                0x0135f21d
                                                                                                                                                                                                                                0x0135f223
                                                                                                                                                                                                                                0x0135f229
                                                                                                                                                                                                                                0x0135f225
                                                                                                                                                                                                                                0x0135f225
                                                                                                                                                                                                                                0x0135f225
                                                                                                                                                                                                                                0x0135f234
                                                                                                                                                                                                                                0x0135f234
                                                                                                                                                                                                                                0x0135f2f6
                                                                                                                                                                                                                                0x0135f301
                                                                                                                                                                                                                                0x0135f305
                                                                                                                                                                                                                                0x0135f30b
                                                                                                                                                                                                                                0x0135f307
                                                                                                                                                                                                                                0x0135f307
                                                                                                                                                                                                                                0x0135f307
                                                                                                                                                                                                                                0x0135f30f
                                                                                                                                                                                                                                0x0135f316
                                                                                                                                                                                                                                0x0135f316

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: invalid string position$string too long
                                                                                                                                                                                                                                • API String ID: 1771113911-4289949731
                                                                                                                                                                                                                                • Opcode ID: 05a81b31741f027593de0341b9918f93be660b248111b1c7b255065e1c92affe
                                                                                                                                                                                                                                • Instruction ID: 85c0b1bcd190705a243331496fd41f5c85cc8e3a1ec61c0f153c5668b6ffac39
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05a81b31741f027593de0341b9918f93be660b248111b1c7b255065e1c92affe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83518FB4610609DBCB68CF58D8C0C6AB7BEFF85B48724462DE942CB654DB30EA44CBD4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01361941, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                			E01361941(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t17;
				intOrPtr _t18;
				void* _t23;
				intOrPtr _t43;
				void* _t44;

				_push(0x14);
				E0137C1D9(0x13904ae, __ebx, __edi, __esi);
				E01363841(_t44 - 0x14, 0);
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				_t43 =  *0x13c2fa4; // 0x0
				 *((intOrPtr*)(_t44 - 0x10)) = _t43;
				_t17 = E01314493(0x13c2fe8);
				_t32 =  *((intOrPtr*)(_t44 + 8));
				_t18 = E01314564( *((intOrPtr*)(_t44 + 8)), _t17);
				_t41 = _t18;
				if(_t18 == 0) {
					if(_t43 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t23 = E01361B05(__ebx, _t32, __edx, _t43, __eflags);
						__eflags = _t23 - 0xffffffff;
						if(_t23 == 0xffffffff) {
							E01374D20(_t44 - 0x20, "bad cast");
							E0137BD1E(_t44 - 0x20, 0x13b04e8);
						}
						_t41 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x13c2fa4 =  *((intOrPtr*)(_t44 - 0x10));
						E013144C8(_t41);
						E0136355C(_t41, _t41);
					} else {
						_t41 = _t43;
					}
				}
				 *(_t44 - 4) =  *(_t44 - 4) | 0xffffffff;
				E01363869(_t44 - 0x14);
				return E0137C2B1(_t41);
			}








                                                                                                                                                                                                                                0x01361941
                                                                                                                                                                                                                                0x01361948
                                                                                                                                                                                                                                0x01361952
                                                                                                                                                                                                                                0x01361957
                                                                                                                                                                                                                                0x0136195b
                                                                                                                                                                                                                                0x01361966
                                                                                                                                                                                                                                0x01361969
                                                                                                                                                                                                                                0x0136196e
                                                                                                                                                                                                                                0x01361972
                                                                                                                                                                                                                                0x01361977
                                                                                                                                                                                                                                0x0136197b
                                                                                                                                                                                                                                0x0136197f
                                                                                                                                                                                                                                0x01361985
                                                                                                                                                                                                                                0x0136198b
                                                                                                                                                                                                                                0x0136198c
                                                                                                                                                                                                                                0x01361993
                                                                                                                                                                                                                                0x01361996
                                                                                                                                                                                                                                0x013619a0
                                                                                                                                                                                                                                0x013619ae
                                                                                                                                                                                                                                0x013619ae
                                                                                                                                                                                                                                0x013619b3
                                                                                                                                                                                                                                0x013619b8
                                                                                                                                                                                                                                0x013619be
                                                                                                                                                                                                                                0x013619c4
                                                                                                                                                                                                                                0x01361981
                                                                                                                                                                                                                                0x01361981
                                                                                                                                                                                                                                0x01361981
                                                                                                                                                                                                                                0x0136197f
                                                                                                                                                                                                                                0x013619ca
                                                                                                                                                                                                                                0x013619d1
                                                                                                                                                                                                                                0x013619dd

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 01361948
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 01361952
                                                                                                                                                                                                                                • int.LIBCPMT ref: 01361969
                                                                                                                                                                                                                                  • Part of subcall function 01314493: std::_Lockit::_Lockit.LIBCPMT ref: 013144A4
                                                                                                                                                                                                                                • codecvt.LIBCPMT ref: 0136198C
                                                                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 013619A0
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 013619AE
                                                                                                                                                                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 013619BE
                                                                                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 013619C4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowcodecvtstd::bad_exception::bad_exception
                                                                                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                                                                                • API String ID: 3288166080-3145022300
                                                                                                                                                                                                                                • Opcode ID: 8bfcb32bbc36ffa9b7f91c2399ba1595507ac8f59a9f63ef234daaf6407b94b4
                                                                                                                                                                                                                                • Instruction ID: 8cdc5bff030a4ec54cac8eca531b25b346fb278e1c13805b4b21b003576603d4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8bfcb32bbc36ffa9b7f91c2399ba1595507ac8f59a9f63ef234daaf6407b94b4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1301D63190011BDBCF19EBB8C8009EEB379BFA5728F154108D114771D4DF789A05CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131D9C3, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                			E0131D9C3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t17;
				intOrPtr _t18;
				void* _t23;
				intOrPtr _t43;
				void* _t44;

				_push(0x14);
				E0137C1D9(0x13904ae, __ebx, __edi, __esi);
				E01363841(_t44 - 0x14, 0);
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				_t43 =  *0x13c2f74; // 0x2ce32c0
				 *((intOrPtr*)(_t44 - 0x10)) = _t43;
				_t17 = E01314493(0x13c2fd4);
				_t32 =  *((intOrPtr*)(_t44 + 8));
				_t18 = E01314564( *((intOrPtr*)(_t44 + 8)), _t17);
				_t41 = _t18;
				if(_t18 == 0) {
					if(_t43 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t23 = E0131DCEF(__ebx, _t32, __edx, _t43, __eflags);
						__eflags = _t23 - 0xffffffff;
						if(_t23 == 0xffffffff) {
							E01374D20(_t44 - 0x20, "bad cast");
							E0137BD1E(_t44 - 0x20, 0x13b04e8);
						}
						_t41 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x13c2f74 =  *((intOrPtr*)(_t44 - 0x10));
						E013144C8(_t41);
						E0136355C(_t41, _t41);
					} else {
						_t41 = _t43;
					}
				}
				 *(_t44 - 4) =  *(_t44 - 4) | 0xffffffff;
				E01363869(_t44 - 0x14);
				return E0137C2B1(_t41);
			}








                                                                                                                                                                                                                                0x0131d9c3
                                                                                                                                                                                                                                0x0131d9ca
                                                                                                                                                                                                                                0x0131d9d4
                                                                                                                                                                                                                                0x0131d9d9
                                                                                                                                                                                                                                0x0131d9dd
                                                                                                                                                                                                                                0x0131d9e8
                                                                                                                                                                                                                                0x0131d9eb
                                                                                                                                                                                                                                0x0131d9f0
                                                                                                                                                                                                                                0x0131d9f4
                                                                                                                                                                                                                                0x0131d9f9
                                                                                                                                                                                                                                0x0131d9fd
                                                                                                                                                                                                                                0x0131da01
                                                                                                                                                                                                                                0x0131da07
                                                                                                                                                                                                                                0x0131da0d
                                                                                                                                                                                                                                0x0131da0e
                                                                                                                                                                                                                                0x0131da15
                                                                                                                                                                                                                                0x0131da18
                                                                                                                                                                                                                                0x0131da22
                                                                                                                                                                                                                                0x0131da30
                                                                                                                                                                                                                                0x0131da30
                                                                                                                                                                                                                                0x0131da35
                                                                                                                                                                                                                                0x0131da3a
                                                                                                                                                                                                                                0x0131da40
                                                                                                                                                                                                                                0x0131da46
                                                                                                                                                                                                                                0x0131da03
                                                                                                                                                                                                                                0x0131da03
                                                                                                                                                                                                                                0x0131da03
                                                                                                                                                                                                                                0x0131da01
                                                                                                                                                                                                                                0x0131da4c
                                                                                                                                                                                                                                0x0131da53
                                                                                                                                                                                                                                0x0131da5f

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0131D9CA
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0131D9D4
                                                                                                                                                                                                                                • int.LIBCPMT ref: 0131D9EB
                                                                                                                                                                                                                                  • Part of subcall function 01314493: std::_Lockit::_Lockit.LIBCPMT ref: 013144A4
                                                                                                                                                                                                                                • codecvt.LIBCPMT ref: 0131DA0E
                                                                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 0131DA22
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 0131DA30
                                                                                                                                                                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 0131DA40
                                                                                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0131DA46
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowcodecvtstd::bad_exception::bad_exception
                                                                                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                                                                                • API String ID: 3288166080-3145022300
                                                                                                                                                                                                                                • Opcode ID: f5f99ab1194dcacda44daafad6056001877e9635cefd805aa40397771531a58f
                                                                                                                                                                                                                                • Instruction ID: 1bd5d77b24a738de89c188c99cc36219965f73c457c00e2c94324e6a4794718d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5f99ab1194dcacda44daafad6056001877e9635cefd805aa40397771531a58f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F01C03290021F9BCF19EBA8C800AAEB739BF64B28F140118E114772D8DF78A905CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013618A4, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                			E013618A4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t17;
				intOrPtr _t18;
				void* _t23;
				intOrPtr _t43;
				void* _t44;

				_push(0x14);
				E0137C1D9(0x13904ae, __ebx, __edi, __esi);
				E01363841(_t44 - 0x14, 0);
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				_t43 =  *0x13c2fa0; // 0x0
				 *((intOrPtr*)(_t44 - 0x10)) = _t43;
				_t17 = E01314493(0x13c2fe0);
				_t32 =  *((intOrPtr*)(_t44 + 8));
				_t18 = E01314564( *((intOrPtr*)(_t44 + 8)), _t17);
				_t41 = _t18;
				if(_t18 == 0) {
					if(_t43 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t23 = E01361A7B(__ebx, _t32, __edx, _t43, __eflags);
						__eflags = _t23 - 0xffffffff;
						if(_t23 == 0xffffffff) {
							E01374D20(_t44 - 0x20, "bad cast");
							E0137BD1E(_t44 - 0x20, 0x13b04e8);
						}
						_t41 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x13c2fa0 =  *((intOrPtr*)(_t44 - 0x10));
						E013144C8(_t41);
						E0136355C(_t41, _t41);
					} else {
						_t41 = _t43;
					}
				}
				 *(_t44 - 4) =  *(_t44 - 4) | 0xffffffff;
				E01363869(_t44 - 0x14);
				return E0137C2B1(_t41);
			}








                                                                                                                                                                                                                                0x013618a4
                                                                                                                                                                                                                                0x013618ab
                                                                                                                                                                                                                                0x013618b5
                                                                                                                                                                                                                                0x013618ba
                                                                                                                                                                                                                                0x013618be
                                                                                                                                                                                                                                0x013618c9
                                                                                                                                                                                                                                0x013618cc
                                                                                                                                                                                                                                0x013618d1
                                                                                                                                                                                                                                0x013618d5
                                                                                                                                                                                                                                0x013618da
                                                                                                                                                                                                                                0x013618de
                                                                                                                                                                                                                                0x013618e2
                                                                                                                                                                                                                                0x013618e8
                                                                                                                                                                                                                                0x013618ee
                                                                                                                                                                                                                                0x013618ef
                                                                                                                                                                                                                                0x013618f6
                                                                                                                                                                                                                                0x013618f9
                                                                                                                                                                                                                                0x01361903
                                                                                                                                                                                                                                0x01361911
                                                                                                                                                                                                                                0x01361911
                                                                                                                                                                                                                                0x01361916
                                                                                                                                                                                                                                0x0136191b
                                                                                                                                                                                                                                0x01361921
                                                                                                                                                                                                                                0x01361927
                                                                                                                                                                                                                                0x013618e4
                                                                                                                                                                                                                                0x013618e4
                                                                                                                                                                                                                                0x013618e4
                                                                                                                                                                                                                                0x013618e2
                                                                                                                                                                                                                                0x0136192d
                                                                                                                                                                                                                                0x01361934
                                                                                                                                                                                                                                0x01361940

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 013618AB
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 013618B5
                                                                                                                                                                                                                                • int.LIBCPMT ref: 013618CC
                                                                                                                                                                                                                                  • Part of subcall function 01314493: std::_Lockit::_Lockit.LIBCPMT ref: 013144A4
                                                                                                                                                                                                                                • codecvt.LIBCPMT ref: 013618EF
                                                                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 01361903
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 01361911
                                                                                                                                                                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 01361921
                                                                                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 01361927
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowcodecvtstd::bad_exception::bad_exception
                                                                                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                                                                                • API String ID: 3288166080-3145022300
                                                                                                                                                                                                                                • Opcode ID: 7de9af193ed0e382501ad174e9898ab8fe9e9330bf47497d16756701b7a47064
                                                                                                                                                                                                                                • Instruction ID: f9cb945b79922b876a4db730d5070d9136787e21527f2b893e502f6d0c4472a8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7de9af193ed0e382501ad174e9898ab8fe9e9330bf47497d16756701b7a47064
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7501C431D0021BDBCF15EBA8D800AAEB779BFA4728F104108D110772D8DF389A05CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01324909, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 88memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                			E01324909(short** __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v208;
				intOrPtr _v212;
				int _v216;
				void* _v220;
				int _v224;
				void* _v228;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t25;
				short* _t28;
				void* _t35;
				void* _t40;
				int _t49;
				void* _t57;
				signed int _t59;

				_t25 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t25 ^ _t59;
				_t57 = 0;
				_t58 = __ecx;
				_v220 = 0;
				_v212 = _a4;
				_v216 = 0;
				if(__ecx[5] < 8) {
					_t28 = __ecx;
				} else {
					_t28 =  *__ecx;
				}
				_t49 = GetFileVersionInfoSizeW(_t28,  &_v216);
				if(_t49 != _t57) {
					_v224 = _t57;
					_t57 = GlobalAlloc(2, _t49);
					_t35 = GlobalLock(_t57);
					_v228 = _t35;
					if(_t58[0xa] >= 8) {
						_t58 =  *_t58;
					}
					if(GetFileVersionInfoW(_t58, _v216, _t49, _t35) != 0 && VerQueryValueW(_v228, "\\",  &_v220,  &_v224) != 0) {
						_t40 = _v220;
						_t56 =  *(_t40 + 0x10);
						_t58 =  *(_t40 + 0x16);
						_push( *(_t40 + 0x14) & 0x0000ffff);
						_push( *(_t40 + 0x16) & 0x0000ffff);
						_push( *(_t40 + 0x10) & 0x0000ffff);
						E013217F6( &_v208, L"%d.%d.%d.%d",  *(_t40 + 0x12) & 0x0000ffff);
						GlobalUnlock(_t57);
						GlobalFree(_t57);
					}
				}
				E01319B30(_v212,  &_v208);
				return E013748C1(_v212, _t49, _v8 ^ _t59, _t56, _t57, _t58);
			}




















                                                                                                                                                                                                                                0x01324912
                                                                                                                                                                                                                                0x01324919
                                                                                                                                                                                                                                0x01324922
                                                                                                                                                                                                                                0x01324924
                                                                                                                                                                                                                                0x01324926
                                                                                                                                                                                                                                0x01324930
                                                                                                                                                                                                                                0x01324936
                                                                                                                                                                                                                                0x0132493c
                                                                                                                                                                                                                                0x01324942
                                                                                                                                                                                                                                0x0132493e
                                                                                                                                                                                                                                0x0132493e
                                                                                                                                                                                                                                0x0132493e
                                                                                                                                                                                                                                0x01324952
                                                                                                                                                                                                                                0x01324956
                                                                                                                                                                                                                                0x0132495f
                                                                                                                                                                                                                                0x0132496b
                                                                                                                                                                                                                                0x0132496e
                                                                                                                                                                                                                                0x01324978
                                                                                                                                                                                                                                0x0132497e
                                                                                                                                                                                                                                0x01324980
                                                                                                                                                                                                                                0x01324980
                                                                                                                                                                                                                                0x01324993
                                                                                                                                                                                                                                0x013249b8
                                                                                                                                                                                                                                0x013249c2
                                                                                                                                                                                                                                0x013249c6
                                                                                                                                                                                                                                0x013249ce
                                                                                                                                                                                                                                0x013249d2
                                                                                                                                                                                                                                0x013249d6
                                                                                                                                                                                                                                0x013249e7
                                                                                                                                                                                                                                0x013249f0
                                                                                                                                                                                                                                0x013249f7
                                                                                                                                                                                                                                0x013249f7
                                                                                                                                                                                                                                0x01324993
                                                                                                                                                                                                                                0x01324a0a
                                                                                                                                                                                                                                0x01324a23

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetFileVersionInfoSizeW.VERSION(013A0D00,?,013A2D3C,00000001,00000000), ref: 0132494C
                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000), ref: 01324965
                                                                                                                                                                                                                                • GlobalLock.KERNEL32 ref: 0132496E
                                                                                                                                                                                                                                • GetFileVersionInfoW.VERSION(013A0D00,?,00000000,00000000), ref: 0132498B
                                                                                                                                                                                                                                • VerQueryValueW.VERSION(?,013A11F0,?,?), ref: 013249AE
                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 013249F0
                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 013249F7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Global$FileInfoVersion$AllocFreeLockQuerySizeUnlockValue
                                                                                                                                                                                                                                • String ID: %d.%d.%d.%d
                                                                                                                                                                                                                                • API String ID: 363595264-3491811756
                                                                                                                                                                                                                                • Opcode ID: 494cd8c5e35522409816e3c72ae0efe0e77a9137797003b83a8d7fe796f5f4f3
                                                                                                                                                                                                                                • Instruction ID: 55912d7d6216c646e6b81ec8c3c0d36e4405a7b45936acbe71f4e01c0bf5f4fb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 494cd8c5e35522409816e3c72ae0efe0e77a9137797003b83a8d7fe796f5f4f3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14310D71A00229AFDB20AF99DC44FAABBBCFB48745F00419AE549E7240D7759E84CF70
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131DAAC, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                			E0131DAAC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t17;
				intOrPtr _t18;
				void* _t23;
				intOrPtr _t43;
				void* _t44;

				_push(0x14);
				E0137C1D9(0x13904ae, __ebx, __edi, __esi);
				E01363841(_t44 - 0x14, 0);
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				_t43 =  *0x13c2f78; // 0x2ce1ae8
				 *((intOrPtr*)(_t44 - 0x10)) = _t43;
				_t17 = E01314493(0x13c2fd8);
				_t32 =  *((intOrPtr*)(_t44 + 8));
				_t18 = E01314564( *((intOrPtr*)(_t44 + 8)), _t17);
				_t41 = _t18;
				if(_t18 == 0) {
					if(_t43 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t23 = E0131DDB6(__ebx, _t32, __edx, _t43, __eflags);
						__eflags = _t23 - 0xffffffff;
						if(_t23 == 0xffffffff) {
							E01374D20(_t44 - 0x20, "bad cast");
							E0137BD1E(_t44 - 0x20, 0x13b04e8);
						}
						_t41 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x13c2f78 =  *((intOrPtr*)(_t44 - 0x10));
						E013144C8(_t41);
						E0136355C(_t41, _t41);
					} else {
						_t41 = _t43;
					}
				}
				 *(_t44 - 4) =  *(_t44 - 4) | 0xffffffff;
				E01363869(_t44 - 0x14);
				return E0137C2B1(_t41);
			}








                                                                                                                                                                                                                                0x0131daac
                                                                                                                                                                                                                                0x0131dab3
                                                                                                                                                                                                                                0x0131dabd
                                                                                                                                                                                                                                0x0131dac2
                                                                                                                                                                                                                                0x0131dac6
                                                                                                                                                                                                                                0x0131dad1
                                                                                                                                                                                                                                0x0131dad4
                                                                                                                                                                                                                                0x0131dad9
                                                                                                                                                                                                                                0x0131dadd
                                                                                                                                                                                                                                0x0131dae2
                                                                                                                                                                                                                                0x0131dae6
                                                                                                                                                                                                                                0x0131daea
                                                                                                                                                                                                                                0x0131daf0
                                                                                                                                                                                                                                0x0131daf6
                                                                                                                                                                                                                                0x0131daf7
                                                                                                                                                                                                                                0x0131dafe
                                                                                                                                                                                                                                0x0131db01
                                                                                                                                                                                                                                0x0131db0b
                                                                                                                                                                                                                                0x0131db19
                                                                                                                                                                                                                                0x0131db19
                                                                                                                                                                                                                                0x0131db1e
                                                                                                                                                                                                                                0x0131db23
                                                                                                                                                                                                                                0x0131db29
                                                                                                                                                                                                                                0x0131db2f
                                                                                                                                                                                                                                0x0131daec
                                                                                                                                                                                                                                0x0131daec
                                                                                                                                                                                                                                0x0131daec
                                                                                                                                                                                                                                0x0131daea
                                                                                                                                                                                                                                0x0131db35
                                                                                                                                                                                                                                0x0131db3c
                                                                                                                                                                                                                                0x0131db48

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0131DAB3
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0131DABD
                                                                                                                                                                                                                                • int.LIBCPMT ref: 0131DAD4
                                                                                                                                                                                                                                  • Part of subcall function 01314493: std::_Lockit::_Lockit.LIBCPMT ref: 013144A4
                                                                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 0131DB0B
                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 0131DB19
                                                                                                                                                                                                                                • std::locale::facet::_Incref.LIBCPMT ref: 0131DB29
                                                                                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 0131DB2F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LockitLockit::_std::_std::locale::facet::_$Exception@8Facet_H_prolog3IncrefRegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                                                                                • API String ID: 158301680-3145022300
                                                                                                                                                                                                                                • Opcode ID: f59441cda6e62bceed330ab6b75f32a32e6fe95a4814a75b2b9a48df59c79c84
                                                                                                                                                                                                                                • Instruction ID: d1dcfca880dddb3a2ae3c5fe9b216c28c7a7a782bb7d99f96177f2571834d016
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f59441cda6e62bceed330ab6b75f32a32e6fe95a4814a75b2b9a48df59c79c84
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3501C43194021F97CF19EBA8C840AEE7339BF65728F104108D511772D8DF78A9059B50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01317280, Relevance: 13.6, APIs: 9, Instructions: 80COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E01317280(void* __ebx, intOrPtr _a4, signed int _a12, struct HDC__** _a16) {
				signed int _v8;
				struct tagRECT _v24;
				void* _v28;
				void* __edi;
				void* __esi;
				signed int _t27;
				struct HDC__* _t29;
				void* _t30;
				void* _t41;
				void* _t43;
				struct HDC__* _t48;
				void* _t51;
				intOrPtr _t52;
				struct HDC__** _t53;
				signed int _t54;

				_t47 = __ebx;
				_t27 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t27 ^ _t54;
				_t53 = _a16;
				_t52 = _a4;
				if(_t53 != 0) {
					if( *((char*)(_t52 + 0x30)) != 0) {
						_t29 = GetDC( *(_t52 - 0x28));
						 *_t53 = _t29;
						if(_t29 == 0) {
							goto L3;
						}
						 *((char*)(_t52 + 0x30)) = 0;
						if((_a12 & 0x00000001) != 0) {
							L16:
							_t30 = 0;
							L17:
							return E013748C1(_t30, _t47, _v8 ^ _t54, _t51, _t52, _t53);
						}
						GetClientRect( *(_t52 - 0x28),  &_v24);
						if((_a12 & 0x00000004) == 0) {
							L14:
							if((_a12 & 0x00000002) != 0) {
								FillRect( *_t53,  &_v24, 6);
							}
							goto L16;
						}
						_push(__ebx);
						_t48 = CreateCompatibleDC( *_t53);
						if(_t48 == 0) {
							L13:
							_pop(_t47);
							goto L14;
						}
						_t41 = CreateCompatibleBitmap( *_t53, _v24.right - _v24.left, _v24.bottom - _v24.top);
						_v28 = _t41;
						if(_t41 == 0) {
							L11:
							DeleteDC(_t48);
							goto L13;
						}
						_t43 = SelectObject(_t48, _t41);
						if(_t43 != 0) {
							DeleteObject(_t43);
							 *(_t52 + 0x2c) =  *_t53;
							 *_t53 = _t48;
							goto L13;
						}
						DeleteObject(_v28);
						goto L11;
					}
					L3:
					_t30 = 0x80004005;
					goto L17;
				}
				_t30 = 0x80004003;
				goto L17;
			}


















                                                                                                                                                                                                                                0x01317280
                                                                                                                                                                                                                                0x01317286
                                                                                                                                                                                                                                0x0131728d
                                                                                                                                                                                                                                0x01317291
                                                                                                                                                                                                                                0x01317295
                                                                                                                                                                                                                                0x0131729a
                                                                                                                                                                                                                                0x013172aa
                                                                                                                                                                                                                                0x013172b9
                                                                                                                                                                                                                                0x013172bf
                                                                                                                                                                                                                                0x013172c3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013172c9
                                                                                                                                                                                                                                0x013172cd
                                                                                                                                                                                                                                0x01317353
                                                                                                                                                                                                                                0x01317353
                                                                                                                                                                                                                                0x01317355
                                                                                                                                                                                                                                0x01317362
                                                                                                                                                                                                                                0x01317362
                                                                                                                                                                                                                                0x013172da
                                                                                                                                                                                                                                0x013172e4
                                                                                                                                                                                                                                0x0131733f
                                                                                                                                                                                                                                0x01317343
                                                                                                                                                                                                                                0x0131734d
                                                                                                                                                                                                                                0x0131734d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01317343
                                                                                                                                                                                                                                0x013172e6
                                                                                                                                                                                                                                0x013172ef
                                                                                                                                                                                                                                0x013172f3
                                                                                                                                                                                                                                0x0131733e
                                                                                                                                                                                                                                0x0131733e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131733e
                                                                                                                                                                                                                                0x01317305
                                                                                                                                                                                                                                0x0131730b
                                                                                                                                                                                                                                0x01317310
                                                                                                                                                                                                                                0x01317327
                                                                                                                                                                                                                                0x01317328
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01317328
                                                                                                                                                                                                                                0x01317314
                                                                                                                                                                                                                                0x0131731c
                                                                                                                                                                                                                                0x01317331
                                                                                                                                                                                                                                0x01317339
                                                                                                                                                                                                                                0x0131733c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131733c
                                                                                                                                                                                                                                0x01317321
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01317321
                                                                                                                                                                                                                                0x013172ac
                                                                                                                                                                                                                                0x013172ac
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013172ac
                                                                                                                                                                                                                                0x0131729c
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: f3e447f6f7fed40fe267d568e4eb74d444978297bfbba2922cda3c6819c67cb4
                                                                                                                                                                                                                                • Instruction ID: 352a1cdb43d82458dce66557983e591b755453367715e8edca982c9313eaa96d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3e447f6f7fed40fe267d568e4eb74d444978297bfbba2922cda3c6819c67cb4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D631417150020AEFEB269F78C849BAEBBFDBF08308F181419ED45E2259D772D954CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013242DA, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                			E013242DA(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t82;
				signed int _t88;
				intOrPtr _t89;
				intOrPtr* _t93;
				intOrPtr _t100;
				signed int _t102;
				void* _t109;
				void* _t112;
				signed int _t114;
				void* _t129;
				void* _t136;
				void* _t180;
				intOrPtr* _t188;
				void* _t194;
				void* _t195;
				intOrPtr _t198;

				E0137C242(0x13984de, __ebx, __edi, __esi);
				_t188 = __ecx;
				 *((intOrPtr*)(_t194 - 0x2e4)) =  *((intOrPtr*)(_t194 + 8));
				 *((intOrPtr*)(_t194 - 0x2f0)) = __ecx;
				 *((intOrPtr*)(_t194 - 0x2e8)) = 0;
				E01319B30(_t194 - 0x28c, 0x13a0d00);
				_t82 = _t194 - 0x21c;
				 *((intOrPtr*)(_t194 - 4)) = 1;
				__imp__SHGetSpecialFolderPathW(0, _t82, 0x1c, 0, 0x398);
				if(_t82 != 0) {
					 *_t188 = 2;
					_t189 = E01319B30(_t194 - 0x2e0, _t194 - 0x21c);
					 *((char*)(_t194 - 4)) = 2;
					E0132761B(_t194 - 0x238, _t84, _t194 - 0x238, L"\\Google\\Chrome\\User Data\\Default\\Preferences");
					 *((char*)(_t194 - 4)) = 4;
					E0131AA87(_t194 - 0x2e0, 1, 0);
					__eflags =  *0x13c2a33; // 0x0
					if(__eflags != 0) {
						_push(_t194 - 0x2a8);
						_t136 = E0135BE26(0, _t194 - 0x238, 1, _t189, __eflags);
						_t198 = _t195 - 0x18;
						 *((intOrPtr*)(_t194 - 0x2ec)) = _t198;
						 *((char*)(_t194 - 4)) = 5;
						E0131D888(_t198, _t198, "GetChromeIncumbentHPR in ", _t136);
						_t195 = _t198 + 0xc;
						E0134BA76(0, 0x13c2b18, _t180, 1, _t189, __eflags);
						 *((char*)(_t194 - 4)) = 4;
						E01311524(_t194 - 0x2a8, 1, 0);
					}
					_t88 = L0135D07B(1, __eflags, _t194 - 0x238);
					__eflags = _t88;
					if(_t88 != 0) {
						__eflags =  *((intOrPtr*)(_t194 - 0x224)) - 8;
						_t89 =  *((intOrPtr*)(_t194 - 0x238));
						if(__eflags < 0) {
							_t89 = _t194 - 0x238;
						}
						_push(_t89);
						_push(_t194 - 0x3a4);
						E013262A9(0, 1, _t189, __eflags);
						 *((intOrPtr*)(_t194 - 0x240)) = 0xf;
						 *(_t194 - 0x244) = 0;
						 *((char*)(_t194 - 0x254)) = 0;
						 *((char*)(_t194 - 4)) = 7;
						while(1) {
							_t93 = E013276F8(_t194 - 0x3a4, _t194 - 0x254);
							asm("sbb eax, eax");
							__eflags =  *((intOrPtr*)( *_t93 + 4)) + _t93 &  !( ~( *( *((intOrPtr*)( *_t93 + 4)) + _t93 + 0xc) & 0x00000006));
							if(__eflags == 0) {
								break;
							}
							__eflags =  *(_t194 - 0x244);
							if( *(_t194 - 0x244) == 0) {
								continue;
							} else {
								_t157 = _t194 - 0x270;
								E01319638(_t194 - 0x270, "  \"homepage\": \"");
								 *((char*)(_t194 - 4)) = 8;
								__eflags =  *((intOrPtr*)(_t194 - 0x25c)) - 0x10;
								_t100 =  *((intOrPtr*)(_t194 - 0x270));
								if( *((intOrPtr*)(_t194 - 0x25c)) < 0x10) {
									_t100 = _t194 - 0x270;
								}
								_t102 = E01326C58(_t194 - 0x254, _t157, _t100,  *((intOrPtr*)(_t194 - 0x260)));
								__eflags = _t102;
								if(_t102 >= 0) {
									E01325CE4( *((intOrPtr*)(_t194 - 0x260)) + _t102, _t194 - 0x2a8, _t194 - 0x254,  *((intOrPtr*)(_t194 - 0x260)) + _t102,  *(_t194 - 0x244) -  *((intOrPtr*)(_t194 - 0x260)) - _t102);
									_push(0xffffffff);
									_push(0xfde9);
									_push(0xfde9);
									 *((intOrPtr*)(_t194 - 0x2ec)) = _t195 - 0x1c;
									 *((char*)(_t194 - 4)) = 9;
									E013116F0(_t195 - 0x1c, _t194 - 0x2a8);
									_push(_t194 - 0x2c4);
									_t109 = E0135BED6(0, 1, _t194 - 0x2a8, __eflags);
									 *((char*)(_t194 - 4)) = 0xa;
									E0131A941(_t194 - 0x238, _t109);
									 *((char*)(_t194 - 4)) = 9;
									E0131AA87(_t194 - 0x2c4, 1, 0);
									_t112 = E01376D83("\"");
									_t164 = _t194 - 0x238;
									_t114 = E01326DB6(0, _t194 - 0x238, "\"", _t112);
									__eflags = _t114;
									if(_t114 > 0) {
										_t129 = E01319C49(_t164, _t194 - 0x2c4, _t194 - 0x238, 0, _t114);
										 *((char*)(_t194 - 4)) = 0xb;
										E0131A941(_t194 - 0x28c, _t129);
										E0131AA87(_t194 - 0x2c4, 1, 0);
									}
									E01311524(_t194 - 0x2a8, 1, 0);
									 *((char*)(_t194 - 4)) = 7;
									E01311524(_t194 - 0x270, 1, 0);
								} else {
									 *((char*)(_t194 - 4)) = 7;
									E01311524(_t194 - 0x270, 1, 0);
									continue;
								}
							}
							L19:
							_t189 = _t194 - 0x3a4;
							E01326379(_t194 - 0x3a4, __eflags);
							 *((intOrPtr*)( *((intOrPtr*)(_t194 - 0x2f0)))) = 0;
							E01319B61( *((intOrPtr*)(_t194 - 0x2e4)), _t194 - 0x28c);
							 *((intOrPtr*)(_t194 - 0x2e8)) = 1;
							E01311524(_t194 - 0x254, 1, 0);
							 *((char*)(_t194 - 4)) = 4;
							E01323A9B(_t194 - 0x3a4);
							goto L20;
						}
						goto L19;
					} else {
						E01319B61( *((intOrPtr*)(_t194 - 0x2e4)), _t194 - 0x28c);
					}
					L20:
					E0131AA87(_t194 - 0x238, 1, 0);
				} else {
					 *_t188 = GetLastError();
					E01319B61( *((intOrPtr*)(_t194 - 0x2e4)), _t194 - 0x28c);
				}
				E0131AA87(_t194 - 0x28c, 1, 0);
				return E0137C2C5(0, 1, _t189);
			}



















                                                                                                                                                                                                                                0x013242e4
                                                                                                                                                                                                                                0x013242ec
                                                                                                                                                                                                                                0x013242fb
                                                                                                                                                                                                                                0x01324301
                                                                                                                                                                                                                                0x01324307
                                                                                                                                                                                                                                0x0132430d
                                                                                                                                                                                                                                0x01324315
                                                                                                                                                                                                                                0x01324320
                                                                                                                                                                                                                                0x01324323
                                                                                                                                                                                                                                0x0132432b
                                                                                                                                                                                                                                0x01324359
                                                                                                                                                                                                                                0x01324370
                                                                                                                                                                                                                                0x01324372
                                                                                                                                                                                                                                0x01324376
                                                                                                                                                                                                                                0x01324385
                                                                                                                                                                                                                                0x01324389
                                                                                                                                                                                                                                0x0132438e
                                                                                                                                                                                                                                0x01324394
                                                                                                                                                                                                                                0x0132439c
                                                                                                                                                                                                                                0x013243a3
                                                                                                                                                                                                                                0x013243a8
                                                                                                                                                                                                                                0x013243ad
                                                                                                                                                                                                                                0x013243ba
                                                                                                                                                                                                                                0x013243be
                                                                                                                                                                                                                                0x013243c3
                                                                                                                                                                                                                                0x013243cb
                                                                                                                                                                                                                                0x013243d8
                                                                                                                                                                                                                                0x013243dc
                                                                                                                                                                                                                                0x013243dc
                                                                                                                                                                                                                                0x013243e8
                                                                                                                                                                                                                                0x013243ee
                                                                                                                                                                                                                                0x013243f0
                                                                                                                                                                                                                                0x01324409
                                                                                                                                                                                                                                0x01324410
                                                                                                                                                                                                                                0x01324416
                                                                                                                                                                                                                                0x01324418
                                                                                                                                                                                                                                0x01324418
                                                                                                                                                                                                                                0x0132441e
                                                                                                                                                                                                                                0x01324425
                                                                                                                                                                                                                                0x01324426
                                                                                                                                                                                                                                0x0132442b
                                                                                                                                                                                                                                0x01324435
                                                                                                                                                                                                                                0x0132443b
                                                                                                                                                                                                                                0x01324441
                                                                                                                                                                                                                                0x0132449f
                                                                                                                                                                                                                                0x013244ac
                                                                                                                                                                                                                                0x013244c3
                                                                                                                                                                                                                                0x013244c7
                                                                                                                                                                                                                                0x013244c9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01324447
                                                                                                                                                                                                                                0x0132444d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132444f
                                                                                                                                                                                                                                0x01324454
                                                                                                                                                                                                                                0x0132445a
                                                                                                                                                                                                                                0x0132445f
                                                                                                                                                                                                                                0x01324463
                                                                                                                                                                                                                                0x0132446a
                                                                                                                                                                                                                                0x01324470
                                                                                                                                                                                                                                0x01324472
                                                                                                                                                                                                                                0x01324472
                                                                                                                                                                                                                                0x01324485
                                                                                                                                                                                                                                0x0132448a
                                                                                                                                                                                                                                0x0132448c
                                                                                                                                                                                                                                0x013244f5
                                                                                                                                                                                                                                0x013244fa
                                                                                                                                                                                                                                0x01324501
                                                                                                                                                                                                                                0x01324502
                                                                                                                                                                                                                                0x0132450a
                                                                                                                                                                                                                                0x01324511
                                                                                                                                                                                                                                0x01324515
                                                                                                                                                                                                                                0x01324520
                                                                                                                                                                                                                                0x01324521
                                                                                                                                                                                                                                0x01324530
                                                                                                                                                                                                                                0x01324534
                                                                                                                                                                                                                                0x01324541
                                                                                                                                                                                                                                0x01324545
                                                                                                                                                                                                                                0x01324550
                                                                                                                                                                                                                                0x0132455a
                                                                                                                                                                                                                                0x01324560
                                                                                                                                                                                                                                0x01324565
                                                                                                                                                                                                                                0x01324567
                                                                                                                                                                                                                                0x01324578
                                                                                                                                                                                                                                0x01324584
                                                                                                                                                                                                                                0x01324588
                                                                                                                                                                                                                                0x01324591
                                                                                                                                                                                                                                0x01324591
                                                                                                                                                                                                                                0x0132459e
                                                                                                                                                                                                                                0x013245ab
                                                                                                                                                                                                                                0x013245af
                                                                                                                                                                                                                                0x0132448e
                                                                                                                                                                                                                                0x01324496
                                                                                                                                                                                                                                0x0132449a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132449a
                                                                                                                                                                                                                                0x0132448c
                                                                                                                                                                                                                                0x013245b4
                                                                                                                                                                                                                                0x013245b4
                                                                                                                                                                                                                                0x013245ba
                                                                                                                                                                                                                                0x013245cb
                                                                                                                                                                                                                                0x013245d4
                                                                                                                                                                                                                                0x013245e1
                                                                                                                                                                                                                                0x013245e7
                                                                                                                                                                                                                                0x013245ee
                                                                                                                                                                                                                                0x013245f2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013245f2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013243f2
                                                                                                                                                                                                                                0x013243ff
                                                                                                                                                                                                                                0x013243ff
                                                                                                                                                                                                                                0x013245f7
                                                                                                                                                                                                                                0x013245ff
                                                                                                                                                                                                                                0x0132432d
                                                                                                                                                                                                                                0x01324339
                                                                                                                                                                                                                                0x01324342
                                                                                                                                                                                                                                0x01324342
                                                                                                                                                                                                                                0x0132460c
                                                                                                                                                                                                                                0x0132461c

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 013242E4
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001C,00000000,013A0D00,00000398,0131F1EA,?), ref: 01324323
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0132432D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • "homepage": ", xrefs: 0132444F
                                                                                                                                                                                                                                • \Google\Chrome\User Data\Default\Preferences, xrefs: 0132436A
                                                                                                                                                                                                                                • GetChromeIncumbentHPR in , xrefs: 013243B4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFolderH_prolog3_LastPathSpecial_wcslen
                                                                                                                                                                                                                                • String ID: "homepage": "$GetChromeIncumbentHPR in $\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                                                                                                • API String ID: 1572872009-294888114
                                                                                                                                                                                                                                • Opcode ID: 92492e2d511d0edd331810cb4dd52d7a55ef2403b3f93533b1edd09d56836bb7
                                                                                                                                                                                                                                • Instruction ID: 09d84c5cc5e67a0d35307287201f493f5956aaf5b9f96082fc212ffde99a0eb3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92492e2d511d0edd331810cb4dd52d7a55ef2403b3f93533b1edd09d56836bb7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2191617190126ADEDF25FB68CD98BEEB7BCAF25208F1041D9E509A3144DA345F88CF61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013278DD, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                			E013278DD(void* __eax, void* __ebx, signed int __ecx, intOrPtr* __esi, intOrPtr* _a4, signed int _a8) {
				intOrPtr _v0;
				signed int _v8;
				void* __edi;
				intOrPtr _t39;
				void* _t40;
				intOrPtr _t42;
				signed int _t43;
				intOrPtr _t45;
				signed int _t46;
				signed int _t49;
				signed int _t51;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t59;
				intOrPtr* _t60;
				intOrPtr* _t63;
				intOrPtr* _t66;
				signed int _t67;
				intOrPtr* _t68;
				signed int _t72;
				signed int _t74;
				signed int _t79;
				signed int _t83;
				intOrPtr* _t88;
				intOrPtr* _t89;
				signed int _t90;
				intOrPtr _t91;
				intOrPtr* _t92;
				void* _t100;
				void* _t101;
				signed int _t105;
				signed int _t107;

				_t106 = __esi;
				_t79 = __ecx;
				_t71 = __ebx;
				_push(__ecx);
				_t100 = __eax;
				_t2 = _a4 + 0x10; // 0x73747369
				_t39 =  *_t2;
				if(_t39 < _a8) {
					_t40 = E01363221("invalid string position");
					asm("int3");
					_push(__ebx);
					_t72 = _v8;
					_push(__esi);
					_push(_t100);
					_t101 = _t40;
					_t107 = _t79;
					if(E0131C6EE(_t79, _t72) == 0) {
						_t27 = _t107 + 0x10; // 0x5959fffe
						_t42 =  *_t27;
						if((_t79 | 0xffffffff) - _t42 <= _t101) {
							_t42 = E013631D4("string too long");
						}
						if(_t101 != 0) {
							_t74 = _t42 + _t101;
							if(E0131B8E0(_t74, _t107, _t101, _t74, 0) != 0) {
								_t29 = _t107 + 0x14; // 0x9c4d8d50
								_t45 =  *_t29;
								if(_t45 < 8) {
									_t83 = _t107;
								} else {
									_t83 =  *_t107;
								}
								if(_t45 < 8) {
									_t46 = _t107;
								} else {
									_t46 =  *_t107;
								}
								_t30 = _t107 + 0x10; // 0x5959fffe
								_t103 = _t101 + _t101;
								E01374DB0(_t46 + _t101 + _t101, _t83,  *_t30 +  *_t30);
								if( *((intOrPtr*)(_t107 + 0x14)) < 8) {
									_t49 = _t107;
								} else {
									_t49 =  *_t107;
								}
								E013748D0(_t49, _v0, _t103);
								 *(_t107 + 0x10) = _t74;
								if( *((intOrPtr*)(_t107 + 0x14)) < 8) {
									_t51 = _t107;
								} else {
									_t51 =  *_t107;
								}
								 *((short*)(_t51 + _t74 * 2)) = 0;
							}
						}
						_t43 = _t107;
					} else {
						if( *((intOrPtr*)(_t107 + 0x14)) < 8) {
							_t52 = _t107;
						} else {
							_t52 =  *_t107;
						}
						_push(_t72 - _t52 >> 1);
						_t43 = E013278DD(_t101, _t72 - _t52 >> 1, _t79, _t107, _t107);
					}
					return _t43;
				} else {
					_t54 = _t39 - _a8;
					if(_t54 < __eax) {
						_t100 = _t54;
					}
					_t5 = _t106 + 0x10; // 0x5959fffe
					_t55 =  *_t5;
					if((_t79 | 0xffffffff) - _t55 <= _t100) {
						_t55 = E013631D4("string too long");
					}
					if(_t100 != 0) {
						_v8 = _t55 + _t100;
						if(E0131B8E0(_t71, _t106, _t100, _t55 + _t100, 0) != 0) {
							_t7 = _t106 + 0x14; // 0x9c4d8d50
							_t59 =  *_t7;
							if(_t59 < 8) {
								_t88 = _t106;
							} else {
								_t88 =  *_t106;
							}
							if(_t59 < 8) {
								_t60 = _t106;
							} else {
								_t60 =  *_t106;
							}
							_t8 = _t106 + 0x10; // 0x5959fffe
							_push(_t71);
							_t77 = _t100 + _t100;
							E01374DB0(_t60 + _t100 + _t100, _t88,  *_t8 +  *_t8);
							_t63 = _a4;
							if(_t106 != _t63) {
								if( *((intOrPtr*)(_t63 + 0x14)) >= 8) {
									_t63 =  *_t63;
								}
								if( *((intOrPtr*)(_t106 + 0x14)) < 8) {
									_t89 = _t106;
								} else {
									_t89 =  *_t106;
								}
								E013748D0(_t89, _t63 + _a8 * 2, _t77);
							} else {
								_t67 = _a8;
								if(_t67 == 0) {
									_t105 = _t67;
								} else {
									_t105 = _t100 + _t67;
								}
								_t12 = _t106 + 0x14; // 0x9c4d8d50
								_t91 =  *_t12;
								if(_t91 < 8) {
									_t68 = _t106;
								} else {
									_t68 =  *_t106;
								}
								if(_t91 < 8) {
									_t92 = _t106;
								} else {
									_t92 =  *_t106;
								}
								E01374DB0(_t92, _t68 + _t105 * 2, _t77);
							}
							_t90 = _v8;
							 *(_t106 + 0x10) = _t90;
							if( *((intOrPtr*)(_t106 + 0x14)) < 8) {
								_t66 = _t106;
							} else {
								_t66 =  *_t106;
							}
							 *((short*)(_t66 + _t90 * 2)) = 0;
						}
					}
					return _t106;
				}
			}




































                                                                                                                                                                                                                                0x013278dd
                                                                                                                                                                                                                                0x013278dd
                                                                                                                                                                                                                                0x013278dd
                                                                                                                                                                                                                                0x013278e0
                                                                                                                                                                                                                                0x013278e2
                                                                                                                                                                                                                                0x013278e7
                                                                                                                                                                                                                                0x013278e7
                                                                                                                                                                                                                                0x013278ed
                                                                                                                                                                                                                                0x013279e4
                                                                                                                                                                                                                                0x013279e9
                                                                                                                                                                                                                                0x013279ed
                                                                                                                                                                                                                                0x013279ee
                                                                                                                                                                                                                                0x013279f1
                                                                                                                                                                                                                                0x013279f2
                                                                                                                                                                                                                                0x013279f4
                                                                                                                                                                                                                                0x013279f6
                                                                                                                                                                                                                                0x013279ff
                                                                                                                                                                                                                                0x01327a1f
                                                                                                                                                                                                                                0x01327a1f
                                                                                                                                                                                                                                0x01327a29
                                                                                                                                                                                                                                0x01327a30
                                                                                                                                                                                                                                0x01327a30
                                                                                                                                                                                                                                0x01327a37
                                                                                                                                                                                                                                0x01327a39
                                                                                                                                                                                                                                0x01327a48
                                                                                                                                                                                                                                0x01327a4a
                                                                                                                                                                                                                                0x01327a4a
                                                                                                                                                                                                                                0x01327a50
                                                                                                                                                                                                                                0x01327a56
                                                                                                                                                                                                                                0x01327a52
                                                                                                                                                                                                                                0x01327a52
                                                                                                                                                                                                                                0x01327a52
                                                                                                                                                                                                                                0x01327a5b
                                                                                                                                                                                                                                0x01327a61
                                                                                                                                                                                                                                0x01327a5d
                                                                                                                                                                                                                                0x01327a5d
                                                                                                                                                                                                                                0x01327a5d
                                                                                                                                                                                                                                0x01327a63
                                                                                                                                                                                                                                0x01327a69
                                                                                                                                                                                                                                0x01327a6f
                                                                                                                                                                                                                                0x01327a7b
                                                                                                                                                                                                                                0x01327a81
                                                                                                                                                                                                                                0x01327a7d
                                                                                                                                                                                                                                0x01327a7d
                                                                                                                                                                                                                                0x01327a7d
                                                                                                                                                                                                                                0x01327a88
                                                                                                                                                                                                                                0x01327a94
                                                                                                                                                                                                                                0x01327a97
                                                                                                                                                                                                                                0x01327a9d
                                                                                                                                                                                                                                0x01327a99
                                                                                                                                                                                                                                0x01327a99
                                                                                                                                                                                                                                0x01327a99
                                                                                                                                                                                                                                0x01327aa1
                                                                                                                                                                                                                                0x01327aa1
                                                                                                                                                                                                                                0x01327a48
                                                                                                                                                                                                                                0x01327aa5
                                                                                                                                                                                                                                0x01327a01
                                                                                                                                                                                                                                0x01327a05
                                                                                                                                                                                                                                0x01327a0b
                                                                                                                                                                                                                                0x01327a07
                                                                                                                                                                                                                                0x01327a07
                                                                                                                                                                                                                                0x01327a07
                                                                                                                                                                                                                                0x01327a11
                                                                                                                                                                                                                                0x01327a15
                                                                                                                                                                                                                                0x01327a15
                                                                                                                                                                                                                                0x01327aab
                                                                                                                                                                                                                                0x013278f3
                                                                                                                                                                                                                                0x013278f3
                                                                                                                                                                                                                                0x013278f8
                                                                                                                                                                                                                                0x013278fa
                                                                                                                                                                                                                                0x013278fa
                                                                                                                                                                                                                                0x013278fc
                                                                                                                                                                                                                                0x013278fc
                                                                                                                                                                                                                                0x01327906
                                                                                                                                                                                                                                0x0132790d
                                                                                                                                                                                                                                0x0132790d
                                                                                                                                                                                                                                0x01327914
                                                                                                                                                                                                                                0x01327921
                                                                                                                                                                                                                                0x0132792b
                                                                                                                                                                                                                                0x01327931
                                                                                                                                                                                                                                0x01327931
                                                                                                                                                                                                                                0x01327937
                                                                                                                                                                                                                                0x0132793d
                                                                                                                                                                                                                                0x01327939
                                                                                                                                                                                                                                0x01327939
                                                                                                                                                                                                                                0x01327939
                                                                                                                                                                                                                                0x01327942
                                                                                                                                                                                                                                0x01327948
                                                                                                                                                                                                                                0x01327944
                                                                                                                                                                                                                                0x01327944
                                                                                                                                                                                                                                0x01327944
                                                                                                                                                                                                                                0x0132794a
                                                                                                                                                                                                                                0x0132794d
                                                                                                                                                                                                                                0x01327951
                                                                                                                                                                                                                                0x01327958
                                                                                                                                                                                                                                0x0132795d
                                                                                                                                                                                                                                0x01327965
                                                                                                                                                                                                                                0x0132799e
                                                                                                                                                                                                                                0x013279a0
                                                                                                                                                                                                                                0x013279a0
                                                                                                                                                                                                                                0x013279a6
                                                                                                                                                                                                                                0x013279ac
                                                                                                                                                                                                                                0x013279a8
                                                                                                                                                                                                                                0x013279a8
                                                                                                                                                                                                                                0x013279a8
                                                                                                                                                                                                                                0x013279b7
                                                                                                                                                                                                                                0x01327967
                                                                                                                                                                                                                                0x01327967
                                                                                                                                                                                                                                0x0132796c
                                                                                                                                                                                                                                0x01327972
                                                                                                                                                                                                                                0x0132796e
                                                                                                                                                                                                                                0x0132796e
                                                                                                                                                                                                                                0x0132796e
                                                                                                                                                                                                                                0x01327974
                                                                                                                                                                                                                                0x01327974
                                                                                                                                                                                                                                0x0132797a
                                                                                                                                                                                                                                0x01327980
                                                                                                                                                                                                                                0x0132797c
                                                                                                                                                                                                                                0x0132797c
                                                                                                                                                                                                                                0x0132797c
                                                                                                                                                                                                                                0x01327985
                                                                                                                                                                                                                                0x0132798b
                                                                                                                                                                                                                                0x01327987
                                                                                                                                                                                                                                0x01327987
                                                                                                                                                                                                                                0x01327987
                                                                                                                                                                                                                                0x01327993
                                                                                                                                                                                                                                0x01327993
                                                                                                                                                                                                                                0x013279bc
                                                                                                                                                                                                                                0x013279c6
                                                                                                                                                                                                                                0x013279ca
                                                                                                                                                                                                                                0x013279d0
                                                                                                                                                                                                                                0x013279cc
                                                                                                                                                                                                                                0x013279cc
                                                                                                                                                                                                                                0x013279cc
                                                                                                                                                                                                                                0x013279d4
                                                                                                                                                                                                                                0x013279d4
                                                                                                                                                                                                                                0x0132792b
                                                                                                                                                                                                                                0x013279dc
                                                                                                                                                                                                                                0x013279dc

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: invalid string position$string too long
                                                                                                                                                                                                                                • API String ID: 1771113911-4289949731
                                                                                                                                                                                                                                • Opcode ID: 625697acd433a2ada9069d5c3923272bdf61e6f28cf95b2833e711603885f923
                                                                                                                                                                                                                                • Instruction ID: 072d25f0b601e834ad2d6278fd5a1d29ec4e289bb6284cfef236dc6e983e8682
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 625697acd433a2ada9069d5c3923272bdf61e6f28cf95b2833e711603885f923
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB41A271310328ABC724FE6CD885D6AB7EAFBA5668714491DE586C7740EB30ED01C7A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01328827, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82comCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 55%
                                                                                                                                                                                                                                			E01328827(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t27;
				signed int _t28;
				intOrPtr _t31;
				void* _t47;
				intOrPtr _t50;
				intOrPtr* _t51;
				WCHAR* _t52;
				void* _t53;
				intOrPtr _t57;
				intOrPtr _t58;

				_t47 = __edx;
				_push(0x18);
				_t27 = E0137C1D9(0x1393252, __ebx, __edi, __esi);
				_t57 =  *0x13c2f88; // 0x0
				if(_t57 == 0) {
					 *0x13c2f88 = 1;
					__imp__CoInitializeEx(0, 2);
					_t50 = _t27;
					if(_t50 < 0) {
						_t51 =  *((intOrPtr*)(_t53 + 8));
					} else {
						__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 2, 3, 0, 0, 0);
						 *((intOrPtr*)(_t53 - 0x14)) = _t27;
						if(_t27 < 0) {
							_t31 =  *0x13bc000; // 0x139c820
							 *(_t53 - 0x10) =  *((intOrPtr*)(_t31 + 0xc))() + 0x10;
							 *((intOrPtr*)(_t53 - 4)) = 0;
							 *((intOrPtr*)(_t53 - 0x24)) = 0x13a375c;
							 *((intOrPtr*)(_t53 - 0x20)) = _t50;
							 *((intOrPtr*)(_t53 - 0x1c)) = 0;
							 *((intOrPtr*)(_t53 - 0x18)) = 0;
							 *((char*)(_t53 - 4)) = 1;
							_push(E013283BA(_t53 - 0x24));
							E01327581(_t53 - 0x10, _t47, L"Downloader(BITS)::InitializeBITS::CoInitializeSecurity : Error = 0x%X - %s",  *((intOrPtr*)(_t53 - 0x14)));
							_t45 = _t53 - 0x24;
							 *((char*)(_t53 - 4)) = 0;
							E01328394(_t53 - 0x24);
							_t52 =  *(_t53 - 0x10);
							if( *((intOrPtr*)(_t52 - 4)) > 1) {
								E01327454(_t45, _t53 - 0x10,  *((intOrPtr*)(_t52 - 0xc)));
								_t52 =  *(_t53 - 0x10);
							}
							OutputDebugStringW(_t52);
							_t27 = E0131EAF8(_t52 - 0x10, _t47);
						}
						_t51 =  *((intOrPtr*)(_t53 + 8));
						__imp__CoCreateInstance(0x13a3794, 0, 4, 0x13a37a4, _t51);
						if(_t27 < 0) {
							 *_t51 = 0;
							__imp__CoUninitialize();
						}
					}
					_t28 = 0;
				} else {
					_t28 = 0;
					_t58 =  *((intOrPtr*)( *((intOrPtr*)(_t53 + 8))));
				}
				return E0137C2B1(_t28 & 0xffffff00 | _t58 != 0x00000000);
			}













                                                                                                                                                                                                                                0x01328827
                                                                                                                                                                                                                                0x01328827
                                                                                                                                                                                                                                0x0132882e
                                                                                                                                                                                                                                0x01328835
                                                                                                                                                                                                                                0x0132883b
                                                                                                                                                                                                                                0x0132884c
                                                                                                                                                                                                                                0x01328856
                                                                                                                                                                                                                                0x0132885c
                                                                                                                                                                                                                                0x01328860
                                                                                                                                                                                                                                0x0132891c
                                                                                                                                                                                                                                0x01328866
                                                                                                                                                                                                                                0x01328872
                                                                                                                                                                                                                                0x01328878
                                                                                                                                                                                                                                0x0132887d
                                                                                                                                                                                                                                0x0132887f
                                                                                                                                                                                                                                0x0132888f
                                                                                                                                                                                                                                0x01328892
                                                                                                                                                                                                                                0x01328895
                                                                                                                                                                                                                                0x0132889c
                                                                                                                                                                                                                                0x0132889f
                                                                                                                                                                                                                                0x013288a2
                                                                                                                                                                                                                                0x013288a8
                                                                                                                                                                                                                                0x013288b1
                                                                                                                                                                                                                                0x013288bd
                                                                                                                                                                                                                                0x013288c5
                                                                                                                                                                                                                                0x013288c8
                                                                                                                                                                                                                                0x013288cb
                                                                                                                                                                                                                                0x013288d0
                                                                                                                                                                                                                                0x013288d7
                                                                                                                                                                                                                                0x013288e0
                                                                                                                                                                                                                                0x013288e5
                                                                                                                                                                                                                                0x013288e5
                                                                                                                                                                                                                                0x013288e9
                                                                                                                                                                                                                                0x013288f2
                                                                                                                                                                                                                                0x013288f2
                                                                                                                                                                                                                                0x013288f7
                                                                                                                                                                                                                                0x01328908
                                                                                                                                                                                                                                0x01328910
                                                                                                                                                                                                                                0x01328912
                                                                                                                                                                                                                                0x01328914
                                                                                                                                                                                                                                0x01328914
                                                                                                                                                                                                                                0x01328910
                                                                                                                                                                                                                                0x0132891f
                                                                                                                                                                                                                                0x0132883d
                                                                                                                                                                                                                                0x01328840
                                                                                                                                                                                                                                0x01328842
                                                                                                                                                                                                                                0x01328842
                                                                                                                                                                                                                                0x0132892b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0132882E
                                                                                                                                                                                                                                • CoInitializeEx.OLE32(00000000,00000002,00000018,01328747,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328856
                                                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,76D26490,?,?,?,01328712,?), ref: 01328872
                                                                                                                                                                                                                                • OutputDebugStringW.KERNEL32(?), ref: 013288E9
                                                                                                                                                                                                                                • CoCreateInstance.OLE32(013A3794,00000000,00000004,013A37A4,?,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328908
                                                                                                                                                                                                                                • CoUninitialize.OLE32(?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328914
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Downloader(BITS)::InitializeBITS::CoInitializeSecurity : Error = 0x%X - %s, xrefs: 013288B8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Initialize$CreateDebugH_prolog3InstanceOutputSecurityStringUninitialize
                                                                                                                                                                                                                                • String ID: Downloader(BITS)::InitializeBITS::CoInitializeSecurity : Error = 0x%X - %s
                                                                                                                                                                                                                                • API String ID: 3838462571-3250974012
                                                                                                                                                                                                                                • Opcode ID: 19011c7f19087ecef0d630d1c3a73b29c827d7a886af51a46ae25cc5edc9a757
                                                                                                                                                                                                                                • Instruction ID: b3820df39936f92f5a0c8944467d606a2299e4a009c03261e7adbfd304e3a906
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19011c7f19087ecef0d630d1c3a73b29c827d7a886af51a46ae25cc5edc9a757
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C3152B190022EDFDB10EFA4D884AAEBBF8FF1831CF544469E505B7240D7715A44CB91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134A84D, Relevance: 12.1, APIs: 8, Instructions: 139COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 90%
                                                                                                                                                                                                                                			E0134A84D(intOrPtr __edx, intOrPtr* __esi, intOrPtr _a4) {
				signed int _v12;
				struct tagSCROLLINFO _v40;
				RECT* _v44;
				struct HWND__* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				void* __ebx;
				void* __edi;
				signed int _t70;
				struct HWND__* _t95;
				struct HWND__* _t107;
				signed int _t110;
				signed int _t112;
				intOrPtr _t118;
				intOrPtr _t124;
				intOrPtr* _t126;
				signed int _t127;

				_t126 = __esi;
				_t118 = __edx;
				_t70 =  *0x13bce20; // 0xa1d783ff
				_v12 = _t70 ^ _t127;
				if(__esi == 0) {
					_v44 = 0;
				} else {
					_t2 = _t126 - 0x24; // 0x0
					_v44 = _t2;
				}
				 *((intOrPtr*)(_t126 + 0xc)) = _a4;
				_v56 =  *_t126;
				_v52 =  *((intOrPtr*)(_t126 + 4));
				_t110 = 6;
				_v40.cbSize = 0x1c;
				memset( &(_v40.fMask), 0, _t110 << 2);
				 *((intOrPtr*)(_t126 + 8)) = _t118;
				 *_t126 = 0;
				 *((intOrPtr*)(_t126 + 4)) = 0;
				_v40.fMask = 7;
				if(( *(_t126 + 0x3c) & 0x00000020) != 0) {
					_v40.fMask = 0xf;
				}
				_v40.nPage =  *((intOrPtr*)(_t126 + 0x20));
				_t119 = _t118 - 1;
				_v40.nMin = 0;
				_v40.nMax.x = _t118 - 1;
				_v40.nPos = 0;
				SetScrollInfo( *(_v44 + 4), 0,  &_v40, 1);
				_t112 = 6;
				_v40.cbSize = 0x1c;
				memset( &(_v40.fMask), 0, _t112 << 2);
				_v40.fMask = 7;
				if(( *(_t126 + 0x3c) & 0x00000010) != 0) {
					_v40.fMask = 0xf;
				}
				_t124 = _v44;
				_v40.nMax.x =  *((intOrPtr*)(_t126 + 0xc)) - 1;
				_v40.nPage =  *((intOrPtr*)(_t126 + 0x24));
				_v40.nPos =  *((intOrPtr*)(_t126 + 4));
				_v40.nMin = 0;
				SetScrollInfo( *(_t124 + 4), 1,  &_v40, 1);
				if(( *(_t126 + 0x3c) & 0x00000001) != 0 && (_v56 != 0 || _v52 != 0)) {
					_t95 = GetWindow( *(_t124 + 4), 5);
					_v48 = _t95;
					if(_t95 != 0) {
						do {
							_v40.nMax.x = 0;
							asm("stosd");
							asm("stosd");
							asm("stosd");
							GetWindowRect(_v48,  &(_v40.nMax));
							MapWindowPoints(0,  *(_v44 + 4),  &(_v40.nMax), 1);
							SetWindowPos(_v48, 0, _v40.nMax.x + _v56, _v40.nPage + _v52, 0, 0, 0x15);
							_t107 = GetWindow(_v48, 2);
							_v48 = _t107;
						} while (_t107 != 0);
						_t124 = _v44;
					}
				}
				E0134A9CE(0, _t126, 0);
				E0134AA1E(0, _t126, 0);
				return E013748C1(InvalidateRect( *(_t124 + 4), 0, 1), 0, _v12 ^ _t127, _t119, _t124, _t126);
			}




















                                                                                                                                                                                                                                0x0134a84d
                                                                                                                                                                                                                                0x0134a84d
                                                                                                                                                                                                                                0x0134a853
                                                                                                                                                                                                                                0x0134a85a
                                                                                                                                                                                                                                0x0134a863
                                                                                                                                                                                                                                0x0134a86d
                                                                                                                                                                                                                                0x0134a865
                                                                                                                                                                                                                                0x0134a865
                                                                                                                                                                                                                                0x0134a868
                                                                                                                                                                                                                                0x0134a868
                                                                                                                                                                                                                                0x0134a873
                                                                                                                                                                                                                                0x0134a878
                                                                                                                                                                                                                                0x0134a880
                                                                                                                                                                                                                                0x0134a889
                                                                                                                                                                                                                                0x0134a88d
                                                                                                                                                                                                                                0x0134a894
                                                                                                                                                                                                                                0x0134a896
                                                                                                                                                                                                                                0x0134a899
                                                                                                                                                                                                                                0x0134a89b
                                                                                                                                                                                                                                0x0134a89e
                                                                                                                                                                                                                                0x0134a8a5
                                                                                                                                                                                                                                0x0134a8a7
                                                                                                                                                                                                                                0x0134a8a7
                                                                                                                                                                                                                                0x0134a8b1
                                                                                                                                                                                                                                0x0134a8c1
                                                                                                                                                                                                                                0x0134a8c2
                                                                                                                                                                                                                                0x0134a8c5
                                                                                                                                                                                                                                0x0134a8c8
                                                                                                                                                                                                                                0x0134a8cb
                                                                                                                                                                                                                                0x0134a8d9
                                                                                                                                                                                                                                0x0134a8dd
                                                                                                                                                                                                                                0x0134a8e4
                                                                                                                                                                                                                                0x0134a8e6
                                                                                                                                                                                                                                0x0134a8ed
                                                                                                                                                                                                                                0x0134a8ef
                                                                                                                                                                                                                                0x0134a8ef
                                                                                                                                                                                                                                0x0134a8f9
                                                                                                                                                                                                                                0x0134a8fd
                                                                                                                                                                                                                                0x0134a903
                                                                                                                                                                                                                                0x0134a90b
                                                                                                                                                                                                                                0x0134a917
                                                                                                                                                                                                                                0x0134a91a
                                                                                                                                                                                                                                0x0134a924
                                                                                                                                                                                                                                0x0134a935
                                                                                                                                                                                                                                0x0134a93b
                                                                                                                                                                                                                                0x0134a940
                                                                                                                                                                                                                                0x0134a942
                                                                                                                                                                                                                                0x0134a944
                                                                                                                                                                                                                                0x0134a94a
                                                                                                                                                                                                                                0x0134a94b
                                                                                                                                                                                                                                0x0134a94c
                                                                                                                                                                                                                                0x0134a954
                                                                                                                                                                                                                                0x0134a967
                                                                                                                                                                                                                                0x0134a983
                                                                                                                                                                                                                                0x0134a98e
                                                                                                                                                                                                                                0x0134a994
                                                                                                                                                                                                                                0x0134a997
                                                                                                                                                                                                                                0x0134a99b
                                                                                                                                                                                                                                0x0134a99b
                                                                                                                                                                                                                                0x0134a940
                                                                                                                                                                                                                                0x0134a9a3
                                                                                                                                                                                                                                0x0134a9ad
                                                                                                                                                                                                                                0x0134a9cb

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetScrollInfo.USER32(?,00000000,0000001C,00000001), ref: 0134A8CB
                                                                                                                                                                                                                                • SetScrollInfo.USER32(?,00000001,0000001C,00000001), ref: 0134A91A
                                                                                                                                                                                                                                • GetWindow.USER32(?,00000005), ref: 0134A935
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0134A954
                                                                                                                                                                                                                                • MapWindowPoints.USER32 ref: 0134A967
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000015), ref: 0134A983
                                                                                                                                                                                                                                • GetWindow.USER32(?,00000002), ref: 0134A98E
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,00000000,00000000), ref: 0134A9B8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$InfoRectScroll$InvalidatePoints
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2230122999-0
                                                                                                                                                                                                                                • Opcode ID: 85b9900ab4e8e4dd89398792d5cf5e9bb7547d1d03401aefc6b92a5ca6088c9c
                                                                                                                                                                                                                                • Instruction ID: 2c98951a623a35350db5f351dcd15313a501791a37545e260e9cc4fd70c30f68
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85b9900ab4e8e4dd89398792d5cf5e9bb7547d1d03401aefc6b92a5ca6088c9c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97510775A40609AFEB21DFA8C984AEEFBF9FB0C304F105429E606B7650D371A944CF60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134AA6E, Relevance: 12.1, APIs: 8, Instructions: 130COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E0134AA6E(struct HWND__* __ecx, int _a4, int _a8, int _a12) {
				signed int _v12;
				struct tagSCROLLINFO _v40;
				signed int _v44;
				intOrPtr _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t60;
				struct HWND__* _t88;
				int _t92;
				signed int _t93;
				signed int _t95;
				int _t100;
				signed int _t105;
				void* _t110;
				signed int _t111;

				_t60 =  *0x13bce20; // 0xa1d783ff
				_v12 = _t60 ^ _t111;
				_t88 = __ecx;
				if(__ecx == 0) {
					_v44 = _v44 & 0x00000000;
				} else {
					_t2 = _t88 - 0x24; // 0x0
					_v44 = _t2;
				}
				E0134AF31(_v44 + 0x24,  &_a8,  &_a4);
				_t92 = _a8;
				_t100 = _a4;
				 *(_t88 + 4) = _t92;
				_v48 =  *(_t88 + 4) - _t92;
				_t93 = 6;
				_t110 = _t88->i - _t100;
				_v40.cbSize = 0x1c;
				memset( &(_v40.fMask), 0, _t93 << 2);
				_t88->i = _t100;
				_v40.fMask = 4;
				if(( *(_t88 + 0x3c) & 0x00000020) != 0) {
					_v40.fMask = 0xc;
				}
				_v40.nPos = _t100;
				SetScrollInfo( *(_v44 + 4), 0,  &_v40, _a12);
				_t95 = 6;
				_v40.cbSize = 0x1c;
				memset( &(_v40.fMask), 0, _t95 << 2);
				_v40.fMask = 4;
				if(( *(_t88 + 0x3c) & 0x00000010) != 0) {
					_v40.fMask = 0xc;
				}
				_t105 = _v44;
				_v40.nPos =  *(_t88 + 4);
				_t74 = SetScrollInfo( *(_t105 + 4), 1,  &_v40, _a12);
				if(( *(_t88 + 0x3c) & 0x00000001) != 0 && (_t110 != 0 || _v48 != _t110)) {
					_t88 = GetWindow( *(_t105 + 4), 5);
					if(_t88 != 0) {
						do {
							_v40.nMax.x = _v40.nMax.x & 0x00000000;
							asm("stosd");
							asm("stosd");
							asm("stosd");
							GetWindowRect(_t88,  &(_v40.nMax));
							MapWindowPoints(0,  *(_v44 + 4),  &(_v40.nMax), 1);
							SetWindowPos(_t88, 0, _v40.nMax.x + _t110, _v40.nPage + _v48, 0, 0, 0x15);
							_t88 = GetWindow(_t88, 2);
						} while (_t88 != 0);
						_t105 = _v44;
					}
				}
				if(_a12 != 0) {
					_t74 = InvalidateRect( *(_t105 + 4), 0, 1);
				}
				return E013748C1(_t74, _t88, _v12 ^ _t111, _t100, _t105, _t110);
			}



















                                                                                                                                                                                                                                0x0134aa74
                                                                                                                                                                                                                                0x0134aa7b
                                                                                                                                                                                                                                0x0134aa7f
                                                                                                                                                                                                                                0x0134aa85
                                                                                                                                                                                                                                0x0134aa8f
                                                                                                                                                                                                                                0x0134aa87
                                                                                                                                                                                                                                0x0134aa87
                                                                                                                                                                                                                                0x0134aa8a
                                                                                                                                                                                                                                0x0134aa8a
                                                                                                                                                                                                                                0x0134aa9f
                                                                                                                                                                                                                                0x0134aaa4
                                                                                                                                                                                                                                0x0134aaac
                                                                                                                                                                                                                                0x0134aab1
                                                                                                                                                                                                                                0x0134aab6
                                                                                                                                                                                                                                0x0134aabb
                                                                                                                                                                                                                                0x0134aabf
                                                                                                                                                                                                                                0x0134aac5
                                                                                                                                                                                                                                0x0134aacc
                                                                                                                                                                                                                                0x0134aace
                                                                                                                                                                                                                                0x0134aad0
                                                                                                                                                                                                                                0x0134aad7
                                                                                                                                                                                                                                0x0134aad9
                                                                                                                                                                                                                                0x0134aad9
                                                                                                                                                                                                                                0x0134aaef
                                                                                                                                                                                                                                0x0134aaf2
                                                                                                                                                                                                                                0x0134ab00
                                                                                                                                                                                                                                0x0134ab04
                                                                                                                                                                                                                                0x0134ab0b
                                                                                                                                                                                                                                0x0134ab0d
                                                                                                                                                                                                                                0x0134ab14
                                                                                                                                                                                                                                0x0134ab16
                                                                                                                                                                                                                                0x0134ab16
                                                                                                                                                                                                                                0x0134ab23
                                                                                                                                                                                                                                0x0134ab26
                                                                                                                                                                                                                                0x0134ab32
                                                                                                                                                                                                                                0x0134ab3c
                                                                                                                                                                                                                                0x0134ab52
                                                                                                                                                                                                                                0x0134ab56
                                                                                                                                                                                                                                0x0134ab58
                                                                                                                                                                                                                                0x0134ab58
                                                                                                                                                                                                                                0x0134ab61
                                                                                                                                                                                                                                0x0134ab62
                                                                                                                                                                                                                                0x0134ab63
                                                                                                                                                                                                                                0x0134ab69
                                                                                                                                                                                                                                0x0134ab7e
                                                                                                                                                                                                                                0x0134ab97
                                                                                                                                                                                                                                0x0134aba6
                                                                                                                                                                                                                                0x0134aba8
                                                                                                                                                                                                                                0x0134abac
                                                                                                                                                                                                                                0x0134abac
                                                                                                                                                                                                                                0x0134ab56
                                                                                                                                                                                                                                0x0134abb3
                                                                                                                                                                                                                                0x0134abbc
                                                                                                                                                                                                                                0x0134abbc
                                                                                                                                                                                                                                0x0134abd0

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetScrollInfo.USER32(?,00000000,0000001C,?), ref: 0134AAF2
                                                                                                                                                                                                                                • SetScrollInfo.USER32(?,00000001,0000001C,?), ref: 0134AB32
                                                                                                                                                                                                                                • GetWindow.USER32(?,00000005), ref: 0134AB4C
                                                                                                                                                                                                                                • GetWindowRect.USER32 ref: 0134AB69
                                                                                                                                                                                                                                • MapWindowPoints.USER32 ref: 0134AB7E
                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,?,00000000,00000000,00000015), ref: 0134AB97
                                                                                                                                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 0134ABA0
                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0134ABBC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$InfoRectScroll$InvalidatePoints
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2230122999-0
                                                                                                                                                                                                                                • Opcode ID: 3ddba87aaa10c58ff9541d0048611230b07f670f9a9c22e6d427fbee02c05a74
                                                                                                                                                                                                                                • Instruction ID: 10dbb0affc5778721e1d840ea08858b685bdf2557680e8369235f1bd5926aa6e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ddba87aaa10c58ff9541d0048611230b07f670f9a9c22e6d427fbee02c05a74
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76512F71A40209AFEB11CFA8C989BEEBFF9FB48304F045415E605BB291D775A944CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01329ABE, Relevance: 12.1, APIs: 8, Instructions: 98filestringwindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 52%
                                                                                                                                                                                                                                			E01329ABE(struct _CRITICAL_SECTION* __ecx, char* __edx, signed int _a4) {
				signed int _v12;
				char _v276;
				void* _v280;
				char _v281;
				struct _CRITICAL_SECTION* _v288;
				struct _CRITICAL_SECTION* _v292;
				struct _CRITICAL_SECTION* _v296;
				struct _CRITICAL_SECTION* _v300;
				char _v304;
				signed int _v308;
				char _v316;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t36;
				struct _CRITICAL_SECTION* _t39;
				WCHAR* _t45;
				struct _CRITICAL_SECTION* _t47;
				char* _t50;
				WCHAR* _t51;
				struct _CRITICAL_SECTION* _t61;
				signed int _t65;
				void* _t68;
				void* _t69;

				_t60 = __edx;
				_t36 =  *0x13bce20; // 0xa1d783ff
				_v12 = _t36 ^ _t65;
				_t61 = 0;
				_t51 = __ecx;
				_v308 = _a4;
				_v288 = __ecx;
				_t68 =  *0x13c17dc - _t61; // 0x0
				if(_t68 != 0) {
					L5:
					_t39 = 0x80004005;
					L14:
					return E013748C1(_t39, _t51, _v12 ^ _t65, _t60, _t61, _t63);
				}
				_t63 = 0x13c17c0;
				EnterCriticalSection(0x13c17c0);
				_v281 = 1;
				_t69 =  *0x13c17bc - _t61; // 0x0
				if(_t69 == 0) {
					_t50 =  &_v304;
					_v304 = 1;
					_v300 = 0;
					_v296 = 0;
					_v292 = 0;
					__imp__GdiplusStartup(0x13c17bc, _t50,  &_v316);
					if(_t50 != 0) {
						_v281 = 0;
					}
				}
				LeaveCriticalSection(_t63);
				if(_v281 != 0) {
					_v280 =  &_v276;
					if(_t51 != _t61) {
						_t17 = lstrlenW(_t51) + 1; // 0x1
						_t52 = _t17;
						E0134809B(_t17, _t60,  &_v276,  &_v280);
						E01311B94(_v280, _t52 + _t52, _v288, _t52 + _t52);
						_t61 = 0;
					} else {
						_v280 = _t61;
					}
					_t45 =  &_v288;
					_v304 = 0x13a6654;
					_v288 = _t61;
					__imp__GdipCreateBitmapFromFile(_v280, _t45);
					_t63 = _v288;
					_t51 = _t45;
					_v300 = _t63;
					if(_v280 !=  &_v276) {
						E01375111(_v280);
					}
					_v296 = _t61;
					if(_t51 == _t61) {
						_t60 =  &_v304;
						_t47 = E01329C46(_v308,  &_v304);
						_t63 = _t47;
						__imp__GdipDisposeImage(_v300);
						_t39 = _t47;
						goto L14;
					} else {
						__imp__GdipDisposeImage(_t63);
						goto L5;
					}
				} else {
					goto L5;
				}
			}




























                                                                                                                                                                                                                                0x01329abe
                                                                                                                                                                                                                                0x01329ac7
                                                                                                                                                                                                                                0x01329ace
                                                                                                                                                                                                                                0x01329ad7
                                                                                                                                                                                                                                0x01329ad9
                                                                                                                                                                                                                                0x01329adb
                                                                                                                                                                                                                                0x01329ae1
                                                                                                                                                                                                                                0x01329ae7
                                                                                                                                                                                                                                0x01329aed
                                                                                                                                                                                                                                0x01329b5a
                                                                                                                                                                                                                                0x01329b5a
                                                                                                                                                                                                                                0x01329c35
                                                                                                                                                                                                                                0x01329c43
                                                                                                                                                                                                                                0x01329c43
                                                                                                                                                                                                                                0x01329aef
                                                                                                                                                                                                                                0x01329af5
                                                                                                                                                                                                                                0x01329afb
                                                                                                                                                                                                                                0x01329b02
                                                                                                                                                                                                                                0x01329b08
                                                                                                                                                                                                                                0x01329b11
                                                                                                                                                                                                                                0x01329b1d
                                                                                                                                                                                                                                0x01329b27
                                                                                                                                                                                                                                0x01329b2d
                                                                                                                                                                                                                                0x01329b33
                                                                                                                                                                                                                                0x01329b39
                                                                                                                                                                                                                                0x01329b41
                                                                                                                                                                                                                                0x01329b43
                                                                                                                                                                                                                                0x01329b43
                                                                                                                                                                                                                                0x01329b41
                                                                                                                                                                                                                                0x01329b4b
                                                                                                                                                                                                                                0x01329b58
                                                                                                                                                                                                                                0x01329b6a
                                                                                                                                                                                                                                0x01329b72
                                                                                                                                                                                                                                0x01329b83
                                                                                                                                                                                                                                0x01329b83
                                                                                                                                                                                                                                0x01329b94
                                                                                                                                                                                                                                0x01329ba9
                                                                                                                                                                                                                                0x01329bb1
                                                                                                                                                                                                                                0x01329b74
                                                                                                                                                                                                                                0x01329b74
                                                                                                                                                                                                                                0x01329b74
                                                                                                                                                                                                                                0x01329bb3
                                                                                                                                                                                                                                0x01329bc0
                                                                                                                                                                                                                                0x01329bca
                                                                                                                                                                                                                                0x01329bd0
                                                                                                                                                                                                                                0x01329bd6
                                                                                                                                                                                                                                0x01329bdc
                                                                                                                                                                                                                                0x01329be4
                                                                                                                                                                                                                                0x01329bf0
                                                                                                                                                                                                                                0x01329bf8
                                                                                                                                                                                                                                0x01329bfd
                                                                                                                                                                                                                                0x01329bfe
                                                                                                                                                                                                                                0x01329c06
                                                                                                                                                                                                                                0x01329c1a
                                                                                                                                                                                                                                0x01329c20
                                                                                                                                                                                                                                0x01329c2b
                                                                                                                                                                                                                                0x01329c2d
                                                                                                                                                                                                                                0x01329c33
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329c08
                                                                                                                                                                                                                                0x01329c09
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329c09
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(013C17C0,00000000,?,00000000), ref: 01329AF5
                                                                                                                                                                                                                                • GdiplusStartup.GDIPLUS(013C17BC,?,?), ref: 01329B39
                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(013C17C0), ref: 01329B4B
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 01329B7D
                                                                                                                                                                                                                                • GdipCreateBitmapFromFile.GDIPLUS(?,?), ref: 01329BD0
                                                                                                                                                                                                                                • _free.LIBCMT ref: 01329BF8
                                                                                                                                                                                                                                • GdipDisposeImage.GDIPLUS(?), ref: 01329C09
                                                                                                                                                                                                                                • GdipDisposeImage.GDIPLUS(?), ref: 01329C2D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Gdip$CriticalDisposeImageSection$BitmapCreateEnterFileFromGdiplusLeaveStartup_freelstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 166940661-0
                                                                                                                                                                                                                                • Opcode ID: 50de9562834d8f62e3199856e92efb7b892e5e939128d8a7c49c72ede235c0f2
                                                                                                                                                                                                                                • Instruction ID: a25be07b15028777590f9889432fa4560d338e5c1dda7de7a069eba9b6762645
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50de9562834d8f62e3199856e92efb7b892e5e939128d8a7c49c72ede235c0f2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9741287590023CDFDF25AF24DC85BDDBBB9EB49319F0040EAE609A2200D7715E858FA5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013209BC, Relevance: 12.1, APIs: 8, Instructions: 96windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                			E013209BC(void* __edx, void* __esi) {
				signed int _v8;
				struct tagLOGFONTW _v100;
				char _v128;
				struct tagLOGFONTW _v220;
				void _v628;
				intOrPtr _v632;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t30;
				signed int _t41;
				intOrPtr* _t51;
				void* _t55;
				void* _t67;
				long _t68;
				void* _t69;
				signed int _t70;
				void* _t71;

				_t69 = __esi;
				_t67 = __edx;
				_t30 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t30 ^ _t70;
				_v628 = 0x1f4;
				SystemParametersInfoW(0x29, 0x1f4,  &_v628, 0);
				 *(__esi + 0x38) = CreateFontIndirectW( &_v220);
				if( *((intOrPtr*)(__esi + 0x7f)) == 0) {
					GetObjectW( *(__esi + 0x38), 0x5c,  &_v100);
					_t41 =  *(__esi + 0x78);
					_t76 = _t41 - 0xffffffff;
					if(_t41 != 0xffffffff) {
						_t68 =  ~_t41;
					} else {
						_t68 = _v100.lfHeight;
					}
					E01376F40( &_v100, 0, 0x5c);
					_v100.lfItalic =  *((intOrPtr*)(_t69 + 0x7d));
					_push(0xffffffff);
					_v100.lfUnderline =  *((intOrPtr*)(_t69 + 0x7e));
					_push(0xfde9);
					_push(0xfde9);
					_v632 = _t71 + 0xc - 0x1c;
					_v100.lfHeight = _t68;
					E013116F0(_t71 + 0xc - 0x1c, _t69 + 0x5c);
					_push( &_v128);
					_t51 = E0135BED6(0, _t68, _t69, _t76);
					if( *((intOrPtr*)(_t51 + 0x14)) >= 8) {
						_t51 =  *_t51;
					}
					E01377106( &(_v100.lfFaceName), _t51);
					E0131AA87( &_v128, 1, 0);
					_t55 =  *(_t69 + 0x38);
					if(_t55 != 0) {
						DeleteObject(_t55);
					}
					 *(_t69 + 0x38) = 0;
					 *(_t69 + 0x38) = CreateFontIndirectW( &_v100);
				}
				SendMessageW( *(_t69 + 4), 0x30,  *(_t69 + 0x38), 1);
				return E013748C1(1, 0, _v8 ^ _t70, _t67, _t68, _t69);
			}





















                                                                                                                                                                                                                                0x013209bc
                                                                                                                                                                                                                                0x013209bc
                                                                                                                                                                                                                                0x013209c5
                                                                                                                                                                                                                                0x013209cc
                                                                                                                                                                                                                                0x013209e3
                                                                                                                                                                                                                                0x013209e9
                                                                                                                                                                                                                                0x013209fc
                                                                                                                                                                                                                                0x01320a02
                                                                                                                                                                                                                                0x01320a11
                                                                                                                                                                                                                                0x01320a17
                                                                                                                                                                                                                                0x01320a1a
                                                                                                                                                                                                                                0x01320a1d
                                                                                                                                                                                                                                0x01320a26
                                                                                                                                                                                                                                0x01320a1f
                                                                                                                                                                                                                                0x01320a1f
                                                                                                                                                                                                                                0x01320a1f
                                                                                                                                                                                                                                0x01320a2f
                                                                                                                                                                                                                                0x01320a3a
                                                                                                                                                                                                                                0x01320a40
                                                                                                                                                                                                                                0x01320a42
                                                                                                                                                                                                                                0x01320a4a
                                                                                                                                                                                                                                0x01320a4b
                                                                                                                                                                                                                                0x01320a54
                                                                                                                                                                                                                                0x01320a5b
                                                                                                                                                                                                                                0x01320a5e
                                                                                                                                                                                                                                0x01320a66
                                                                                                                                                                                                                                0x01320a67
                                                                                                                                                                                                                                0x01320a73
                                                                                                                                                                                                                                0x01320a75
                                                                                                                                                                                                                                0x01320a75
                                                                                                                                                                                                                                0x01320a7c
                                                                                                                                                                                                                                0x01320a89
                                                                                                                                                                                                                                0x01320a8e
                                                                                                                                                                                                                                0x01320a93
                                                                                                                                                                                                                                0x01320a96
                                                                                                                                                                                                                                0x01320a96
                                                                                                                                                                                                                                0x01320aa0
                                                                                                                                                                                                                                0x01320aa9
                                                                                                                                                                                                                                0x01320aa9
                                                                                                                                                                                                                                0x01320ab6
                                                                                                                                                                                                                                0x01320acb

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 013209E9
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 013209F6
                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 01320A11
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 01320A2F
                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 01320A7C
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 01320A96
                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 01320AA3
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 01320AB6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CreateFontIndirectObject$DeleteInfoMessageParametersSendSystem_memset_wcscpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2167349133-0
                                                                                                                                                                                                                                • Opcode ID: 2a32a588cf1c4b301107a8c4ad662551dd4d53a972734ab23f5783789431c165
                                                                                                                                                                                                                                • Instruction ID: abae90951f7e41384365133c919e093935e179a57d1ff06cecb40d6e10720bc3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a32a588cf1c4b301107a8c4ad662551dd4d53a972734ab23f5783789431c165
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53315C71900748EFEB20EFB8DC899AABBFDAB04318F40156AF556D7690D631A948CB10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132892E, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                                                                                                			E0132892E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t110;
				intOrPtr* _t116;
				intOrPtr* _t118;
				intOrPtr* _t121;
				void* _t124;
				signed int _t125;
				intOrPtr* _t126;
				void* _t129;
				signed int _t130;
				intOrPtr* _t134;
				intOrPtr _t136;
				intOrPtr* _t141;
				signed int _t142;
				intOrPtr* _t143;
				intOrPtr* _t145;
				intOrPtr* _t147;
				intOrPtr* _t149;
				signed int _t150;
				signed int _t154;
				intOrPtr* _t156;
				void* _t159;
				signed int _t160;
				intOrPtr* _t163;
				intOrPtr* _t194;
				void* _t197;
				void* _t198;

				_t198 = __eflags;
				_t190 = __edi;
				_push(0x38);
				E0137C1D9(0x13943b4, __ebx, __edi, __esi);
				_t163 =  *((intOrPtr*)(_t197 + 8));
				 *(_t197 - 0x18) = 0;
				if(E01328827(_t163, __edx, __edi, 0, _t198, _t163) != 0) {
					if( *(_t163 + 4) == 0) {
						L5:
						_t104 =  *_t163;
						 *((intOrPtr*)(_t197 - 0x1c)) = 0;
						 *((intOrPtr*)(_t197 - 0x14)) = 0;
						 *(_t197 - 0x30) = 0;
						__eflags =  *((intOrPtr*)( *_t104 + 0x14))(_t104, 1, _t197 - 0x1c);
						if(__eflags >= 0) {
							L7:
							_t106 =  *((intOrPtr*)(_t197 - 0x1c));
							_t188 = _t197 - 0x30;
							 *((intOrPtr*)( *_t106 + 0x1c))(_t106, _t197 - 0x30);
							_push(_t197 - 0x38);
							E01328E69(_t163, _t197 - 0x30, _t190, 0, __eflags);
							 *((intOrPtr*)(_t197 - 4)) = 0;
							 *((intOrPtr*)(_t197 - 0x2c)) = 0;
							__eflags =  *(_t197 - 0x30);
							if( *(_t197 - 0x30) > 0) {
								do {
									_t116 =  *((intOrPtr*)(_t197 - 0x1c));
									_t188 = _t197 - 0x14;
									__eflags =  *((intOrPtr*)( *_t116 + 0xc))(_t116, 1, _t197 - 0x14, 0);
									if(__eflags != 0) {
										goto L23;
									} else {
										_t121 =  *((intOrPtr*)(_t197 - 0x14));
										_t188 = _t197 - 0x24;
										 *((intOrPtr*)(_t197 - 0x24)) = 0;
										 *((intOrPtr*)( *_t121 + 0x40))(_t121, _t197 - 0x24);
										_push(_t197 - 0x3c);
										_t124 = L01328F41(_t163,  *((intOrPtr*)(_t197 - 0x24)), 0, __eflags);
										 *((char*)(_t197 - 4)) = 1;
										 *(_t197 - 0x18) =  *(_t197 - 0x18) | 0x00000001;
										_t125 = E01328FA3(_t124, L"S-1-5-18");
										__eflags = _t125;
										if(_t125 != 0) {
											L11:
											 *((char*)(_t197 - 0xd)) = 1;
										} else {
											_t154 = E0137877B( *((intOrPtr*)(_t197 - 0x38)), L"S-1-5-18");
											__eflags = _t154;
											 *((char*)(_t197 - 0xd)) = 0;
											__eflags = _t154 & 0xffffff00 | _t154 == 0x00000000;
											if((_t154 & 0xffffff00 | _t154 == 0x00000000) != 0) {
												goto L11;
											}
										}
										 *((intOrPtr*)(_t197 - 4)) = 0;
										__eflags =  *(_t197 - 0x18) & 0x00000001;
										if(( *(_t197 - 0x18) & 0x00000001) != 0) {
											 *(_t197 - 0x18) =  *(_t197 - 0x18) & 0xfffffffe;
											__eflags =  *((intOrPtr*)(_t197 - 0x3c)) + 0xfffffff0;
											E0131EAF8( *((intOrPtr*)(_t197 - 0x3c)) + 0xfffffff0, _t188);
										}
										__eflags =  *((char*)(_t197 - 0xd));
										if(__eflags == 0) {
											L22:
											__imp__CoTaskMemFree( *((intOrPtr*)(_t197 - 0x24)));
											goto L23;
										} else {
											_t126 =  *((intOrPtr*)(_t197 - 0x14));
											_t188 = _t197 - 0x20;
											 *((intOrPtr*)(_t197 - 0x20)) = 0;
											 *((intOrPtr*)( *_t126 + 0x48))(_t126, _t197 - 0x20);
											_push(_t197 - 0x40);
											_t129 = L01328F41(_t163,  *((intOrPtr*)(_t197 - 0x20)), 0, __eflags);
											 *((char*)(_t197 - 4)) = 2;
											_t130 = E01328FA3(_t129,  *((intOrPtr*)(_t197 + 0xc)));
											 *((char*)(_t197 - 4)) = 0;
											asm("sbb bl, bl");
											E0131EAF8( *((intOrPtr*)(_t197 - 0x40)) + 0xfffffff0, _t197 - 0x20);
											__eflags =  ~_t130 + 1;
											if( ~_t130 + 1 == 0) {
												L21:
												__imp__CoTaskMemFree( *((intOrPtr*)(_t197 - 0x20)));
												_t163 =  *((intOrPtr*)(_t197 + 8));
												goto L22;
											} else {
												_t134 =  *((intOrPtr*)(_t197 - 0x14));
												_t188 = _t197 - 0x34;
												 *((intOrPtr*)(_t197 - 0x34)) = 0;
												 *((intOrPtr*)( *_t134 + 0x38))(_t134, _t197 - 0x34);
												__eflags =  *((intOrPtr*)(_t197 - 0x34)) - 3;
												if( *((intOrPtr*)(_t197 - 0x34)) != 3) {
													L25:
													_t136 =  *((intOrPtr*)(_t197 + 8));
													 *((intOrPtr*)(_t136 + 4)) =  *((intOrPtr*)(_t197 - 0x14));
													__eflags = _t136 + 8;
													E01326209(_t136 + 8,  *((intOrPtr*)(_t197 + 0xc)));
													_t194 = __imp__CoTaskMemFree;
													 *_t194( *((intOrPtr*)(_t197 - 0x20)));
													 *_t194( *((intOrPtr*)(_t197 - 0x24)));
													_t163 =  *((intOrPtr*)(_t197 + 8));
												} else {
													_t141 =  *((intOrPtr*)(_t197 - 0x14));
													_t188 = _t197 - 0x28;
													 *((intOrPtr*)(_t197 - 0x28)) = 0;
													_t142 =  *((intOrPtr*)( *_t141 + 0x14))(_t141, _t197 - 0x28);
													__eflags = _t142;
													if(_t142 < 0) {
														goto L21;
													} else {
														_t143 =  *((intOrPtr*)(_t197 - 0x28));
														_t188 = _t197 - 0x44;
														 *((intOrPtr*)( *_t143 + 0x1c))(_t143, _t197 - 0x44);
														_t145 =  *((intOrPtr*)(_t197 - 0x28));
														 *((intOrPtr*)( *_t145 + 8))(_t145);
														__eflags =  *(_t197 - 0x44);
														if( *(_t197 - 0x44) == 0) {
															L20:
															_t147 =  *((intOrPtr*)(_t197 - 0x14));
															 *((intOrPtr*)( *_t147 + 0x20))(_t147);
															goto L21;
														} else {
															_t149 =  *((intOrPtr*)(_t197 - 0x14));
															_t150 =  *((intOrPtr*)( *_t149 + 0x1c))(_t149);
															__eflags = _t150;
															if(_t150 >= 0) {
																goto L25;
															} else {
																goto L20;
															}
														}
													}
												}
											}
										}
									}
									goto L26;
									L23:
									_t118 =  *((intOrPtr*)(_t197 - 0x14));
									 *((intOrPtr*)( *_t118 + 8))(_t118);
									 *((intOrPtr*)(_t197 - 0x2c)) =  *((intOrPtr*)(_t197 - 0x2c)) + 1;
									 *((intOrPtr*)(_t197 - 0x14)) = 0;
									__eflags =  *((intOrPtr*)(_t197 - 0x2c)) -  *(_t197 - 0x30);
								} while ( *((intOrPtr*)(_t197 - 0x2c)) <  *(_t197 - 0x30));
							}
							L26:
							_t110 =  *((intOrPtr*)(_t197 - 0x1c));
							 *((intOrPtr*)( *_t110 + 8))(_t110);
							__eflags =  *((intOrPtr*)(_t197 - 0x38)) + 0xfffffff0;
							E0131EAF8( *((intOrPtr*)(_t197 - 0x38)) + 0xfffffff0, _t188);
						} else {
							_t156 =  *_t163;
							__eflags =  *((intOrPtr*)( *_t156 + 0x14))(_t156, 0, _t197 - 0x1c);
							if(__eflags >= 0) {
								goto L7;
							}
						}
						__eflags =  *(_t163 + 4);
						_t99 =  *(_t163 + 4) != 0;
						__eflags = _t99;
						_t102 = 0 | _t99;
					} else {
						_t159 = E01328FA3(_t163 + 8,  *((intOrPtr*)(_t197 + 0xc)));
						if(_t159 != 0) {
							_t160 =  *(_t163 + 4);
							 *((intOrPtr*)( *_t160 + 8))(_t160);
							 *(_t163 + 4) = 0;
							goto L5;
						} else {
							_t102 = _t159 + 1;
						}
					}
				}
				return E0137C2B1(_t102);
			}































                                                                                                                                                                                                                                0x0132892e
                                                                                                                                                                                                                                0x0132892e
                                                                                                                                                                                                                                0x0132892e
                                                                                                                                                                                                                                0x01328935
                                                                                                                                                                                                                                0x0132893a
                                                                                                                                                                                                                                0x01328940
                                                                                                                                                                                                                                0x0132894a
                                                                                                                                                                                                                                0x01328953
                                                                                                                                                                                                                                0x01328977
                                                                                                                                                                                                                                0x01328977
                                                                                                                                                                                                                                0x0132897f
                                                                                                                                                                                                                                0x01328982
                                                                                                                                                                                                                                0x01328985
                                                                                                                                                                                                                                0x0132898e
                                                                                                                                                                                                                                0x01328990
                                                                                                                                                                                                                                0x013289a7
                                                                                                                                                                                                                                0x013289a7
                                                                                                                                                                                                                                0x013289ac
                                                                                                                                                                                                                                0x013289b1
                                                                                                                                                                                                                                0x013289b7
                                                                                                                                                                                                                                0x013289b8
                                                                                                                                                                                                                                0x013289be
                                                                                                                                                                                                                                0x013289c1
                                                                                                                                                                                                                                0x013289c4
                                                                                                                                                                                                                                0x013289c7
                                                                                                                                                                                                                                0x013289cd
                                                                                                                                                                                                                                0x013289cd
                                                                                                                                                                                                                                0x013289d3
                                                                                                                                                                                                                                0x013289dd
                                                                                                                                                                                                                                0x013289df
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013289e5
                                                                                                                                                                                                                                0x013289e5
                                                                                                                                                                                                                                0x013289e8
                                                                                                                                                                                                                                0x013289ec
                                                                                                                                                                                                                                0x013289f2
                                                                                                                                                                                                                                0x013289fb
                                                                                                                                                                                                                                0x013289fc
                                                                                                                                                                                                                                0x01328a07
                                                                                                                                                                                                                                0x01328a0b
                                                                                                                                                                                                                                0x01328a10
                                                                                                                                                                                                                                0x01328a15
                                                                                                                                                                                                                                0x01328a17
                                                                                                                                                                                                                                0x01328a31
                                                                                                                                                                                                                                0x01328a31
                                                                                                                                                                                                                                0x01328a19
                                                                                                                                                                                                                                0x01328a1d
                                                                                                                                                                                                                                0x01328a22
                                                                                                                                                                                                                                0x01328a29
                                                                                                                                                                                                                                0x01328a2d
                                                                                                                                                                                                                                0x01328a2f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01328a2f
                                                                                                                                                                                                                                0x01328a35
                                                                                                                                                                                                                                0x01328a38
                                                                                                                                                                                                                                0x01328a3c
                                                                                                                                                                                                                                0x01328a41
                                                                                                                                                                                                                                0x01328a45
                                                                                                                                                                                                                                0x01328a48
                                                                                                                                                                                                                                0x01328a48
                                                                                                                                                                                                                                0x01328a4d
                                                                                                                                                                                                                                0x01328a51
                                                                                                                                                                                                                                0x01328b00
                                                                                                                                                                                                                                0x01328b03
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01328a57
                                                                                                                                                                                                                                0x01328a57
                                                                                                                                                                                                                                0x01328a5a
                                                                                                                                                                                                                                0x01328a5e
                                                                                                                                                                                                                                0x01328a64
                                                                                                                                                                                                                                0x01328a6d
                                                                                                                                                                                                                                0x01328a6e
                                                                                                                                                                                                                                0x01328a76
                                                                                                                                                                                                                                0x01328a7b
                                                                                                                                                                                                                                0x01328a82
                                                                                                                                                                                                                                0x01328a8b
                                                                                                                                                                                                                                0x01328a90
                                                                                                                                                                                                                                0x01328a95
                                                                                                                                                                                                                                0x01328a97
                                                                                                                                                                                                                                0x01328af4
                                                                                                                                                                                                                                0x01328af7
                                                                                                                                                                                                                                0x01328afd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01328a99
                                                                                                                                                                                                                                0x01328a99
                                                                                                                                                                                                                                0x01328a9c
                                                                                                                                                                                                                                0x01328aa0
                                                                                                                                                                                                                                0x01328aa6
                                                                                                                                                                                                                                0x01328aa9
                                                                                                                                                                                                                                0x01328aad
                                                                                                                                                                                                                                0x01328b26
                                                                                                                                                                                                                                0x01328b29
                                                                                                                                                                                                                                0x01328b2f
                                                                                                                                                                                                                                0x01328b32
                                                                                                                                                                                                                                0x01328b36
                                                                                                                                                                                                                                0x01328b3e
                                                                                                                                                                                                                                0x01328b44
                                                                                                                                                                                                                                0x01328b49
                                                                                                                                                                                                                                0x01328b4b
                                                                                                                                                                                                                                0x01328aaf
                                                                                                                                                                                                                                0x01328aaf
                                                                                                                                                                                                                                0x01328ab2
                                                                                                                                                                                                                                0x01328ab6
                                                                                                                                                                                                                                0x01328abc
                                                                                                                                                                                                                                0x01328abf
                                                                                                                                                                                                                                0x01328ac1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01328ac3
                                                                                                                                                                                                                                0x01328ac3
                                                                                                                                                                                                                                0x01328ac8
                                                                                                                                                                                                                                0x01328acd
                                                                                                                                                                                                                                0x01328ad0
                                                                                                                                                                                                                                0x01328ad6
                                                                                                                                                                                                                                0x01328ad9
                                                                                                                                                                                                                                0x01328adc
                                                                                                                                                                                                                                0x01328aeb
                                                                                                                                                                                                                                0x01328aeb
                                                                                                                                                                                                                                0x01328af1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01328ade
                                                                                                                                                                                                                                0x01328ade
                                                                                                                                                                                                                                0x01328ae4
                                                                                                                                                                                                                                0x01328ae7
                                                                                                                                                                                                                                0x01328ae9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01328ae9
                                                                                                                                                                                                                                0x01328adc
                                                                                                                                                                                                                                0x01328ac1
                                                                                                                                                                                                                                0x01328aad
                                                                                                                                                                                                                                0x01328a97
                                                                                                                                                                                                                                0x01328a51
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01328b09
                                                                                                                                                                                                                                0x01328b09
                                                                                                                                                                                                                                0x01328b0f
                                                                                                                                                                                                                                0x01328b12
                                                                                                                                                                                                                                0x01328b18
                                                                                                                                                                                                                                0x01328b1b
                                                                                                                                                                                                                                0x01328b1b
                                                                                                                                                                                                                                0x01328b24
                                                                                                                                                                                                                                0x01328b4e
                                                                                                                                                                                                                                0x01328b4e
                                                                                                                                                                                                                                0x01328b54
                                                                                                                                                                                                                                0x01328b5a
                                                                                                                                                                                                                                0x01328b5d
                                                                                                                                                                                                                                0x01328992
                                                                                                                                                                                                                                0x01328992
                                                                                                                                                                                                                                0x0132899f
                                                                                                                                                                                                                                0x013289a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013289a1
                                                                                                                                                                                                                                0x01328b64
                                                                                                                                                                                                                                0x01328b67
                                                                                                                                                                                                                                0x01328b67
                                                                                                                                                                                                                                0x01328b67
                                                                                                                                                                                                                                0x01328955
                                                                                                                                                                                                                                0x0132895c
                                                                                                                                                                                                                                0x01328963
                                                                                                                                                                                                                                0x0132896b
                                                                                                                                                                                                                                0x01328971
                                                                                                                                                                                                                                0x01328974
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01328965
                                                                                                                                                                                                                                0x01328965
                                                                                                                                                                                                                                0x01328965
                                                                                                                                                                                                                                0x01328963
                                                                                                                                                                                                                                0x01328953
                                                                                                                                                                                                                                0x01328b6f

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 01328935
                                                                                                                                                                                                                                  • Part of subcall function 01328827: __EH_prolog3.LIBCMT ref: 0132882E
                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?,00000000,?,?,?,?,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328AF7
                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?,00000000,S-1-5-18,?,?,?,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 01328B03
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeH_prolog3Task
                                                                                                                                                                                                                                • String ID: S-1-5-18
                                                                                                                                                                                                                                • API String ID: 4001087172-4289277601
                                                                                                                                                                                                                                • Opcode ID: 9568aa10843868ea25914ef12bc361f3bfbd07f5c40dbeb123d3ae3646bd7103
                                                                                                                                                                                                                                • Instruction ID: de69c25533b96e8624f5923ee90e4c49eadd3cf8e375f12d025e40e9d5ac0dc1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9568aa10843868ea25914ef12bc361f3bfbd07f5c40dbeb123d3ae3646bd7103
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03813F70D0022AEFCF00EFA8C98899EBBB9FF49718F148489F905EB255D7359941CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01333172, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                                                                			E01333172(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char* _t67;
				void* _t68;
				void* _t70;
				void* _t72;
				intOrPtr _t74;
				intOrPtr* _t78;
				intOrPtr* _t82;
				intOrPtr* _t86;
				void* _t120;
				intOrPtr _t122;
				void* _t123;
				void* _t124;
				signed char _t126;
				void* _t133;
				intOrPtr _t134;
				intOrPtr _t139;

				_push(0x80);
				E0137C242(0x1395304, __ebx, __edi, __esi);
				 *(_t133 - 0x84) = 0;
				 *(_t133 - 4) = 0;
				_t139 =  *0x13c2a33; // 0x0
				if(_t139 != 0) {
					 *((intOrPtr*)(_t133 - 0x88)) = _t134;
					E01319638(_t134, "StringHexToRGB()...");
					E0134BA76(0, 0x13c2b18, _t120, __edi, __esi, _t139);
				}
				_t67 =  *((intOrPtr*)(_t133 + 8));
				if( *((intOrPtr*)(_t133 + 0x1c)) < 0x10) {
					_t67 = _t133 + 8;
				}
				_t122 = 0xf;
				_push(0xffffffff);
				_t68 = _t133 + 8;
				if( *_t67 != 0x23) {
					_push(0);
					_push(_t68);
					 *((intOrPtr*)(_t133 - 0x50)) = _t122;
					 *((intOrPtr*)(_t133 - 0x54)) = 0;
					 *((char*)(_t133 - 0x64)) = 0;
					E01311716(_t133 - 0x64);
					_t126 = 2;
					 *(_t133 - 4) = _t126;
					_t70 = _t133 - 0x64;
					 *(_t133 - 0x84) = _t126;
				} else {
					_push(1);
					_push(_t68);
					_t70 = E01325CE4(0x13c2b18, _t133 - 0x48);
					 *(_t133 - 4) = 1;
					 *(_t133 - 0x84) = 1;
					_t126 = 2;
				}
				 *((intOrPtr*)(_t133 - 0x18)) = _t122;
				 *((intOrPtr*)(_t133 - 0x1c)) = 0;
				 *((char*)(_t133 - 0x2c)) = 0;
				E0131A79E(_t133 - 0x2c, _t70);
				 *(_t133 - 4) = 3;
				if(( *(_t133 - 0x84) & 0x00000002) != 0) {
					 *(_t133 - 0x84) =  *(_t133 - 0x84) & 0xfffffffd;
					E01311524(_t133 - 0x64, 1, 0);
				}
				if(( *(_t133 - 0x84) & 0x00000001) != 0) {
					E01311524(_t133 - 0x48, 1, 0);
				}
				 *((intOrPtr*)(_t133 - 0x6c)) = _t122;
				 *((intOrPtr*)(_t133 - 0x70)) = 0;
				 *((char*)(_t133 - 0x80)) = 0;
				 *(_t133 - 4) = 6;
				_t123 = 0;
				do {
					if(_t123 >=  *((intOrPtr*)(_t133 - 0x1c))) {
						_t72 = E01375190("0");
						_t108 = _t133 - 0x80;
						E01327116(_t133 - 0x80, __eflags, "0", _t72);
					} else {
						_t74 =  *((intOrPtr*)(_t133 - 0x2c));
						if( *((intOrPtr*)(_t133 - 0x18)) < 0x10) {
							_t74 = _t133 - 0x2c;
						}
						_t108 = _t133 - 0x80;
						E0131C4B4(_t133 - 0x80, 1,  *(_t74 + _t123) & 0x000000ff);
					}
					_t123 = _t123 + 1;
				} while (_t123 < 6);
				_t78 = E01325CE4(_t108, _t133 - 0x48, _t133 - 0x2c, 0, _t126);
				_t124 = 0x10;
				if( *((intOrPtr*)(_t78 + 0x14)) >= _t124) {
					_t78 =  *_t78;
				}
				 *((intOrPtr*)(_t133 - 0x88)) = E01378E42(_t78, 0, _t124);
				E01311524(_t133 - 0x48, 1, 0);
				_t82 = E01325CE4(_t133 - 0x48, _t133 - 0x48, _t133 - 0x2c, 2, 2);
				if( *((intOrPtr*)(_t82 + 0x14)) >= _t124) {
					_t82 =  *_t82;
				}
				 *((intOrPtr*)(_t133 - 0x8c)) = E01378E42(_t82, 0, _t124);
				E01311524(_t133 - 0x48, 1, 0);
				_t86 = E01325CE4(_t133 - 0x48, _t133 - 0x48, _t133 - 0x2c, 4, 2);
				if( *((intOrPtr*)(_t86 + 0x14)) >= _t124) {
					_t86 =  *_t86;
				}
				 *(_t133 - 0x84) = E01378E42(_t86, 0, _t124);
				E01311524(_t133 - 0x48, 1, 0);
				E01311524(_t133 - 0x80, 1, 0);
				E01311524(_t133 - 0x2c, 1, 0);
				E01311524(_t133 + 8, 1, 0);
				return E0137C2C5(0, _t124, 1);
			}



















                                                                                                                                                                                                                                0x01333172
                                                                                                                                                                                                                                0x0133317c
                                                                                                                                                                                                                                0x01333183
                                                                                                                                                                                                                                0x01333189
                                                                                                                                                                                                                                0x0133318c
                                                                                                                                                                                                                                0x01333192
                                                                                                                                                                                                                                0x01333199
                                                                                                                                                                                                                                0x013331a4
                                                                                                                                                                                                                                0x013331ae
                                                                                                                                                                                                                                0x013331ae
                                                                                                                                                                                                                                0x013331b7
                                                                                                                                                                                                                                0x013331ba
                                                                                                                                                                                                                                0x013331bc
                                                                                                                                                                                                                                0x013331bc
                                                                                                                                                                                                                                0x013331c4
                                                                                                                                                                                                                                0x013331c5
                                                                                                                                                                                                                                0x013331c7
                                                                                                                                                                                                                                0x013331ca
                                                                                                                                                                                                                                0x013331ea
                                                                                                                                                                                                                                0x013331eb
                                                                                                                                                                                                                                0x013331ef
                                                                                                                                                                                                                                0x013331f2
                                                                                                                                                                                                                                0x013331f5
                                                                                                                                                                                                                                0x013331f8
                                                                                                                                                                                                                                0x013331ff
                                                                                                                                                                                                                                0x01333200
                                                                                                                                                                                                                                0x01333203
                                                                                                                                                                                                                                0x01333206
                                                                                                                                                                                                                                0x013331cc
                                                                                                                                                                                                                                0x013331cc
                                                                                                                                                                                                                                0x013331ce
                                                                                                                                                                                                                                0x013331d2
                                                                                                                                                                                                                                0x013331d9
                                                                                                                                                                                                                                0x013331dd
                                                                                                                                                                                                                                0x013331e7
                                                                                                                                                                                                                                0x013331e7
                                                                                                                                                                                                                                0x01333210
                                                                                                                                                                                                                                0x01333213
                                                                                                                                                                                                                                0x01333216
                                                                                                                                                                                                                                0x01333219
                                                                                                                                                                                                                                0x0133321e
                                                                                                                                                                                                                                0x0133322c
                                                                                                                                                                                                                                0x0133322e
                                                                                                                                                                                                                                0x0133323b
                                                                                                                                                                                                                                0x0133323b
                                                                                                                                                                                                                                0x01333247
                                                                                                                                                                                                                                0x0133324f
                                                                                                                                                                                                                                0x0133324f
                                                                                                                                                                                                                                0x01333254
                                                                                                                                                                                                                                0x01333257
                                                                                                                                                                                                                                0x0133325a
                                                                                                                                                                                                                                0x0133325d
                                                                                                                                                                                                                                0x01333261
                                                                                                                                                                                                                                0x01333263
                                                                                                                                                                                                                                0x01333266
                                                                                                                                                                                                                                0x0133328a
                                                                                                                                                                                                                                0x01333296
                                                                                                                                                                                                                                0x01333299
                                                                                                                                                                                                                                0x01333268
                                                                                                                                                                                                                                0x0133326c
                                                                                                                                                                                                                                0x0133326f
                                                                                                                                                                                                                                0x01333271
                                                                                                                                                                                                                                0x01333271
                                                                                                                                                                                                                                0x0133327b
                                                                                                                                                                                                                                0x0133327e
                                                                                                                                                                                                                                0x0133327e
                                                                                                                                                                                                                                0x0133329e
                                                                                                                                                                                                                                0x0133329f
                                                                                                                                                                                                                                0x013332ad
                                                                                                                                                                                                                                0x013332b4
                                                                                                                                                                                                                                0x013332b8
                                                                                                                                                                                                                                0x013332ba
                                                                                                                                                                                                                                0x013332ba
                                                                                                                                                                                                                                0x013332cd
                                                                                                                                                                                                                                0x013332d3
                                                                                                                                                                                                                                0x013332e3
                                                                                                                                                                                                                                0x013332eb
                                                                                                                                                                                                                                0x013332ed
                                                                                                                                                                                                                                0x013332ed
                                                                                                                                                                                                                                0x01333300
                                                                                                                                                                                                                                0x01333306
                                                                                                                                                                                                                                0x01333316
                                                                                                                                                                                                                                0x0133331e
                                                                                                                                                                                                                                0x01333320
                                                                                                                                                                                                                                0x01333320
                                                                                                                                                                                                                                0x01333335
                                                                                                                                                                                                                                0x0133333b
                                                                                                                                                                                                                                0x01333345
                                                                                                                                                                                                                                0x0133334f
                                                                                                                                                                                                                                0x01333359
                                                                                                                                                                                                                                0x01333382

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0133317C
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 0133328A
                                                                                                                                                                                                                                • __wcstoui64.LIBCMT ref: 013332BF
                                                                                                                                                                                                                                • __wcstoui64.LIBCMT ref: 013332F2
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                  • Part of subcall function 01311716: std::_Xinvalid_argument.LIBCPMT ref: 01311730
                                                                                                                                                                                                                                • __wcstoui64.LIBCMT ref: 01333325
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __wcstoui64$H_prolog3__strlen$CurrentLocalProcessTimeXinvalid_argument_memsetstd::_swprintf
                                                                                                                                                                                                                                • String ID: StringHexToRGB()...
                                                                                                                                                                                                                                • API String ID: 1186222580-3392537412
                                                                                                                                                                                                                                • Opcode ID: cbc5010c19b7e453748816d0a190edae4b2eb81b111232df0919afc0f9a2fd6b
                                                                                                                                                                                                                                • Instruction ID: 266f24e1c980483917e4a12bf04402518d83f2a3c03856c349482d491018fd2b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cbc5010c19b7e453748816d0a190edae4b2eb81b111232df0919afc0f9a2fd6b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33518371C00259AEDB25EBA8CC85FDEBFB8FF54308F04805AE545A7181DB745B89CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135D119, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 162networkCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 65%
                                                                                                                                                                                                                                			E0135D119(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				short* _t61;
				intOrPtr* _t65;
				char* _t68;
				signed int _t69;
				void* _t77;
				signed int _t122;
				void* _t131;
				void* _t132;
				intOrPtr _t133;
				void* _t134;
				intOrPtr _t135;
				void* _t136;
				short _t140;

				_t98 = __ecx;
				_push(0x8c);
				E0137C242(0x1393c57, __ebx, __edi, __esi);
				_t95 =  *((intOrPtr*)(_t131 + 8));
				_t129 = __ecx;
				_t125 = __edx;
				 *((intOrPtr*)(_t131 - 0x8c)) = 0;
				 *((intOrPtr*)(_t131 - 0x88)) = __ecx;
				 *((intOrPtr*)(_t131 - 0x94)) = __edx;
				 *((intOrPtr*)(_t131 - 0x90)) = _t95;
				if( *((intOrPtr*)(_t95 + 0x10)) == 0) {
					L19:
					E01319638(_t98, "ERROR");
				} else {
					_t139 =  *((intOrPtr*)(__edx + 0x10)) - 0x100;
					if( *((intOrPtr*)(__edx + 0x10)) >= 0x100) {
						goto L19;
					} else {
						_push(2);
						 *((intOrPtr*)(_t131 - 0x8c)) = 0;
						_t61 = E013638C3(__edx, __ecx, _t139);
						_t140 = 0;
						 *((intOrPtr*)(_t131 - 0x84)) = _t61;
						 *_t61 = 0;
						_t129 = 0xfde9;
						while(1) {
							_push(_t131 - 0x8c);
							_push( *((intOrPtr*)(_t131 - 0x84)));
							_push(0xffffffff);
							_push(_t129);
							_push(_t129);
							_t133 = _t132 - 0x1c;
							 *((intOrPtr*)(_t131 - 0x98)) = _t133;
							E013116F0(_t133, _t95);
							_push(_t131 - 0x64);
							_t65 = E0135BED6(_t95, _t125, _t129, _t140);
							_t134 = _t133 + 0x2c;
							 *(_t131 - 4) =  *(_t131 - 4) & 0x00000000;
							_t141 =  *((intOrPtr*)(_t65 + 0x14)) - 8;
							if( *((intOrPtr*)(_t65 + 0x14)) >= 8) {
								_t65 =  *_t65;
							}
							_push(_t65);
							_push(0xffffffff);
							_push(_t129);
							_push(_t129);
							_t135 = _t134 - 0x1c;
							 *((intOrPtr*)(_t131 - 0x98)) = _t135;
							E013116F0(_t135, _t125);
							_push(_t131 - 0x80);
							_t68 = E0135BED6(_t95, _t125, _t129, _t141);
							_t136 = _t135 + 0x2c;
							if(_t68[0x14] >= 8) {
								_t68 =  *_t68;
							}
							_t69 = InternetGetCookieW(_t68, ??, ??, ??);
							asm("sbb bl, bl");
							E0131AA87(_t131 - 0x80, 1, 0);
							 *(_t131 - 4) =  *(_t131 - 4) | 0xffffffff;
							E0131AA87(_t131 - 0x64, 1, 0);
							_t95 =  ~_t69 + 1;
							if( ~_t69 + 1 == 0) {
								break;
							}
							_t125 = GetLastError;
							GetLastError();
							if(GetLastError() != 0x7a) {
								__eflags =  *((intOrPtr*)(_t131 - 0x84));
								if( *((intOrPtr*)(_t131 - 0x84)) != 0) {
									_push( *((intOrPtr*)(_t131 - 0x84)));
									E0137534A();
								}
								E01319638( *((intOrPtr*)(_t131 - 0x88)), "ERROR");
							} else {
								_t140 =  *((intOrPtr*)(_t131 - 0x84));
								if(_t140 != 0) {
									_push( *((intOrPtr*)(_t131 - 0x84)));
									E0137534A();
								}
								_t122 = 2;
								_push( ~(0 | _t140 > 0x00000000) | ( *((intOrPtr*)(_t131 - 0x8c)) + 0x00000001) * _t122);
								 *((intOrPtr*)(_t131 - 0x84)) = E013638C3(_t125, _t129, _t140);
								E01311AE4(_t91, 0,  *((intOrPtr*)(_t131 - 0x8c)) + 1);
								_t125 =  *((intOrPtr*)(_t131 - 0x94));
								_t95 =  *((intOrPtr*)(_t131 - 0x90));
								_t132 = _t136 + 0x10;
								continue;
							}
							L15:
							goto L20;
						}
						E01319B30(_t131 - 0x2c,  *((intOrPtr*)(_t131 - 0x84)));
						 *(_t131 - 4) = 1;
						_t125 = _t131 - 0x2c;
						_t77 = E01319C49(_t131 - 0x2c, _t131 - 0x48, _t131 - 0x2c, E0132618B(0, _t131 - 0x2c, _t131 - 0x2c, __eflags, "=") + 1,  *((intOrPtr*)(_t131 - 0x1c)));
						 *(_t131 - 4) = 2;
						E0131A941(_t131 - 0x2c, _t77);
						_t129 = 0;
						 *(_t131 - 4) = 1;
						E0131AA87(_t131 - 0x48, 1, 0);
						__eflags =  *((intOrPtr*)(_t131 - 0x84));
						if(__eflags != 0) {
							_push( *((intOrPtr*)(_t131 - 0x84)));
							E0137534A();
						}
						_push( *((intOrPtr*)(_t131 - 0x88)));
						E0135BE26(_t95, _t131 - 0x2c, _t125, _t129, __eflags);
						E0131AA87(_t131 - 0x2c, 1, _t129);
						goto L15;
					}
				}
				L20:
				return E0137C2C5(_t95, _t125, _t129);
			}
















                                                                                                                                                                                                                                0x0135d119
                                                                                                                                                                                                                                0x0135d119
                                                                                                                                                                                                                                0x0135d123
                                                                                                                                                                                                                                0x0135d128
                                                                                                                                                                                                                                0x0135d12d
                                                                                                                                                                                                                                0x0135d12f
                                                                                                                                                                                                                                0x0135d131
                                                                                                                                                                                                                                0x0135d137
                                                                                                                                                                                                                                0x0135d13d
                                                                                                                                                                                                                                0x0135d143
                                                                                                                                                                                                                                0x0135d14c
                                                                                                                                                                                                                                0x0135d32c
                                                                                                                                                                                                                                0x0135d331
                                                                                                                                                                                                                                0x0135d152
                                                                                                                                                                                                                                0x0135d152
                                                                                                                                                                                                                                0x0135d159
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135d15f
                                                                                                                                                                                                                                0x0135d15f
                                                                                                                                                                                                                                0x0135d161
                                                                                                                                                                                                                                0x0135d167
                                                                                                                                                                                                                                0x0135d16d
                                                                                                                                                                                                                                0x0135d16f
                                                                                                                                                                                                                                0x0135d175
                                                                                                                                                                                                                                0x0135d178
                                                                                                                                                                                                                                0x0135d17d
                                                                                                                                                                                                                                0x0135d183
                                                                                                                                                                                                                                0x0135d184
                                                                                                                                                                                                                                0x0135d18a
                                                                                                                                                                                                                                0x0135d18c
                                                                                                                                                                                                                                0x0135d18d
                                                                                                                                                                                                                                0x0135d18e
                                                                                                                                                                                                                                0x0135d193
                                                                                                                                                                                                                                0x0135d19a
                                                                                                                                                                                                                                0x0135d1a2
                                                                                                                                                                                                                                0x0135d1a3
                                                                                                                                                                                                                                0x0135d1a8
                                                                                                                                                                                                                                0x0135d1ab
                                                                                                                                                                                                                                0x0135d1af
                                                                                                                                                                                                                                0x0135d1b3
                                                                                                                                                                                                                                0x0135d1b5
                                                                                                                                                                                                                                0x0135d1b5
                                                                                                                                                                                                                                0x0135d1b7
                                                                                                                                                                                                                                0x0135d1b8
                                                                                                                                                                                                                                0x0135d1ba
                                                                                                                                                                                                                                0x0135d1bb
                                                                                                                                                                                                                                0x0135d1bc
                                                                                                                                                                                                                                0x0135d1c1
                                                                                                                                                                                                                                0x0135d1c8
                                                                                                                                                                                                                                0x0135d1d0
                                                                                                                                                                                                                                0x0135d1d1
                                                                                                                                                                                                                                0x0135d1d6
                                                                                                                                                                                                                                0x0135d1dd
                                                                                                                                                                                                                                0x0135d1df
                                                                                                                                                                                                                                0x0135d1df
                                                                                                                                                                                                                                0x0135d1e2
                                                                                                                                                                                                                                0x0135d1ec
                                                                                                                                                                                                                                0x0135d1f7
                                                                                                                                                                                                                                0x0135d1fc
                                                                                                                                                                                                                                0x0135d206
                                                                                                                                                                                                                                0x0135d20b
                                                                                                                                                                                                                                0x0135d20d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135d213
                                                                                                                                                                                                                                0x0135d219
                                                                                                                                                                                                                                0x0135d220
                                                                                                                                                                                                                                0x0135d27c
                                                                                                                                                                                                                                0x0135d283
                                                                                                                                                                                                                                0x0135d285
                                                                                                                                                                                                                                0x0135d28b
                                                                                                                                                                                                                                0x0135d290
                                                                                                                                                                                                                                0x0135d29c
                                                                                                                                                                                                                                0x0135d222
                                                                                                                                                                                                                                0x0135d222
                                                                                                                                                                                                                                0x0135d229
                                                                                                                                                                                                                                0x0135d22b
                                                                                                                                                                                                                                0x0135d231
                                                                                                                                                                                                                                0x0135d236
                                                                                                                                                                                                                                0x0135d242
                                                                                                                                                                                                                                0x0135d24c
                                                                                                                                                                                                                                0x0135d25d
                                                                                                                                                                                                                                0x0135d263
                                                                                                                                                                                                                                0x0135d268
                                                                                                                                                                                                                                0x0135d26e
                                                                                                                                                                                                                                0x0135d274
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135d274
                                                                                                                                                                                                                                0x0135d2a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135d2a1
                                                                                                                                                                                                                                0x0135d2b5
                                                                                                                                                                                                                                0x0135d2ba
                                                                                                                                                                                                                                0x0135d2c7
                                                                                                                                                                                                                                0x0135d2d7
                                                                                                                                                                                                                                0x0135d2df
                                                                                                                                                                                                                                0x0135d2e3
                                                                                                                                                                                                                                0x0135d2e8
                                                                                                                                                                                                                                0x0135d2f0
                                                                                                                                                                                                                                0x0135d2f4
                                                                                                                                                                                                                                0x0135d2f9
                                                                                                                                                                                                                                0x0135d2ff
                                                                                                                                                                                                                                0x0135d301
                                                                                                                                                                                                                                0x0135d307
                                                                                                                                                                                                                                0x0135d30c
                                                                                                                                                                                                                                0x0135d30d
                                                                                                                                                                                                                                0x0135d316
                                                                                                                                                                                                                                0x0135d322
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135d322
                                                                                                                                                                                                                                0x0135d159
                                                                                                                                                                                                                                0x0135d338
                                                                                                                                                                                                                                0x0135d33d

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 0135D123
                                                                                                                                                                                                                                  • Part of subcall function 0135BED6: __EH_prolog3_GS.LIBCMT ref: 0135BEDD
                                                                                                                                                                                                                                  • Part of subcall function 0135BED6: MultiByteToWideChar.KERNEL32(0135D1A8,00000000,?,00000000,00000000,00000000,00000028,0135D1A8,?), ref: 0135BF0C
                                                                                                                                                                                                                                • InternetGetCookieW.WININET(00000000), ref: 0135D1E2
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000001,00000000,00000001,00000000), ref: 0135D219
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0135D21B
                                                                                                                                                                                                                                • _wmemset.LIBCMT ref: 0135D263
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0132618B: _wcslen.LIBCMT ref: 01326196
                                                                                                                                                                                                                                  • Part of subcall function 0131A941: _memmove.LIBCMT ref: 0131A968
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorH_prolog3_Last_memmove_wcslen$ByteCharCookieInternetMultiWide_wmemset
                                                                                                                                                                                                                                • String ID: ERROR
                                                                                                                                                                                                                                • API String ID: 4186435405-2861137601
                                                                                                                                                                                                                                • Opcode ID: 045ad2fbcd9685df2bbbf19ddd6818e0c6bbe529d591bb9359f89566f056ebd8
                                                                                                                                                                                                                                • Instruction ID: efae64c320a17e70c10748868f07ca636befc00dfcfdf6feb28ff20d237477b1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 045ad2fbcd9685df2bbbf19ddd6818e0c6bbe529d591bb9359f89566f056ebd8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F851AB71D0121A9FEF28EBA8CC45FEDBBB4FF14718F108199E549E7290DA705A84CB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01312184, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 133stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                			E01312184(signed int __edx, struct HINSTANCE__* _a4, signed short _a8, struct HINSTANCE__* _a12, struct HINSTANCE__* _a16) {
				signed int _v8;
				short _v528;
				char _v1574;
				short _v1576;
				char _v2616;
				WCHAR* _v2624;
				WCHAR* _v2628;
				WCHAR* _v2632;
				char _v2636;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t36;
				struct HINSTANCE__* _t38;
				long _t42;
				long _t45;
				short _t48;
				struct HINSTANCE__* _t51;
				void* _t54;
				char* _t55;
				WCHAR* _t61;
				long _t62;
				int _t66;
				short _t76;
				char* _t78;
				struct HINSTANCE__* _t82;
				struct HINSTANCE__* _t83;
				signed int _t85;

				_t81 = __edx;
				_t36 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t36 ^ _t85;
				_t38 = _a16;
				_t82 = _a4;
				_t83 = _t38;
				_v2636 = 0x13a1478;
				_v2632 = 0;
				_v2628 = 0;
				_v2624 = 0;
				if(_t38 != 0) {
					_t66 = _t38->i;
					while(_t66 != 0) {
						_push( *((intOrPtr*)(_t83 + 4)));
						_push(_t66);
						_push( &_v2636);
						E013128B3(__eflags);
						_t83 = _t83 + 8;
						__eflags = _t83;
						_t66 = _t83->i;
					}
				}
				_t84 =  *((intOrPtr*)(_t82->i + 0x14))( &_v2636);
				if(_t84 < 0) {
					L22:
					E01312875( &_v2636, _t82);
					_t42 = _t84;
				} else {
					_t82 =  *0x13c1728; // 0x1310000
					_t84 = 0x104;
					_t45 = GetModuleFileNameW(_t82,  &_v528, 0x104);
					if(_t45 != 0) {
						__eflags = _t45 - 0x104;
						if(_t45 != 0x104) {
							_t81 =  &_v528;
							E01311F21(0x208,  &_v2616,  &_v528);
							__eflags = _t82;
							if(_t82 == 0) {
								L12:
								_t48 = 0x22;
								_v1576 = _t48;
								_t51 = E01311B30( &_v1574, 0x20b,  &_v2616);
								__eflags = _t51;
								if(_t51 != 0) {
									_t54 = lstrlenW( &_v1576) + _t53;
									_t76 = 0x22;
									 *((short*)(_t85 + _t54 - 0x624)) = _t76;
									__eflags = 0;
									 *((short*)(_t85 + _t54 - 0x622)) = 0;
									_t55 =  &_v1576;
									goto L15;
								} else {
									E01312875( &_v2636, _t82);
									_t42 = 0x80004005;
								}
							} else {
								__eflags = _t82 - GetModuleHandleW(0);
								if(__eflags == 0) {
									goto L12;
								} else {
									_t55 =  &_v2616;
									L15:
									_push(_t55);
									_push(L"Module");
									_push( &_v2636);
									_t84 = E013128B3(__eflags);
									__eflags = _t84;
									if(__eflags >= 0) {
										_push( &_v2616);
										_push(L"Module_Raw");
										_push( &_v2636);
										_t84 = E013128B3(__eflags);
										__eflags = _t84;
										if(_t84 >= 0) {
											_t81 = _a8 & 0x0000ffff;
											_t61 =  &_v528;
											_t78 =  &_v2636;
											__eflags = _a12;
											if(__eflags == 0) {
												_push(0);
											} else {
												_push(1);
											}
											_push(L"REGISTRY");
											_push(_t61);
											_t62 = E01312900(0, _t78, _t81, _t82, _t84, __eflags);
											goto L21;
										}
									}
									goto L22;
								}
							}
						} else {
							E01312875( &_v2636, _t82);
							_t42 = 0x8007007a;
						}
					} else {
						_t62 = E01311BDC();
						L21:
						_t84 = _t62;
						goto L22;
					}
				}
				return E013748C1(_t42, 0, _v8 ^ _t85, _t81, _t82, _t84);
			}
































                                                                                                                                                                                                                                0x01312184
                                                                                                                                                                                                                                0x0131218d
                                                                                                                                                                                                                                0x01312194
                                                                                                                                                                                                                                0x01312197
                                                                                                                                                                                                                                0x0131219f
                                                                                                                                                                                                                                0x013121a2
                                                                                                                                                                                                                                0x013121a4
                                                                                                                                                                                                                                0x013121ae
                                                                                                                                                                                                                                0x013121b4
                                                                                                                                                                                                                                0x013121ba
                                                                                                                                                                                                                                0x013121c2
                                                                                                                                                                                                                                0x013121c4
                                                                                                                                                                                                                                0x013121dd
                                                                                                                                                                                                                                0x013121c8
                                                                                                                                                                                                                                0x013121cb
                                                                                                                                                                                                                                0x013121d2
                                                                                                                                                                                                                                0x013121d3
                                                                                                                                                                                                                                0x013121d8
                                                                                                                                                                                                                                0x013121d8
                                                                                                                                                                                                                                0x013121db
                                                                                                                                                                                                                                0x013121db
                                                                                                                                                                                                                                0x013121dd
                                                                                                                                                                                                                                0x013121ef
                                                                                                                                                                                                                                0x013121f3
                                                                                                                                                                                                                                0x0131232c
                                                                                                                                                                                                                                0x01312332
                                                                                                                                                                                                                                0x01312337
                                                                                                                                                                                                                                0x013121f9
                                                                                                                                                                                                                                0x013121f9
                                                                                                                                                                                                                                0x013121ff
                                                                                                                                                                                                                                0x0131220d
                                                                                                                                                                                                                                0x01312215
                                                                                                                                                                                                                                0x01312221
                                                                                                                                                                                                                                0x01312223
                                                                                                                                                                                                                                0x0131223a
                                                                                                                                                                                                                                0x0131224b
                                                                                                                                                                                                                                0x01312250
                                                                                                                                                                                                                                0x01312252
                                                                                                                                                                                                                                0x01312267
                                                                                                                                                                                                                                0x01312269
                                                                                                                                                                                                                                0x0131226a
                                                                                                                                                                                                                                0x01312284
                                                                                                                                                                                                                                0x0131228c
                                                                                                                                                                                                                                0x0131228e
                                                                                                                                                                                                                                0x013122b2
                                                                                                                                                                                                                                0x013122b6
                                                                                                                                                                                                                                0x013122b7
                                                                                                                                                                                                                                0x013122bf
                                                                                                                                                                                                                                0x013122c1
                                                                                                                                                                                                                                0x013122c9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312290
                                                                                                                                                                                                                                0x01312296
                                                                                                                                                                                                                                0x0131229b
                                                                                                                                                                                                                                0x0131229b
                                                                                                                                                                                                                                0x01312254
                                                                                                                                                                                                                                0x0131225b
                                                                                                                                                                                                                                0x0131225d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131225f
                                                                                                                                                                                                                                0x0131225f
                                                                                                                                                                                                                                0x013122cf
                                                                                                                                                                                                                                0x013122cf
                                                                                                                                                                                                                                0x013122d0
                                                                                                                                                                                                                                0x013122db
                                                                                                                                                                                                                                0x013122e1
                                                                                                                                                                                                                                0x013122e3
                                                                                                                                                                                                                                0x013122e5
                                                                                                                                                                                                                                0x013122ed
                                                                                                                                                                                                                                0x013122ee
                                                                                                                                                                                                                                0x013122f9
                                                                                                                                                                                                                                0x013122ff
                                                                                                                                                                                                                                0x01312301
                                                                                                                                                                                                                                0x01312303
                                                                                                                                                                                                                                0x01312305
                                                                                                                                                                                                                                0x01312309
                                                                                                                                                                                                                                0x0131230f
                                                                                                                                                                                                                                0x01312315
                                                                                                                                                                                                                                0x01312318
                                                                                                                                                                                                                                0x0131231e
                                                                                                                                                                                                                                0x0131231a
                                                                                                                                                                                                                                0x0131231a
                                                                                                                                                                                                                                0x0131231a
                                                                                                                                                                                                                                0x0131231f
                                                                                                                                                                                                                                0x01312324
                                                                                                                                                                                                                                0x01312325
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312325
                                                                                                                                                                                                                                0x01312303
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013122e5
                                                                                                                                                                                                                                0x0131225d
                                                                                                                                                                                                                                0x01312225
                                                                                                                                                                                                                                0x0131222b
                                                                                                                                                                                                                                0x01312230
                                                                                                                                                                                                                                0x01312230
                                                                                                                                                                                                                                0x01312217
                                                                                                                                                                                                                                0x01312217
                                                                                                                                                                                                                                0x0131232a
                                                                                                                                                                                                                                0x0131232a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131232a
                                                                                                                                                                                                                                0x01312215
                                                                                                                                                                                                                                0x01312347

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(01310000,?,00000104), ref: 0131220D
                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000), ref: 01312255
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 013122AC
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Module$FileHandleNamelstrlen
                                                                                                                                                                                                                                • String ID: Module$Module_Raw$REGISTRY
                                                                                                                                                                                                                                • API String ID: 2970045096-549000027
                                                                                                                                                                                                                                • Opcode ID: 8188604aac2f5ce6e1f24e3db4248d0df025fa7f76a424a16ffa19f79ebb0c4f
                                                                                                                                                                                                                                • Instruction ID: 255945b4ea659e13fd1e5548ccb284a84886d2bfb201e769ac0f2f6a04484cb2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8188604aac2f5ce6e1f24e3db4248d0df025fa7f76a424a16ffa19f79ebb0c4f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E041B976A00229DBCB28DF68DC84ADE77B8EF49308F5004A9F909E7545DB749E84CF51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01345B51, Relevance: 10.6, APIs: 7, Instructions: 110windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                			E01345B51(void* __edx, intOrPtr _a4, signed short _a8) {
				signed int _v8;
				char _v264;
				long _v268;
				signed int _v272;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr _v308;
				signed int _v312;
				void* _v316;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t38;
				struct HRSRC__* _t42;
				void* _t45;
				int _t47;
				signed int _t48;
				long _t52;
				void* _t64;
				void* _t75;
				void* _t76;
				int _t77;
				struct HINSTANCE__* _t78;
				void* _t79;
				signed int _t80;

				_t75 = __edx;
				_t38 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t38 ^ _t80;
				_t78 =  *0x13c172c; // 0x1310000
				_v276 = _a4;
				_v272 = 1;
				_t42 = FindResourceW(_t78, _a8 & 0x0000ffff, 0xf0);
				if(_t42 == 0) {
					L17:
					return E013748C1(_v272, _t64, _v8 ^ _t80, _t75, _t76, _t78);
				}
				_t45 = LoadResource(_t78, _t42);
				if(_t45 == 0) {
					goto L17;
				}
				_t78 = LockResource(_t45);
				if(_t78 != 0) {
					_push(_t64);
					_push(_t76);
					while(1) {
						_t47 = _t78->i & 0x0000ffff;
						if(0 == _t47) {
							break;
						}
						_t77 = _t47;
						_t48 = _t78->i & 0x0000ffff;
						_v280 =  *((intOrPtr*)(_t78 + 4));
						_t79 = _t78 + 8;
						if(0x403 != _t48) {
							if(0x1234 == _t48) {
								_v312 = _v312 | 0xffffffff;
								_v268 =  &_v264;
								_v316 = 1;
								E013478AD(0x1234,  &_v268, _t79, 3);
								_t52 = _v268;
								_v308 = _t52;
								if(_t52 !=  &_v264) {
									E01375111(_t52);
								}
								if(SendDlgItemMessageW( *(_v276 + 4), _t77, 0x40b, 0,  &_v316) == 0xffffffff) {
									_v272 = _v272 & 0x00000000;
								}
							}
							L15:
							_t78 = _t79 + _v280;
							if(_v272 != 0) {
								continue;
							}
							break;
						}
						_v268 =  &_v264;
						E013478AD(0x403,  &_v268, _t79, 3);
						if(SendDlgItemMessageW( *(_v276 + 4), _t77, 0x143, 0, _v268) == 0xffffffff) {
							_v272 = _v272 & 0x00000000;
						}
						if(_v268 !=  &_v264) {
							E01375111(_v268);
						}
						goto L15;
					}
					_pop(_t76);
					_pop(_t64);
				}
			}




























                                                                                                                                                                                                                                0x01345b51
                                                                                                                                                                                                                                0x01345b5a
                                                                                                                                                                                                                                0x01345b61
                                                                                                                                                                                                                                0x01345b68
                                                                                                                                                                                                                                0x01345b6e
                                                                                                                                                                                                                                0x01345b7f
                                                                                                                                                                                                                                0x01345b89
                                                                                                                                                                                                                                0x01345b91
                                                                                                                                                                                                                                0x01345cd8
                                                                                                                                                                                                                                0x01345cea
                                                                                                                                                                                                                                0x01345cea
                                                                                                                                                                                                                                0x01345b99
                                                                                                                                                                                                                                0x01345ba1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01345bae
                                                                                                                                                                                                                                0x01345bb2
                                                                                                                                                                                                                                0x01345bb8
                                                                                                                                                                                                                                0x01345bbf
                                                                                                                                                                                                                                0x01345bc0
                                                                                                                                                                                                                                0x01345bc0
                                                                                                                                                                                                                                0x01345bc8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01345bd1
                                                                                                                                                                                                                                0x01345bd3
                                                                                                                                                                                                                                0x01345bd7
                                                                                                                                                                                                                                0x01345be2
                                                                                                                                                                                                                                0x01345be8
                                                                                                                                                                                                                                0x01345c52
                                                                                                                                                                                                                                0x01345c54
                                                                                                                                                                                                                                0x01345c63
                                                                                                                                                                                                                                0x01345c71
                                                                                                                                                                                                                                0x01345c7b
                                                                                                                                                                                                                                0x01345c80
                                                                                                                                                                                                                                0x01345c8c
                                                                                                                                                                                                                                0x01345c94
                                                                                                                                                                                                                                0x01345c97
                                                                                                                                                                                                                                0x01345c9c
                                                                                                                                                                                                                                0x01345cba
                                                                                                                                                                                                                                0x01345cbc
                                                                                                                                                                                                                                0x01345cbc
                                                                                                                                                                                                                                0x01345cba
                                                                                                                                                                                                                                0x01345cc3
                                                                                                                                                                                                                                0x01345cc3
                                                                                                                                                                                                                                0x01345cd0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01345cd0
                                                                                                                                                                                                                                0x01345bf2
                                                                                                                                                                                                                                0x01345c00
                                                                                                                                                                                                                                0x01345c21
                                                                                                                                                                                                                                0x01345c23
                                                                                                                                                                                                                                0x01345c23
                                                                                                                                                                                                                                0x01345c36
                                                                                                                                                                                                                                0x01345c42
                                                                                                                                                                                                                                0x01345c47
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01345c36
                                                                                                                                                                                                                                0x01345cd6
                                                                                                                                                                                                                                0x01345cd7
                                                                                                                                                                                                                                0x01345cd7

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindResourceW.KERNEL32(01310000,00000110,000000F0,00000001), ref: 01345B89
                                                                                                                                                                                                                                • LoadResource.KERNEL32(01310000,00000000), ref: 01345B99
                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000), ref: 01345BA8
                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32 ref: 01345C1C
                                                                                                                                                                                                                                • _free.LIBCMT ref: 01345C42
                                                                                                                                                                                                                                • _free.LIBCMT ref: 01345C97
                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32 ref: 01345CB5
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Resource$ItemMessageSend_free$FindLoadLock
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1490153787-0
                                                                                                                                                                                                                                • Opcode ID: 318a55fe71d46d4aa1f76cf85472fe738d9d625337a8f23c31a7285ea054a959
                                                                                                                                                                                                                                • Instruction ID: 666f6d3bba4f1460d2ee6678ec3b9d177ab49db3cb04da2e6eef2868296ec69a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 318a55fe71d46d4aa1f76cf85472fe738d9d625337a8f23c31a7285ea054a959
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60414D71D002289BDF359B28DC81BE9B7F8AB18715F5042D5E689E6180DBB4AFC4CF54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01312900, Relevance: 10.6, APIs: 7, Instructions: 94libraryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 97%
                                                                                                                                                                                                                                			E01312900(void* __ebx, intOrPtr __ecx, int __edx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t36;
				signed int _t38;
				void* _t39;
				signed int _t50;
				WCHAR* _t55;
				int _t65;
				void* _t68;
				void* _t69;

				_t56 = __ecx;
				_push(0x424);
				E0137C278(0x13959de, __ebx, __edi, __esi);
				_t55 =  *(_t69 + 0xc);
				_t65 = __edx;
				 *((intOrPtr*)(_t69 - 0x430)) = 0;
				 *((intOrPtr*)(_t69 - 4)) = 0;
				 *((intOrPtr*)(_t69 - 0x428)) = __ecx;
				 *((intOrPtr*)(_t69 - 0x42c)) = 0;
				 *(_t69 - 0x418) = 0;
				 *((char*)(_t69 - 4)) = 1;
				_t36 = LoadLibraryExW( *(_t69 + 8), 0, 2);
				 *(_t69 - 0x41c) = _t36;
				if(_t36 != 0) {
					_t65 = FindResourceW(_t36, _t65, _t55);
					__eflags = _t65;
					if(_t65 != 0) {
						_t38 = LoadResource( *(_t69 - 0x41c), _t65);
						 *(_t69 - 0x420) = _t38;
						__eflags = _t38;
						if(_t38 == 0) {
							goto L3;
						} else {
							_t65 = SizeofResource( *(_t69 - 0x41c), _t65);
							_t13 = _t65 + 1; // 0x1
							_t47 = _t13;
							 *(_t69 - 0x424) = _t65;
							__eflags = _t13 - _t65;
							if(__eflags >= 0) {
								 *((char*)(_t69 - 4)) = 2;
								__eflags = E0131D99E(_t56, __eflags, _t47, 2) - 0x400;
								if(__eflags <= 0) {
									 *(_t69 - 0x418) = _t69 - 0x414;
								} else {
									E0131B5C9(_t65, 0, __eflags, _t69 - 0x418, _t48);
								}
								 *((intOrPtr*)(_t69 - 4)) = 1;
								__eflags =  *(_t69 - 0x418);
								if( *(_t69 - 0x418) == 0) {
									goto L6;
								} else {
									_t50 = MultiByteToWideChar(3, 0,  *(_t69 - 0x420), _t65,  *(_t69 - 0x418), _t65);
									__eflags = _t50;
									if(_t50 == 0) {
										goto L3;
									} else {
										__eflags = 0;
										( *(_t69 - 0x418))[_t50] = 0;
										_t39 = E01313400( *(_t69 - 0x418), _t69 - 0x42c, _t65, 0,  *((intOrPtr*)(_t69 + 0x10)));
									}
									goto L14;
								}
							} else {
								L6:
								_t68 = 0x8007000e;
							}
						}
					} else {
						L3:
						_t39 = E01311BDC();
						L14:
						_t68 = _t39;
					}
					FreeLibrary( *(_t69 - 0x41c));
				} else {
					_t68 = E01311BDC();
				}
				if( *(_t69 - 0x418) != _t69 - 0x414) {
					E0131A795(_t69 - 0x418);
				}
				return E0137C2D4(_t55, _t65, _t68);
			}











                                                                                                                                                                                                                                0x01312900
                                                                                                                                                                                                                                0x01312900
                                                                                                                                                                                                                                0x0131290a
                                                                                                                                                                                                                                0x01312912
                                                                                                                                                                                                                                0x01312917
                                                                                                                                                                                                                                0x01312919
                                                                                                                                                                                                                                0x0131291f
                                                                                                                                                                                                                                0x01312922
                                                                                                                                                                                                                                0x01312928
                                                                                                                                                                                                                                0x0131292e
                                                                                                                                                                                                                                0x01312938
                                                                                                                                                                                                                                0x0131293c
                                                                                                                                                                                                                                0x01312942
                                                                                                                                                                                                                                0x0131294a
                                                                                                                                                                                                                                0x01312961
                                                                                                                                                                                                                                0x01312963
                                                                                                                                                                                                                                0x01312965
                                                                                                                                                                                                                                0x01312978
                                                                                                                                                                                                                                0x0131297e
                                                                                                                                                                                                                                0x01312984
                                                                                                                                                                                                                                0x01312986
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312988
                                                                                                                                                                                                                                0x01312995
                                                                                                                                                                                                                                0x01312997
                                                                                                                                                                                                                                0x01312997
                                                                                                                                                                                                                                0x0131299a
                                                                                                                                                                                                                                0x013129a0
                                                                                                                                                                                                                                0x013129a2
                                                                                                                                                                                                                                0x013129b1
                                                                                                                                                                                                                                0x013129bc
                                                                                                                                                                                                                                0x013129c1
                                                                                                                                                                                                                                0x013129d8
                                                                                                                                                                                                                                0x013129c3
                                                                                                                                                                                                                                0x013129cb
                                                                                                                                                                                                                                0x013129cb
                                                                                                                                                                                                                                0x013129de
                                                                                                                                                                                                                                0x013129fc
                                                                                                                                                                                                                                0x01312a02
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312a04
                                                                                                                                                                                                                                0x01312a15
                                                                                                                                                                                                                                0x01312a1b
                                                                                                                                                                                                                                0x01312a1d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312a23
                                                                                                                                                                                                                                0x01312a2c
                                                                                                                                                                                                                                0x01312a2e
                                                                                                                                                                                                                                0x01312a3e
                                                                                                                                                                                                                                0x01312a3e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312a1d
                                                                                                                                                                                                                                0x013129a4
                                                                                                                                                                                                                                0x013129a4
                                                                                                                                                                                                                                0x013129a4
                                                                                                                                                                                                                                0x013129a4
                                                                                                                                                                                                                                0x013129a2
                                                                                                                                                                                                                                0x01312967
                                                                                                                                                                                                                                0x01312967
                                                                                                                                                                                                                                0x01312967
                                                                                                                                                                                                                                0x01312a43
                                                                                                                                                                                                                                0x01312a43
                                                                                                                                                                                                                                0x01312a43
                                                                                                                                                                                                                                0x01312a4b
                                                                                                                                                                                                                                0x0131294c
                                                                                                                                                                                                                                0x01312951
                                                                                                                                                                                                                                0x01312951
                                                                                                                                                                                                                                0x01312a5d
                                                                                                                                                                                                                                0x01312a65
                                                                                                                                                                                                                                0x01312a65
                                                                                                                                                                                                                                0x01312a71

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 0131290A
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,00000424,0131215D,?,REGISTRY,00000000,013A1478,Module_Raw,?,013A1478,Module,?), ref: 0131293C
                                                                                                                                                                                                                                • FindResourceW.KERNEL32(00000000,?,?), ref: 0131295B
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?), ref: 01312A4B
                                                                                                                                                                                                                                  • Part of subcall function 01311BDC: GetLastError.KERNEL32(0131296C,?,?), ref: 01311BDC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Library$ErrorFindFreeH_prolog3_catch_LastLoadResource
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 724505223-0
                                                                                                                                                                                                                                • Opcode ID: e80b3ade7f00f07b62382254845867fc274d8e1de88d82ef567ae377664dafaa
                                                                                                                                                                                                                                • Instruction ID: 6ba7a1613799915ddd24ba6869ee831ce6f41d6241dbb276450a4cdd83a23ef0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e80b3ade7f00f07b62382254845867fc274d8e1de88d82ef567ae377664dafaa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D3188B190016D9FCF359B68CC44BDEBBB9EB44754F2080E9E609A7145DA304FC48F94
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01329254, Relevance: 10.6, APIs: 7, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                			E01329254(long __ecx, intOrPtr __edx, struct HWND__** __esi) {
				signed int _v8;
				struct tagRECT _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				signed int _t17;
				long _t22;
				int _t26;
				intOrPtr _t39;
				struct HWND__** _t40;
				signed int _t41;

				_t40 = __esi;
				_t38 = __edx;
				_t17 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t17 ^ _t41;
				_t32 = __ecx;
				_t39 = __edx;
				if(GetClientRect( *__esi,  &_v24) != 0) {
					if(_t39 != 0xffffffff) {
						_v24.right = _t39;
					}
					if(_t32 != 0xffffffff) {
						_v24.bottom = _t32;
					}
					_t39 = GetWindowLongW;
					if((GetWindowLongW( *_t40, 0xfffffff0) & 0x40000000) != 0 || GetMenu( *_t40) == 0) {
						_v28 = _v28 & 0x00000000;
					} else {
						_v28 = 1;
					}
					_t22 = GetWindowLongW( *_t40, 0xffffffec);
					_t32 = _t22;
					if(AdjustWindowRectEx( &_v24, GetWindowLongW( *_t40, 0xfffffff0), _v28, _t22) == 0) {
						goto L1;
					} else {
						_t26 = SetWindowPos( *_t40, 0, 0, 0, _v24.right - _v24.left, _v24.bottom - _v24.top, 0x16);
					}
				} else {
					L1:
					_t26 = 0;
				}
				return E013748C1(_t26, _t32, _v8 ^ _t41, _t38, _t39, _t40);
			}














                                                                                                                                                                                                                                0x01329254
                                                                                                                                                                                                                                0x01329254
                                                                                                                                                                                                                                0x0132925a
                                                                                                                                                                                                                                0x01329261
                                                                                                                                                                                                                                0x0132926c
                                                                                                                                                                                                                                0x0132926e
                                                                                                                                                                                                                                0x01329278
                                                                                                                                                                                                                                0x01329281
                                                                                                                                                                                                                                0x01329283
                                                                                                                                                                                                                                0x01329283
                                                                                                                                                                                                                                0x01329289
                                                                                                                                                                                                                                0x0132928b
                                                                                                                                                                                                                                0x0132928b
                                                                                                                                                                                                                                0x0132928e
                                                                                                                                                                                                                                0x0132929f
                                                                                                                                                                                                                                0x013292b6
                                                                                                                                                                                                                                0x013292ad
                                                                                                                                                                                                                                0x013292ad
                                                                                                                                                                                                                                0x013292ad
                                                                                                                                                                                                                                0x013292be
                                                                                                                                                                                                                                0x013292c4
                                                                                                                                                                                                                                0x013292d9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013292db
                                                                                                                                                                                                                                0x013292f2
                                                                                                                                                                                                                                0x013292f2
                                                                                                                                                                                                                                0x0132927a
                                                                                                                                                                                                                                0x0132927a
                                                                                                                                                                                                                                0x0132927a
                                                                                                                                                                                                                                0x0132927a
                                                                                                                                                                                                                                0x01329305

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 01329270
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 01329298
                                                                                                                                                                                                                                • GetMenu.USER32 ref: 013292A3
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 013292BE
                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 013292C6
                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,00000000,00000000,00000000), ref: 013292D1
                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000016,?,000000F0,?,000000EC,?,000000F0,?,?), ref: 013292F2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$Long$Rect$AdjustClientMenu
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1765799542-0
                                                                                                                                                                                                                                • Opcode ID: d1cfc646a7f8421d2cf031ce6234d86d1f8fdb375d9145ee65c912effafe404d
                                                                                                                                                                                                                                • Instruction ID: 39661bae2bcb820413c3fae47aaaf22da058c831c5270baf2a811270a7f4b585
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1cfc646a7f8421d2cf031ce6234d86d1f8fdb375d9145ee65c912effafe404d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51215471A0421DEFEB21AFB9DC44FBE7BFDFB49368F200618E511E2195D63299008B50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013283BA, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memorystringwindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                			E013283BA(void* __eax) {
				WCHAR* _t15;
				wchar_t* _t16;
				signed int _t18;
				short* _t19;
				signed short _t22;
				short* _t26;
				void* _t30;
				intOrPtr _t31;
				WCHAR* _t32;

				_t30 = __eax;
				_t1 = _t30 + 0xc; // 0x13a3768
				_t32 = _t1;
				if( *_t32 == 0) {
					_t2 = _t30 + 4; // 0x13abdc4
					FormatMessageW(0x1300, 0,  *_t2, 0x400, _t32, 0, 0);
					_t15 =  *_t32;
					if(_t15 == 0) {
						_t16 = LocalAlloc(0, 0x40);
						 *_t32 = _t16;
						if(_t16 != 0) {
							_t9 = _t30 + 4; // 0x13abdc4
							_t31 =  *_t9;
							_t10 = _t31 + 0x7ffbfe00; // 0x8136bbc4
							if(_t10 > 0xfdff) {
								_t22 = 0;
							} else {
								_t11 = _t31 - 0x200; // 0x13abbc4
								_t22 = _t11 & 0x0000ffff;
							}
							if(_t22 == 0) {
								_push(_t31);
								_push(L"Unknown error 0x%0lX");
							} else {
								_push(_t22 & 0x0000ffff);
								_push(L"IDispatch error #%d");
							}
							swprintf(_t16, 0x20);
						}
					} else {
						_t18 = lstrlenW(_t15);
						if(_t18 > 1) {
							_t26 =  *_t32 + _t18 * 2 - 2;
							if( *_t26 == 0xa) {
								 *_t26 = 0;
								_t19 =  *_t32 + _t18 * 2 - 4;
								if( *_t19 == 0xd) {
									 *_t19 = 0;
								}
							}
						}
					}
				}
				return  *_t32;
			}












                                                                                                                                                                                                                                0x013283bd
                                                                                                                                                                                                                                0x013283bf
                                                                                                                                                                                                                                0x013283bf
                                                                                                                                                                                                                                0x013283c6
                                                                                                                                                                                                                                0x013283d4
                                                                                                                                                                                                                                0x013283dd
                                                                                                                                                                                                                                0x013283e3
                                                                                                                                                                                                                                0x013283e7
                                                                                                                                                                                                                                0x0132841c
                                                                                                                                                                                                                                0x01328422
                                                                                                                                                                                                                                0x01328426
                                                                                                                                                                                                                                0x01328428
                                                                                                                                                                                                                                0x01328428
                                                                                                                                                                                                                                0x0132842b
                                                                                                                                                                                                                                0x01328437
                                                                                                                                                                                                                                0x01328444
                                                                                                                                                                                                                                0x01328439
                                                                                                                                                                                                                                0x01328439
                                                                                                                                                                                                                                0x0132843f
                                                                                                                                                                                                                                0x0132843f
                                                                                                                                                                                                                                0x01328449
                                                                                                                                                                                                                                0x01328456
                                                                                                                                                                                                                                0x01328457
                                                                                                                                                                                                                                0x0132844b
                                                                                                                                                                                                                                0x0132844e
                                                                                                                                                                                                                                0x0132844f
                                                                                                                                                                                                                                0x0132844f
                                                                                                                                                                                                                                0x0132845f
                                                                                                                                                                                                                                0x01328464
                                                                                                                                                                                                                                0x013283e9
                                                                                                                                                                                                                                0x013283ea
                                                                                                                                                                                                                                0x013283f3
                                                                                                                                                                                                                                0x013283f7
                                                                                                                                                                                                                                0x013283ff
                                                                                                                                                                                                                                0x01328403
                                                                                                                                                                                                                                0x01328408
                                                                                                                                                                                                                                0x01328410
                                                                                                                                                                                                                                0x01328414
                                                                                                                                                                                                                                0x01328414
                                                                                                                                                                                                                                0x01328410
                                                                                                                                                                                                                                0x013283ff
                                                                                                                                                                                                                                0x013283f3
                                                                                                                                                                                                                                0x013283e7
                                                                                                                                                                                                                                0x0132846c

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00001300,00000000,013ABDC4,00000400,013A3768,00000000,00000000,76D26490,00000000,00000000,013288B1,?,76D26490), ref: 013283DD
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00000000,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 013283EA
                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000000,00000040,?,76D26490,?,?,?,01328712,?,?,00000022), ref: 0132841C
                                                                                                                                                                                                                                • swprintf.LIBCMT ref: 0132845F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocFormatLocalMessagelstrlenswprintf
                                                                                                                                                                                                                                • String ID: IDispatch error #%d$Unknown error 0x%0lX
                                                                                                                                                                                                                                • API String ID: 2315917530-2934499512
                                                                                                                                                                                                                                • Opcode ID: b597808a3a792856b89d83741ab098990dab7b66ebab7708132c04b36005c028
                                                                                                                                                                                                                                • Instruction ID: 3004d16e09f14c18bd03c2bac73e19aa098075daa8467ebada5e7dfea667fd8c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b597808a3a792856b89d83741ab098990dab7b66ebab7708132c04b36005c028
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2113170200231AFE724AFA8C894D76B3E9FF4071CF5048ADE286E3181E770A845C760
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0133A97A, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 61%
                                                                                                                                                                                                                                			E0133A97A(void* __ecx, void* __esi) {
				intOrPtr _v8;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t14;
				signed int _t15;
				signed int _t17;
				void* _t25;
				void* _t38;
				void* _t39;

				_t38 = __esi;
				_push(__ecx);
				_push(__ecx);
				_t41 =  *0x13c2a33;
				_push(_t25);
				_push(_t35);
				if( *0x13c2a33 != 0) {
					_v8 = _t39 - 0x1c;
					E01319638(_t39 - 0x1c, "OnClickedCancel()...");
					E0134BA76(_t25, 0x13c2b18, 0, _t35, __esi, _t41);
				}
				if( *((char*)(_t38 + 0xa9c)) == 0) {
					L9:
					_push(0xc353);
					_push(L"Cancel");
					_push(1);
					_t14 = L0133AA59(_t25, _t38, 0, _t35, _t38, __eflags);
				} else {
					_t15 =  *(_t38 + 0x140);
					 *((char*)(_t38 + 0x219)) = 1;
					if(_t15 < 0 || _t15 >=  *((intOrPtr*)(_t38 + 0x628))) {
						L8:
						RaiseException(0xc000008c, 1, 0, 0);
						goto L9;
					} else {
						_t35 =  *((intOrPtr*)(_t38 + 0x624));
						 *((char*)(_t15 * 0x334 +  *((intOrPtr*)(_t38 + 0x624)) + 0x1ee)) = 0;
						_t17 =  *(_t38 + 0x140);
						if(_t17 < 0) {
							goto L8;
						} else {
							_t46 = _t17 -  *((intOrPtr*)(_t38 + 0x628));
							if(_t17 >=  *((intOrPtr*)(_t38 + 0x628))) {
								goto L8;
							} else {
								E0131B7E3(_t17 * 0x334 +  *((intOrPtr*)(_t38 + 0x624)) + 0x228, _t46, L"Decline", E01376D83(L"Decline"));
								PostMessageW( *(_t38 + 4), 0x111, 0xd2, 0);
								_t14 = 0;
							}
						}
					}
				}
				return _t14;
			}













                                                                                                                                                                                                                                0x0133a97a
                                                                                                                                                                                                                                0x0133a97d
                                                                                                                                                                                                                                0x0133a97e
                                                                                                                                                                                                                                0x0133a97f
                                                                                                                                                                                                                                0x0133a986
                                                                                                                                                                                                                                0x0133a987
                                                                                                                                                                                                                                0x0133a988
                                                                                                                                                                                                                                0x0133a98f
                                                                                                                                                                                                                                0x0133a997
                                                                                                                                                                                                                                0x0133a9a1
                                                                                                                                                                                                                                0x0133a9a1
                                                                                                                                                                                                                                0x0133a9ad
                                                                                                                                                                                                                                0x0133aa42
                                                                                                                                                                                                                                0x0133aa42
                                                                                                                                                                                                                                0x0133aa47
                                                                                                                                                                                                                                0x0133aa4c
                                                                                                                                                                                                                                0x0133aa50
                                                                                                                                                                                                                                0x0133a9b3
                                                                                                                                                                                                                                0x0133a9b3
                                                                                                                                                                                                                                0x0133a9bb
                                                                                                                                                                                                                                0x0133a9c4
                                                                                                                                                                                                                                0x0133aa33
                                                                                                                                                                                                                                0x0133aa3c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133a9ce
                                                                                                                                                                                                                                0x0133a9ce
                                                                                                                                                                                                                                0x0133a9da
                                                                                                                                                                                                                                0x0133a9e1
                                                                                                                                                                                                                                0x0133a9e9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133a9eb
                                                                                                                                                                                                                                0x0133a9eb
                                                                                                                                                                                                                                0x0133a9f1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0133a9f3
                                                                                                                                                                                                                                0x0133aa15
                                                                                                                                                                                                                                0x0133aa29
                                                                                                                                                                                                                                0x0133aa2f
                                                                                                                                                                                                                                0x0133aa2f
                                                                                                                                                                                                                                0x0133a9f1
                                                                                                                                                                                                                                0x0133a9e9
                                                                                                                                                                                                                                0x0133a9c4
                                                                                                                                                                                                                                0x0133aa58

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0133AA07
                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,000000D2,00000000), ref: 0133AA29
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 0133AA3C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentExceptionH_prolog3_LocalMessagePostProcessRaiseTime_memset_strlen_wcslenswprintf
                                                                                                                                                                                                                                • String ID: Cancel$Decline$OnClickedCancel()...
                                                                                                                                                                                                                                • API String ID: 343472313-2633674123
                                                                                                                                                                                                                                • Opcode ID: 1ff7c7a6ede0933e2b37ba74d72cc7408a4eeaf680e8c68d9975062916d2f24c
                                                                                                                                                                                                                                • Instruction ID: dad908e1564036052367fa64e8b81ca79eb63bf83ab603c6c2930e3776293b93
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ff7c7a6ede0933e2b37ba74d72cc7408a4eeaf680e8c68d9975062916d2f24c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B112632304B416FF725937CCD86F9ABBE9DBD4B08F08441CE28ADB1C5D9A1A9418765
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131409A, Relevance: 9.2, APIs: 6, Instructions: 203COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 63%
                                                                                                                                                                                                                                			E0131409A(long __ebx, void* __edi, intOrPtr* __esi, void* __eflags) {
				intOrPtr _t73;
				struct _CRITICAL_SECTION* _t74;
				long _t75;
				long _t80;
				signed int _t83;
				long _t84;
				signed int _t85;
				long _t86;
				long* _t88;
				long* _t90;
				long _t91;
				intOrPtr _t93;
				long _t94;
				long _t96;
				long _t97;
				long _t100;
				long _t108;
				long _t109;
				long _t115;
				long _t135;
				intOrPtr* _t137;
				void* _t138;

				_t137 = __esi;
				_t118 = __ebx;
				_push(0x230);
				E0137C242(0x13918f6, __ebx, __edi, __esi);
				_t135 = 0;
				if( *((intOrPtr*)(__esi + 0xc)) == 0 ||  *((intOrPtr*)(__esi + 0x14)) == 0) {
					_t73 =  *0x13c29b0; // 0x13c2f08
					_t74 = _t73 + 0x10;
					 *(_t138 - 0x23c) = _t74;
					 *(_t138 - 4) = _t135;
					EnterCriticalSection(_t74);
					 *((char*)(_t138 - 0x238)) = 1;
					 *(_t138 - 0x21c) = 0x80004005;
					__eflags =  *(_t137 + 0xc) - _t135;
					if( *(_t137 + 0xc) != _t135) {
						 *(_t138 - 0x21c) = _t135;
						L40:
						_t75 =  *(_t137 + 0xc);
						__eflags = _t75 - _t135;
						if(_t75 != _t135) {
							__eflags =  *((intOrPtr*)(_t137 + 0x14)) - _t135;
							if(__eflags == 0) {
								_push(_t75);
								_push(_t137);
								 *(_t138 - 0x21c) = E01313EE1(_t118, _t135, _t137, __eflags);
							}
						}
						LeaveCriticalSection( *(_t138 - 0x23c));
						goto L44;
					}
					_t118 =  *(_t137 + 4);
					 *(_t138 - 0x22c) = _t135;
					_t80 = E01311ABF(_t118, 0x13c29b4);
					__eflags = _t80;
					if(_t80 == 0) {
						L10:
						_t83 =  *(_t137 + 8) & 0x0000ffff;
						__imp__#162(_t118, _t83,  *(_t137 + 0xa) & 0x0000ffff,  *((intOrPtr*)(_t138 + 8)), _t138 - 0x22c);
						L11:
						 *(_t138 - 0x21c) = _t83;
						__eflags = _t83 - _t135;
						if(_t83 < _t135) {
							goto L40;
						}
						 *(_t138 - 0x224) = _t135;
						 *(_t138 - 4) = 1;
						_t84 =  *(_t138 - 0x22c);
						_t85 =  *((intOrPtr*)( *_t84 + 0x18))(_t84,  *_t137, _t138 - 0x224);
						 *(_t138 - 0x21c) = _t85;
						__eflags = _t85 - _t135;
						if(_t85 < _t135) {
							L37:
							_t86 =  *(_t138 - 0x22c);
							 *((intOrPtr*)( *_t86 + 8))(_t86);
							 *(_t138 - 4) = 0;
							_t88 =  *(_t138 - 0x224);
							__eflags = _t88 - _t135;
							if(_t88 != _t135) {
								 *((intOrPtr*)( *_t88 + 8))(_t88);
							}
							goto L40;
						} else {
							_t90 =  *(_t138 - 0x224);
							 *(_t138 - 0x220) = _t90;
							__eflags = _t90 - _t135;
							if(_t90 != _t135) {
								 *((intOrPtr*)( *_t90 + 4))(_t90);
								_t90 =  *(_t138 - 0x224);
							}
							 *(_t138 - 0x228) = _t135;
							 *(_t138 - 4) = 3;
							_t123 =  *_t90;
							_t91 =  *( *_t90)(_t90, 0x13a19d4, _t138 - 0x228);
							__eflags = _t91;
							if(_t91 < 0) {
								L24:
								 *(_t137 + 0xc) =  *(_t138 - 0x220);
								_t93 =  *0x13c29b0; // 0x13c2f08
								 *(_t138 - 0x220) = _t135;
								__eflags = _t93 - _t135;
								if(__eflags == 0) {
									_t94 = 0;
									__eflags = 0;
								} else {
									_t94 = _t93 + 4;
								}
								_push(_t137);
								_push(_t94);
								E01313D35(_t118, _t123, _t135, _t137, __eflags);
								 *(_t138 - 4) = 2;
								_t96 =  *(_t138 - 0x228);
								__eflags = _t96 - _t135;
								if(_t96 != _t135) {
									 *((intOrPtr*)( *_t96 + 8))(_t96);
								}
								 *(_t138 - 4) = 1;
								_t97 =  *(_t138 - 0x220);
								__eflags = _t97 - _t135;
								if(_t97 != _t135) {
									 *((intOrPtr*)( *_t97 + 8))(_t97);
								}
								goto L37;
							}
							_t123 =  *(_t138 - 0x220);
							_t100 =  *(_t138 - 0x228);
							_t118 = _t100;
							__eflags = _t123 - _t135;
							if(_t123 != _t135) {
								__eflags = _t100 - _t135;
								if(_t100 == _t135) {
									L18:
									_t123 = 0;
									__eflags = 0;
									L19:
									__eflags = _t123;
									if(_t123 == 0) {
										_t118 =  *(_t138 - 0x220);
										 *(_t138 - 0x220) = _t135;
										__eflags = _t100 - _t135;
										if(_t100 != _t135) {
											_t123 =  *_t100;
											 *( *_t100)(_t100, 0x13a19e4, _t138 - 0x220);
										}
										__eflags = _t118 - _t135;
										if(_t118 != _t135) {
											 *((intOrPtr*)( *_t118 + 8))(_t118);
										}
									}
									goto L24;
								}
								 *(_t138 - 0x230) = _t135;
								 *(_t138 - 0x234) = _t135;
								 *((intOrPtr*)( *_t123))(_t123, 0x13a1894, _t138 - 0x230);
								 *((intOrPtr*)( *_t118))(_t118, 0x13a1894, _t138 - 0x234);
								_t108 =  *(_t138 - 0x234);
								__eflags =  *(_t138 - 0x230) - _t108;
								_t118 = _t118 & 0xffffff00 |  *(_t138 - 0x230) == _t108;
								__eflags = _t108;
								if(_t108 != 0) {
									 *((intOrPtr*)( *_t108 + 8))(_t108);
								}
								_t109 =  *(_t138 - 0x230);
								__eflags = _t109;
								if(_t109 != 0) {
									 *((intOrPtr*)( *_t109 + 8))(_t109);
								}
								_t100 =  *(_t138 - 0x228);
								_t123 = _t118;
								_t135 = 0;
								goto L19;
							}
							__eflags = _t100 - _t135;
							if(_t100 == _t135) {
								goto L24;
							}
							goto L18;
						}
					}
					__eflags =  *(_t137 + 8) - 0xffff;
					if( *(_t137 + 8) != 0xffff) {
						goto L10;
					}
					__eflags =  *(_t137 + 0xa) - 0xffff;
					if( *(_t137 + 0xa) != 0xffff) {
						goto L10;
					}
					_t118 = 0x104;
					_t115 = GetModuleFileNameW( *0x13c1728, _t138 - 0x218, 0x104);
					__eflags = _t115 - _t135;
					if(_t115 == _t135) {
						goto L40;
					}
					__eflags = _t115 - 0x104;
					if(_t115 == 0x104) {
						goto L40;
					} else {
						_t83 = _t138 - 0x218;
						__imp__#161(_t83, _t138 - 0x22c);
						goto L11;
					}
				} else {
					L44:
					return E0137C2C5(_t118, _t135, _t137);
				}
			}

























                                                                                                                                                                                                                                0x0131409a
                                                                                                                                                                                                                                0x0131409a
                                                                                                                                                                                                                                0x0131409a
                                                                                                                                                                                                                                0x013140a4
                                                                                                                                                                                                                                0x013140a9
                                                                                                                                                                                                                                0x013140ae
                                                                                                                                                                                                                                0x013140bc
                                                                                                                                                                                                                                0x013140c1
                                                                                                                                                                                                                                0x013140c4
                                                                                                                                                                                                                                0x013140cb
                                                                                                                                                                                                                                0x013140ce
                                                                                                                                                                                                                                0x013140d4
                                                                                                                                                                                                                                0x013140db
                                                                                                                                                                                                                                0x013140e5
                                                                                                                                                                                                                                0x013140e8
                                                                                                                                                                                                                                0x01314306
                                                                                                                                                                                                                                0x0131430c
                                                                                                                                                                                                                                0x0131430c
                                                                                                                                                                                                                                0x0131430f
                                                                                                                                                                                                                                0x01314311
                                                                                                                                                                                                                                0x01314313
                                                                                                                                                                                                                                0x01314316
                                                                                                                                                                                                                                0x01314318
                                                                                                                                                                                                                                0x01314319
                                                                                                                                                                                                                                0x0131431f
                                                                                                                                                                                                                                0x0131431f
                                                                                                                                                                                                                                0x01314316
                                                                                                                                                                                                                                0x0131432b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01314331
                                                                                                                                                                                                                                0x013140ee
                                                                                                                                                                                                                                0x013140f8
                                                                                                                                                                                                                                0x013140fe
                                                                                                                                                                                                                                0x01314103
                                                                                                                                                                                                                                0x01314105
                                                                                                                                                                                                                                0x01314157
                                                                                                                                                                                                                                0x01314166
                                                                                                                                                                                                                                0x0131416c
                                                                                                                                                                                                                                0x01314172
                                                                                                                                                                                                                                0x01314172
                                                                                                                                                                                                                                0x01314178
                                                                                                                                                                                                                                0x0131417a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01314180
                                                                                                                                                                                                                                0x0131418c
                                                                                                                                                                                                                                0x01314190
                                                                                                                                                                                                                                0x0131419c
                                                                                                                                                                                                                                0x0131419f
                                                                                                                                                                                                                                0x013141a5
                                                                                                                                                                                                                                0x013141a7
                                                                                                                                                                                                                                0x013142e4
                                                                                                                                                                                                                                0x013142e4
                                                                                                                                                                                                                                0x013142ed
                                                                                                                                                                                                                                0x013142f0
                                                                                                                                                                                                                                0x013142f4
                                                                                                                                                                                                                                0x013142fa
                                                                                                                                                                                                                                0x013142fc
                                                                                                                                                                                                                                0x01314301
                                                                                                                                                                                                                                0x01314301
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013141ad
                                                                                                                                                                                                                                0x013141ad
                                                                                                                                                                                                                                0x013141b3
                                                                                                                                                                                                                                0x013141b9
                                                                                                                                                                                                                                0x013141bb
                                                                                                                                                                                                                                0x013141c0
                                                                                                                                                                                                                                0x013141c3
                                                                                                                                                                                                                                0x013141c3
                                                                                                                                                                                                                                0x013141c9
                                                                                                                                                                                                                                0x013141db
                                                                                                                                                                                                                                0x013141df
                                                                                                                                                                                                                                0x013141e2
                                                                                                                                                                                                                                0x013141e4
                                                                                                                                                                                                                                0x013141e6
                                                                                                                                                                                                                                0x0131422f
                                                                                                                                                                                                                                0x01314235
                                                                                                                                                                                                                                0x01314238
                                                                                                                                                                                                                                0x0131423d
                                                                                                                                                                                                                                0x01314243
                                                                                                                                                                                                                                0x01314245
                                                                                                                                                                                                                                0x013142b3
                                                                                                                                                                                                                                0x013142b3
                                                                                                                                                                                                                                0x01314247
                                                                                                                                                                                                                                0x01314247
                                                                                                                                                                                                                                0x01314247
                                                                                                                                                                                                                                0x013142b5
                                                                                                                                                                                                                                0x013142b6
                                                                                                                                                                                                                                0x013142b7
                                                                                                                                                                                                                                0x013142bc
                                                                                                                                                                                                                                0x013142c0
                                                                                                                                                                                                                                0x013142c6
                                                                                                                                                                                                                                0x013142c8
                                                                                                                                                                                                                                0x013142cd
                                                                                                                                                                                                                                0x013142cd
                                                                                                                                                                                                                                0x013142d0
                                                                                                                                                                                                                                0x013142d4
                                                                                                                                                                                                                                0x013142da
                                                                                                                                                                                                                                0x013142dc
                                                                                                                                                                                                                                0x013142e1
                                                                                                                                                                                                                                0x013142e1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013142dc
                                                                                                                                                                                                                                0x013141e8
                                                                                                                                                                                                                                0x013141ee
                                                                                                                                                                                                                                0x013141f4
                                                                                                                                                                                                                                0x013141f6
                                                                                                                                                                                                                                0x013141f8
                                                                                                                                                                                                                                0x0131424c
                                                                                                                                                                                                                                0x0131424e
                                                                                                                                                                                                                                0x013141fe
                                                                                                                                                                                                                                0x013141fe
                                                                                                                                                                                                                                0x013141fe
                                                                                                                                                                                                                                0x01314200
                                                                                                                                                                                                                                0x01314200
                                                                                                                                                                                                                                0x01314202
                                                                                                                                                                                                                                0x01314204
                                                                                                                                                                                                                                0x0131420a
                                                                                                                                                                                                                                0x01314210
                                                                                                                                                                                                                                0x01314212
                                                                                                                                                                                                                                0x01314214
                                                                                                                                                                                                                                0x01314223
                                                                                                                                                                                                                                0x01314223
                                                                                                                                                                                                                                0x01314225
                                                                                                                                                                                                                                0x01314227
                                                                                                                                                                                                                                0x0131422c
                                                                                                                                                                                                                                0x0131422c
                                                                                                                                                                                                                                0x01314227
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01314202
                                                                                                                                                                                                                                0x01314250
                                                                                                                                                                                                                                0x01314256
                                                                                                                                                                                                                                0x0131426c
                                                                                                                                                                                                                                0x01314279
                                                                                                                                                                                                                                0x0131427b
                                                                                                                                                                                                                                0x01314281
                                                                                                                                                                                                                                0x01314287
                                                                                                                                                                                                                                0x0131428a
                                                                                                                                                                                                                                0x0131428c
                                                                                                                                                                                                                                0x01314291
                                                                                                                                                                                                                                0x01314291
                                                                                                                                                                                                                                0x01314294
                                                                                                                                                                                                                                0x0131429a
                                                                                                                                                                                                                                0x0131429c
                                                                                                                                                                                                                                0x013142a1
                                                                                                                                                                                                                                0x013142a1
                                                                                                                                                                                                                                0x013142a4
                                                                                                                                                                                                                                0x013142aa
                                                                                                                                                                                                                                0x013142ac
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013142ac
                                                                                                                                                                                                                                0x013141fa
                                                                                                                                                                                                                                0x013141fc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013141fc
                                                                                                                                                                                                                                0x013141a7
                                                                                                                                                                                                                                0x0131410c
                                                                                                                                                                                                                                0x01314110
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01314112
                                                                                                                                                                                                                                0x01314116
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01314118
                                                                                                                                                                                                                                0x0131412b
                                                                                                                                                                                                                                0x01314131
                                                                                                                                                                                                                                0x01314133
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01314139
                                                                                                                                                                                                                                0x0131413b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01314141
                                                                                                                                                                                                                                0x01314148
                                                                                                                                                                                                                                0x0131414f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131414f
                                                                                                                                                                                                                                0x013140b5
                                                                                                                                                                                                                                0x01314337
                                                                                                                                                                                                                                0x0131433c
                                                                                                                                                                                                                                0x0131433c

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 013140A4
                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(013C2EF8,00000230,01313DDF,?), ref: 013140CE
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00000104), ref: 0131412B
                                                                                                                                                                                                                                • LoadTypeLib.OLEAUT32(?,?), ref: 0131414F
                                                                                                                                                                                                                                • LoadRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 0131416C
                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0131432B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalLoadSectionType$EnterFileH_prolog3_LeaveModuleName
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 500997196-0
                                                                                                                                                                                                                                • Opcode ID: 644407d0471c17b155469139d5de61174ece225d0bd5ef633005e85c7e1de361
                                                                                                                                                                                                                                • Instruction ID: 93fdff0a18bcdf5837726cd45fa5a3d83e2f850e55570ad6c07c38eaf2212917
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 644407d0471c17b155469139d5de61174ece225d0bd5ef633005e85c7e1de361
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC813E74A00218EFDB25DBA8DC88AA9BBF9FF48308F2445D9E549D7219D7359E81CF10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01312B6B, Relevance: 9.1, APIs: 6, Instructions: 123COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                			E01312B6B(short* __eax, WCHAR** __ecx) {
				WCHAR* _v8;
				short* _v12;
				void* __esi;
				WCHAR* _t17;
				signed int _t18;
				WCHAR* _t19;
				signed int _t21;
				void* _t22;
				WCHAR* _t25;
				WCHAR* _t26;
				WCHAR* _t27;
				WCHAR* _t28;
				WCHAR* _t29;
				signed int _t31;
				WCHAR* _t33;
				WCHAR* _t38;
				void* _t40;
				signed int _t43;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;
				void* _t56;
				short* _t63;
				WCHAR** _t66;

				_push(__ecx);
				_push(__ecx);
				_t66 = __ecx;
				_t63 = __eax;
				E01312B46(__ecx);
				_t17 =  *_t66;
				_t43 =  *_t17 & 0x0000ffff;
				if(0 != _t43) {
					_t56 = 0x27;
					_v12 = _t63;
					if(_t56 != _t43) {
						while(1) {
							_t38 =  *_t66;
							_t18 =  *_t38 & 0x0000ffff;
							if(_t18 >= 9 && (_t18 <= 0xa || _t18 == 0xd || _t18 == 0x20)) {
								break;
							}
							_t19 = CharNextW(_t38);
							 *_t66 = _t19;
							_t21 = _t19 - _t38 >> 1;
							if(_t63 + 2 + _t21 * 2 >= _v12 + 0x2000) {
								goto L29;
							} else {
								if(_t21 > 0) {
									_t40 = _t38 - _t63;
									do {
										 *_t63 =  *((intOrPtr*)(_t40 + _t63));
										_t63 = _t63 + 2;
										_t21 = _t21 - 1;
									} while (_t21 != 0);
								}
								if(0 !=  *( *_t66)) {
									continue;
								} else {
									break;
								}
							}
							goto L27;
						}
						 *_t63 = 0;
						goto L26;
					} else {
						_t25 = CharNextW(_t17);
						 *_t66 = _t25;
						while(0 !=  *_t25) {
							_t26 =  *_t66;
							_t48 = 0x27;
							if(_t48 !=  *_t26) {
								L6:
								_t27 =  *_t66;
								_t49 = 0x27;
								if(_t49 ==  *_t27) {
									 *_t66 = CharNextW(_t27);
								}
								_t28 =  *_t66;
								_v8 = _t28;
								_t29 = CharNextW(_t28);
								 *_t66 = _t29;
								_t31 = _t29 - _v8 >> 1;
								if(_t63 + 2 + _t31 * 2 >= _v12 + 0x2000) {
									L29:
									_t22 = 0x80020009;
								} else {
									if(_t31 > 0) {
										_t52 = _v8 - _t63;
										do {
											 *_t63 =  *((intOrPtr*)(_t52 + _t63));
											_t63 = _t63 + 2;
											_t31 = _t31 - 1;
										} while (_t31 != 0);
									}
									_t25 =  *_t66;
									continue;
								}
							} else {
								_t33 = CharNextW(_t26);
								_t53 = 0x27;
								if(_t53 !=  *_t33) {
									break;
								} else {
									goto L6;
								}
							}
							goto L27;
						}
						if(0 ==  *( *_t66)) {
							goto L29;
						} else {
							 *_t63 = 0;
							 *_t66 = CharNextW( *_t66);
							L26:
							_t22 = 0;
						}
					}
					L27:
				} else {
					_t22 = 0x80020009;
				}
				return _t22;
			}




























                                                                                                                                                                                                                                0x01312b6e
                                                                                                                                                                                                                                0x01312b6f
                                                                                                                                                                                                                                0x01312b72
                                                                                                                                                                                                                                0x01312b74
                                                                                                                                                                                                                                0x01312b76
                                                                                                                                                                                                                                0x01312b7b
                                                                                                                                                                                                                                0x01312b7d
                                                                                                                                                                                                                                0x01312b85
                                                                                                                                                                                                                                0x01312b94
                                                                                                                                                                                                                                0x01312b95
                                                                                                                                                                                                                                0x01312b9b
                                                                                                                                                                                                                                0x01312c2b
                                                                                                                                                                                                                                0x01312c2b
                                                                                                                                                                                                                                0x01312c2d
                                                                                                                                                                                                                                0x01312c33
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312c45
                                                                                                                                                                                                                                0x01312c4e
                                                                                                                                                                                                                                0x01312c52
                                                                                                                                                                                                                                0x01312c60
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312c62
                                                                                                                                                                                                                                0x01312c64
                                                                                                                                                                                                                                0x01312c66
                                                                                                                                                                                                                                0x01312c68
                                                                                                                                                                                                                                0x01312c6c
                                                                                                                                                                                                                                0x01312c6f
                                                                                                                                                                                                                                0x01312c72
                                                                                                                                                                                                                                0x01312c72
                                                                                                                                                                                                                                0x01312c68
                                                                                                                                                                                                                                0x01312c7c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312c7c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312c60
                                                                                                                                                                                                                                0x01312c80
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312ba1
                                                                                                                                                                                                                                0x01312ba8
                                                                                                                                                                                                                                0x01312baa
                                                                                                                                                                                                                                0x01312c0e
                                                                                                                                                                                                                                0x01312bae
                                                                                                                                                                                                                                0x01312bb2
                                                                                                                                                                                                                                0x01312bb6
                                                                                                                                                                                                                                0x01312bc3
                                                                                                                                                                                                                                0x01312bc3
                                                                                                                                                                                                                                0x01312bc7
                                                                                                                                                                                                                                0x01312bcb
                                                                                                                                                                                                                                0x01312bd0
                                                                                                                                                                                                                                0x01312bd0
                                                                                                                                                                                                                                0x01312bd2
                                                                                                                                                                                                                                0x01312bd5
                                                                                                                                                                                                                                0x01312bd8
                                                                                                                                                                                                                                0x01312bdd
                                                                                                                                                                                                                                0x01312be8
                                                                                                                                                                                                                                0x01312bf0
                                                                                                                                                                                                                                0x01312c8a
                                                                                                                                                                                                                                0x01312c8a
                                                                                                                                                                                                                                0x01312bf6
                                                                                                                                                                                                                                0x01312bf8
                                                                                                                                                                                                                                0x01312bfd
                                                                                                                                                                                                                                0x01312bff
                                                                                                                                                                                                                                0x01312c03
                                                                                                                                                                                                                                0x01312c06
                                                                                                                                                                                                                                0x01312c09
                                                                                                                                                                                                                                0x01312c09
                                                                                                                                                                                                                                0x01312bff
                                                                                                                                                                                                                                0x01312c0c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312c0c
                                                                                                                                                                                                                                0x01312bb8
                                                                                                                                                                                                                                0x01312bb9
                                                                                                                                                                                                                                0x01312bbd
                                                                                                                                                                                                                                0x01312bc1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312bc1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312bb6
                                                                                                                                                                                                                                0x01312c1c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01312c1e
                                                                                                                                                                                                                                0x01312c20
                                                                                                                                                                                                                                0x01312c27
                                                                                                                                                                                                                                0x01312c83
                                                                                                                                                                                                                                0x01312c83
                                                                                                                                                                                                                                0x01312c83
                                                                                                                                                                                                                                0x01312c1c
                                                                                                                                                                                                                                0x01312c85
                                                                                                                                                                                                                                0x01312b87
                                                                                                                                                                                                                                0x01312b87
                                                                                                                                                                                                                                0x01312b87
                                                                                                                                                                                                                                0x01312c89

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01312B46: CharNextW.USER32(?,01312B7B,00000000,?,?,?,?,0131345A,00000000,00000000,?), ref: 01312B60
                                                                                                                                                                                                                                • CharNextW.USER32(00000000,00000000,00000000,?,?,?,?,0131345A,00000000,00000000,?), ref: 01312BA8
                                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,?,?,0131345A,00000000,00000000,?), ref: 01312C25
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CharNext
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3213498283-0
                                                                                                                                                                                                                                • Opcode ID: 0879e6581d6a6185b1987623f9b534a7c0b67cc5941c5b65822a48cedeb24486
                                                                                                                                                                                                                                • Instruction ID: bab243c8724bcf7527d8bc2b7baa099928c6d20026fef57b88a5f0de6d23858c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0879e6581d6a6185b1987623f9b534a7c0b67cc5941c5b65822a48cedeb24486
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A41A0312102069EDF299FBCD88467BB7E5FF68718BB04819D682C7269E770D880C754
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01329892, Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E01329892(void* __ebx, void* __edx, void* __eflags, long _a4, signed int _a8, long _a12, signed int _a16) {
				struct HDC__* _v8;
				void* __edi;
				void* __esi;
				long _t30;
				signed int _t32;
				void* _t39;
				void* _t44;
				BITMAPINFO* _t55;
				signed int _t57;
				signed int _t59;
				signed int _t60;

				_t49 = __edx;
				_t44 = __ebx;
				_v8 = 0;
				_t55 = E013444F0(__edx, 0,  &_v8, __eflags, 0x428);
				if(_t55 != 0) {
					E01376F40(_t55, 0, 0x28);
					_t55->bmiHeader.biWidth = _a4;
					_t55->bmiHeader.biHeight = _a8;
					_t55->bmiHeader.biPlanes = 1;
					_t30 = _a12;
					_t55->bmiHeader = 0x28;
					_t55->bmiHeader.biBitCount = _t30;
					_t55->bmiHeader.biCompression = 0;
					__eflags = _t30 - 8;
					if(_t30 <= 8) {
						_t12 =  &(_t55->bmiColors); // 0x28
						E01376F40(_t12, 0, 0x400);
					}
					_t32 = CreateDIBSection(0, _t55, 0, _t44 + 8, 0, 0);
					__eflags = _t32;
					if(_t32 != 0) {
						 *(_t44 + 4) = _t32;
						__eflags = _a8;
						E0132A099(_t49, _t44, (0 | _a8 >= 0x00000000) + 1);
						__eflags = _a16 & 0x00000001;
						if((_a16 & 0x00000001) != 0) {
							 *((char*)(_t44 + 0x1d)) = 1;
						}
						_t57 = _v8;
						while(1) {
							__eflags = _t57;
							if(_t57 == 0) {
								break;
							}
							_t57 =  *_t57;
							E01375111(_t57);
						}
						_t39 = 1;
						__eflags = 1;
					} else {
						_t59 = _v8;
						while(1) {
							__eflags = _t59;
							if(_t59 == 0) {
								break;
							}
							_t59 =  *_t59;
							E01375111(_t59);
						}
						goto L4;
					}
				} else {
					_t60 = _v8;
					while(_t60 != 0) {
						_t60 =  *_t60;
						E01375111(_t60);
					}
					L4:
					_t39 = 0;
				}
				return _t39;
			}














                                                                                                                                                                                                                                0x01329892
                                                                                                                                                                                                                                0x01329892
                                                                                                                                                                                                                                0x013298a2
                                                                                                                                                                                                                                0x013298aa
                                                                                                                                                                                                                                0x013298ae
                                                                                                                                                                                                                                0x013298cd
                                                                                                                                                                                                                                0x013298d5
                                                                                                                                                                                                                                0x013298db
                                                                                                                                                                                                                                0x013298e1
                                                                                                                                                                                                                                0x013298e5
                                                                                                                                                                                                                                0x013298eb
                                                                                                                                                                                                                                0x013298f1
                                                                                                                                                                                                                                0x013298f5
                                                                                                                                                                                                                                0x013298f8
                                                                                                                                                                                                                                0x013298fb
                                                                                                                                                                                                                                0x01329902
                                                                                                                                                                                                                                0x01329907
                                                                                                                                                                                                                                0x0132990c
                                                                                                                                                                                                                                0x01329918
                                                                                                                                                                                                                                0x0132991e
                                                                                                                                                                                                                                0x01329920
                                                                                                                                                                                                                                0x01329936
                                                                                                                                                                                                                                0x0132993b
                                                                                                                                                                                                                                0x01329945
                                                                                                                                                                                                                                0x0132994a
                                                                                                                                                                                                                                0x0132994e
                                                                                                                                                                                                                                0x01329950
                                                                                                                                                                                                                                0x01329950
                                                                                                                                                                                                                                0x01329954
                                                                                                                                                                                                                                0x01329962
                                                                                                                                                                                                                                0x01329962
                                                                                                                                                                                                                                0x01329964
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132995a
                                                                                                                                                                                                                                0x0132995c
                                                                                                                                                                                                                                0x01329961
                                                                                                                                                                                                                                0x01329968
                                                                                                                                                                                                                                0x01329968
                                                                                                                                                                                                                                0x01329922
                                                                                                                                                                                                                                0x01329922
                                                                                                                                                                                                                                0x01329930
                                                                                                                                                                                                                                0x01329930
                                                                                                                                                                                                                                0x01329932
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329928
                                                                                                                                                                                                                                0x0132992a
                                                                                                                                                                                                                                0x0132992f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329934
                                                                                                                                                                                                                                0x013298b0
                                                                                                                                                                                                                                0x013298b0
                                                                                                                                                                                                                                0x013298be
                                                                                                                                                                                                                                0x013298b6
                                                                                                                                                                                                                                0x013298b8
                                                                                                                                                                                                                                0x013298bd
                                                                                                                                                                                                                                0x013298c2
                                                                                                                                                                                                                                0x013298c2
                                                                                                                                                                                                                                0x013298c2
                                                                                                                                                                                                                                0x0132996c

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 013444F0: _malloc.LIBCMT ref: 01344511
                                                                                                                                                                                                                                • _free.LIBCMT ref: 013298B8
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 013298CD
                                                                                                                                                                                                                                • _memset.LIBCMT ref: 01329907
                                                                                                                                                                                                                                • CreateDIBSection.GDI32(00000000,00000000,00000000,?,00000000,00000000), ref: 01329918
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0132992A
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0132995C
                                                                                                                                                                                                                                  • Part of subcall function 01375111: RtlFreeHeap.NTDLL(00000000,00000000), ref: 01375127
                                                                                                                                                                                                                                  • Part of subcall function 01375111: GetLastError.KERNEL32(00000000), ref: 01375139
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$_memset$CreateErrorFreeHeapLastSection_malloc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2892610931-0
                                                                                                                                                                                                                                • Opcode ID: b9f907ffeb9927fc128aeaa4cf56ea30073f18e3a75c2dcb6627a6784b65413d
                                                                                                                                                                                                                                • Instruction ID: e7563dd5c32659b3c19138611628731ff6b82501646caf02addc6d3a1f87e3a3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9f907ffeb9927fc128aeaa4cf56ea30073f18e3a75c2dcb6627a6784b65413d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C421B472910235EBDB21EF29D844A9BBBECDF8532CF158469E895F7240D274ED00C7A0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013170CC, Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 63%
                                                                                                                                                                                                                                			E013170CC(void* __edi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				struct tagPOINT _v16;
				struct tagPOINT _v24;
				void* __ebx;
				void* __esi;
				signed int _t20;
				void* _t30;
				intOrPtr _t38;
				void* _t41;
				struct HWND__* _t44;
				signed int _t46;

				_t42 = __edi;
				_t20 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t20 ^ _t46;
				_t38 = _a4;
				_t45 = _a8;
				if(_a8 != 0) {
					_push(__edi);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t45 = ClientToScreen;
					if(ClientToScreen( *(_t38 - 0x28),  &_v24) != 0) {
						ClientToScreen( *(_t38 - 0x28),  &_v16);
					}
					_t44 = GetParent( *(_t38 - 0x28));
					if(_t44 != 0) {
						_t45 = ScreenToClient;
						if(ScreenToClient(_t44,  &_v24) != 0) {
							ScreenToClient(_t44,  &_v16);
						}
					}
					MoveWindow( *(_t38 - 0x28), _v24.x, _v24.y, _v16.x - _v24, _v16.y - _v24.y, 1);
					_t30 = 0;
					_pop(_t42);
				} else {
					_t30 = 0x80004003;
				}
				return E013748C1(_t30, _t38, _v8 ^ _t46, _t41, _t42, _t45);
			}














                                                                                                                                                                                                                                0x013170cc
                                                                                                                                                                                                                                0x013170d2
                                                                                                                                                                                                                                0x013170d9
                                                                                                                                                                                                                                0x013170dd
                                                                                                                                                                                                                                0x013170e1
                                                                                                                                                                                                                                0x013170e6
                                                                                                                                                                                                                                0x013170ef
                                                                                                                                                                                                                                0x013170f3
                                                                                                                                                                                                                                0x013170f4
                                                                                                                                                                                                                                0x013170f5
                                                                                                                                                                                                                                0x013170fd
                                                                                                                                                                                                                                0x013170fe
                                                                                                                                                                                                                                0x01317108
                                                                                                                                                                                                                                0x01317111
                                                                                                                                                                                                                                0x01317111
                                                                                                                                                                                                                                0x0131711c
                                                                                                                                                                                                                                0x01317120
                                                                                                                                                                                                                                0x01317122
                                                                                                                                                                                                                                0x01317131
                                                                                                                                                                                                                                0x01317138
                                                                                                                                                                                                                                0x01317138
                                                                                                                                                                                                                                0x01317131
                                                                                                                                                                                                                                0x01317153
                                                                                                                                                                                                                                0x01317159
                                                                                                                                                                                                                                0x0131715b
                                                                                                                                                                                                                                0x013170e8
                                                                                                                                                                                                                                0x013170e8
                                                                                                                                                                                                                                0x013170e8
                                                                                                                                                                                                                                0x01317169

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ClientScreen$MoveParentWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2420994850-0
                                                                                                                                                                                                                                • Opcode ID: 5a296c338ad7c62569a8e4c5197fe499f58e3bb1a4f07ef740b67c5505a83599
                                                                                                                                                                                                                                • Instruction ID: a8ee28e96fb0f563c53d40246d8cb55e6f7f77526f7a5d0c298683ab78c7f6cf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a296c338ad7c62569a8e4c5197fe499f58e3bb1a4f07ef740b67c5505a83599
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66110D72900119AFDF12DFA8CD849BFBBBEEF09314B150065E900F7118DA71AE418B61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01344A79, Relevance: 9.1, APIs: 6, Instructions: 66stringwindowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                			E01344A79(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t29;
				signed int _t30;
				WCHAR* _t32;
				int _t33;
				int _t34;
				int _t35;
				WCHAR* _t44;
				signed int _t53;
				signed int _t54;
				signed int _t56;
				struct HWND__** _t57;
				intOrPtr _t59;
				void* _t60;
				WCHAR* _t61;
				void* _t62;

				_t62 = __eflags;
				_push(0xc);
				E0137C20C(0x1391820, __ebx, __edi, __esi);
				_t59 =  *((intOrPtr*)(_t60 + 8));
				_push( *(_t59 + 0x28));
				E0137534A();
				 *(_t59 + 0x28) =  *(_t59 + 0x28) & 0x00000000;
				_t29 = lstrlenW( *(_t60 + 0xc));
				 *(_t60 - 4) =  *(_t60 - 4) & 0x00000000;
				_t8 = _t29 + 1; // 0x1
				_t56 = _t8;
				_t53 = 2;
				_t30 = _t56;
				_t54 = _t30 * _t53 >> 0x20;
				 *(_t60 - 0x14) = _t56;
				_push( ~(0 | _t62 > 0x00000000) | _t30 * _t53);
				_t32 = E013638C3(_t56, _t59, _t62);
				_pop(_t50);
				 *(_t59 + 0x28) = _t32;
				_t44 =  *(_t59 + 0x28);
				if(_t44 != 0) {
					_t33 = lstrlenW( *(_t60 + 0xc));
					__eflags = _t56 - _t33;
					if(_t56 > _t33) {
						lstrcpyW(_t44,  *(_t60 + 0xc));
					}
					__eflags =  *(_t59 + 0x24);
					if( *(_t59 + 0x24) == 0) {
						_t50 = _t59;
						E01346030(_t59, _t54);
					}
					_t57 = _t59 + 0x48;
					_t34 = IsWindow( *_t57);
					__eflags = _t34;
					if(_t34 != 0) {
						SendMessageW( *_t57, 0x401, 1, 0);
						 *(_t60 + 0xc) = _t61;
						 *_t61 =  *(_t59 + 0x28);
						E01345CED(_t44,  *((intOrPtr*)(_t59 + 4)), _t57, _t50, _t59 + 0x38, 1);
					}
					_t35 = 1;
				} else {
					_t35 = 0;
				}
				return E0137C2B1(_t35);
			}


















                                                                                                                                                                                                                                0x01344a79
                                                                                                                                                                                                                                0x01344a79
                                                                                                                                                                                                                                0x01344a80
                                                                                                                                                                                                                                0x01344a85
                                                                                                                                                                                                                                0x01344a88
                                                                                                                                                                                                                                0x01344a8b
                                                                                                                                                                                                                                0x01344a90
                                                                                                                                                                                                                                0x01344a98
                                                                                                                                                                                                                                0x01344a9e
                                                                                                                                                                                                                                0x01344aa2
                                                                                                                                                                                                                                0x01344aa2
                                                                                                                                                                                                                                0x01344aa9
                                                                                                                                                                                                                                0x01344aaa
                                                                                                                                                                                                                                0x01344aac
                                                                                                                                                                                                                                0x01344ab1
                                                                                                                                                                                                                                0x01344ab8
                                                                                                                                                                                                                                0x01344ab9
                                                                                                                                                                                                                                0x01344abe
                                                                                                                                                                                                                                0x01344abf
                                                                                                                                                                                                                                0x01344ad0
                                                                                                                                                                                                                                0x01344ad5
                                                                                                                                                                                                                                0x01344ade
                                                                                                                                                                                                                                0x01344ae4
                                                                                                                                                                                                                                0x01344ae6
                                                                                                                                                                                                                                0x01344aec
                                                                                                                                                                                                                                0x01344aec
                                                                                                                                                                                                                                0x01344af2
                                                                                                                                                                                                                                0x01344af6
                                                                                                                                                                                                                                0x01344af8
                                                                                                                                                                                                                                0x01344afa
                                                                                                                                                                                                                                0x01344afa
                                                                                                                                                                                                                                0x01344aff
                                                                                                                                                                                                                                0x01344b04
                                                                                                                                                                                                                                0x01344b0a
                                                                                                                                                                                                                                0x01344b0c
                                                                                                                                                                                                                                0x01344b19
                                                                                                                                                                                                                                0x01344b2b
                                                                                                                                                                                                                                0x01344b2e
                                                                                                                                                                                                                                0x01344b34
                                                                                                                                                                                                                                0x01344b34
                                                                                                                                                                                                                                0x01344b39
                                                                                                                                                                                                                                0x01344ad7
                                                                                                                                                                                                                                0x01344ad7
                                                                                                                                                                                                                                0x01344ad7
                                                                                                                                                                                                                                0x01344b40

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 01344A80
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,0000000C,0134675E,?,?), ref: 01344A98
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?), ref: 01344ADE
                                                                                                                                                                                                                                • lstrcpyW.KERNEL32 ref: 01344AEC
                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 01344B04
                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000001,00000000), ref: 01344B19
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$H_prolog3_catchMessageSendWindowlstrcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3371861467-0
                                                                                                                                                                                                                                • Opcode ID: f881991e9bbc9d1b8610f621c17a1675d19c50b7163e20ee2f03ad9ea6cd1307
                                                                                                                                                                                                                                • Instruction ID: 6814cebd63f9930d0697d3f6ea3f0f18dff7bc27e38f7b50688d2062479e4a1f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f881991e9bbc9d1b8610f621c17a1675d19c50b7163e20ee2f03ad9ea6cd1307
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA21D671200301AFEB259F58D845B6A7BEAFF48714F00552DF1069B5A0DBB6B940CB55
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01381BE3, Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                                                                			E01381BE3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x13b0120);
				E0137EF80(__ebx, __edi, __esi);
				_t31 = E013813D7(__ebx, __edx, _t35);
				_t15 =  *0x13bcf8c; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E01382372(_t25, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x13bd658; // 0x2ce2c98
					if(__eflags != 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							__eflags = InterlockedDecrement(_t33);
							if(__eflags == 0) {
								__eflags = _t33 - 0x13bd230;
								if(__eflags != 0) {
									E01375111(_t33);
								}
							}
						}
						_t21 =  *0x13bd658; // 0x2ce2c98
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x13bd658; // 0x2ce2c98
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E01381C7E();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				_t38 = _t33;
				if(_t33 == 0) {
					_push(0x20);
					E013791CF(_t29, _t38);
				}
				return E0137EFC5(_t33);
			}









                                                                                                                                                                                                                                0x01381be3
                                                                                                                                                                                                                                0x01381be3
                                                                                                                                                                                                                                0x01381be3
                                                                                                                                                                                                                                0x01381be3
                                                                                                                                                                                                                                0x01381be5
                                                                                                                                                                                                                                0x01381bea
                                                                                                                                                                                                                                0x01381bf4
                                                                                                                                                                                                                                0x01381bf6
                                                                                                                                                                                                                                0x01381bfe
                                                                                                                                                                                                                                0x01381c1f
                                                                                                                                                                                                                                0x01381c25
                                                                                                                                                                                                                                0x01381c29
                                                                                                                                                                                                                                0x01381c2c
                                                                                                                                                                                                                                0x01381c2f
                                                                                                                                                                                                                                0x01381c35
                                                                                                                                                                                                                                0x01381c37
                                                                                                                                                                                                                                0x01381c39
                                                                                                                                                                                                                                0x01381c42
                                                                                                                                                                                                                                0x01381c44
                                                                                                                                                                                                                                0x01381c46
                                                                                                                                                                                                                                0x01381c4c
                                                                                                                                                                                                                                0x01381c4f
                                                                                                                                                                                                                                0x01381c54
                                                                                                                                                                                                                                0x01381c4c
                                                                                                                                                                                                                                0x01381c44
                                                                                                                                                                                                                                0x01381c55
                                                                                                                                                                                                                                0x01381c5a
                                                                                                                                                                                                                                0x01381c5d
                                                                                                                                                                                                                                0x01381c63
                                                                                                                                                                                                                                0x01381c67
                                                                                                                                                                                                                                0x01381c67
                                                                                                                                                                                                                                0x01381c6d
                                                                                                                                                                                                                                0x01381c74
                                                                                                                                                                                                                                0x01381c06
                                                                                                                                                                                                                                0x01381c06
                                                                                                                                                                                                                                0x01381c06
                                                                                                                                                                                                                                0x01381c09
                                                                                                                                                                                                                                0x01381c0b
                                                                                                                                                                                                                                0x01381c0d
                                                                                                                                                                                                                                0x01381c0f
                                                                                                                                                                                                                                0x01381c14
                                                                                                                                                                                                                                0x01381c1c

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 01381BEF
                                                                                                                                                                                                                                  • Part of subcall function 013813D7: __getptd_noexit.LIBCMT ref: 013813DA
                                                                                                                                                                                                                                  • Part of subcall function 013813D7: __amsg_exit.LIBCMT ref: 013813E7
                                                                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 01381C0F
                                                                                                                                                                                                                                • __lock.LIBCMT ref: 01381C1F
                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 01381C3C
                                                                                                                                                                                                                                • _free.LIBCMT ref: 01381C4F
                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(02CE2C98), ref: 01381C67
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3470314060-0
                                                                                                                                                                                                                                • Opcode ID: bac741773498ae9724c0fdf24a9c18efffb7865049983a72cbe22be6a58d2bdb
                                                                                                                                                                                                                                • Instruction ID: 3389e81f878fa308e8ed4f08249790cc9e4f4260700f2638b76cc35628a15632
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bac741773498ae9724c0fdf24a9c18efffb7865049983a72cbe22be6a58d2bdb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47018032A01B129FDF35BB6D948979DB7B4BF0472CF010119E605A7A84D7789582CBD1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01362BEA, Relevance: 9.0, APIs: 6, Instructions: 47memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E01362BEA() {
				int _t3;
				long _t5;
				long _t7;
				long _t13;
				void* _t19;
				LONG* _t22;

				_t3 = IsProcessorFeaturePresent(0xc);
				if(_t3 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x34;
					_t5 =  *_t22;
					if(_t5 != 0) {
						L7:
						 *0x13c1720 = _t5;
						_t7 = 1;
					} else {
						_t19 = HeapAlloc(GetProcessHeap(), _t5, 8);
						_t7 = 0;
						if(_t19 != 0) {
							 *_t19 = 0;
							 *((intOrPtr*)(_t19 + 4)) = 0;
							if(InterlockedCompareExchange(_t22, _t19, 0) != 0) {
								HeapFree(GetProcessHeap(), 0, _t19);
							}
							_t5 =  *_t22;
							goto L7;
						}
					}
					return _t7;
				} else {
					_t13 = _t3 + 1;
					 *0x13c1720 = _t13;
					return _t13;
				}
			}









                                                                                                                                                                                                                                0x01362bec
                                                                                                                                                                                                                                0x01362bf4
                                                                                                                                                                                                                                0x01362c08
                                                                                                                                                                                                                                0x01362c0b
                                                                                                                                                                                                                                0x01362c10
                                                                                                                                                                                                                                0x01362c4c
                                                                                                                                                                                                                                0x01362c4c
                                                                                                                                                                                                                                0x01362c53
                                                                                                                                                                                                                                0x01362c12
                                                                                                                                                                                                                                0x01362c24
                                                                                                                                                                                                                                0x01362c26
                                                                                                                                                                                                                                0x01362c2a
                                                                                                                                                                                                                                0x01362c2f
                                                                                                                                                                                                                                0x01362c31
                                                                                                                                                                                                                                0x01362c3c
                                                                                                                                                                                                                                0x01362c44
                                                                                                                                                                                                                                0x01362c44
                                                                                                                                                                                                                                0x01362c4a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01362c4a
                                                                                                                                                                                                                                0x01362c2a
                                                                                                                                                                                                                                0x01362c57
                                                                                                                                                                                                                                0x01362bf6
                                                                                                                                                                                                                                0x01362bf6
                                                                                                                                                                                                                                0x01362bf7
                                                                                                                                                                                                                                0x01362bfc
                                                                                                                                                                                                                                0x01362bfc

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000C,01362C7A,?,?,01314F4B), ref: 01362BEC
                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000018,00000008,?,?,?,?,?,01314F4B), ref: 01362C1B
                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,01314F4B), ref: 01362C1E
                                                                                                                                                                                                                                • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 01362C34
                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,01314F4B), ref: 01362C41
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,01314F4B), ref: 01362C44
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Heap$Process$AllocCompareExchangeFeatureFreeInterlockedPresentProcessor
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3509966971-0
                                                                                                                                                                                                                                • Opcode ID: a79a9c958077dc0113d99b74e87395ebb68fba527e2eeb3c6801250ca8583167
                                                                                                                                                                                                                                • Instruction ID: cf43e1322a7b3476e358848c4cde578178cbcb013c5379f47915667a9f5f77d9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a79a9c958077dc0113d99b74e87395ebb68fba527e2eeb3c6801250ca8583167
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D011DB26012019FEF609FB99848E1777ECFB49785F155465F545D3248E731E8019B70
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013181AC, Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E013181AC(intOrPtr* __ebx, void* __ecx, int* _a4) {
				int _v8;
				int _v12;
				void* __ebp;
				int _t18;
				intOrPtr* _t19;
				struct HDC__* _t22;

				_t19 = __ebx;
				if(_a4 == 0) {
					L1:
					E01311000(0x80004003);
				}
				if(_t19 == 0) {
					goto L1;
				}
				_t22 = GetDC(0);
				_v8 = GetDeviceCaps(_t22, 0x58);
				_v12 = GetDeviceCaps(_t22, 0x5a);
				ReleaseDC(0, _t22);
				 *_t19 = MulDiv(_v8,  *_a4, 0x9ec);
				_t18 = MulDiv(_v12, _a4[1], 0x9ec);
				 *(_t19 + 4) = _t18;
				return _t18;
			}









                                                                                                                                                                                                                                0x013181ac
                                                                                                                                                                                                                                0x013181b5
                                                                                                                                                                                                                                0x013181b7
                                                                                                                                                                                                                                0x013181bc
                                                                                                                                                                                                                                0x013181bc
                                                                                                                                                                                                                                0x013181c3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013181d5
                                                                                                                                                                                                                                0x013181df
                                                                                                                                                                                                                                0x013181e7
                                                                                                                                                                                                                                0x013181ea
                                                                                                                                                                                                                                0x01318206
                                                                                                                                                                                                                                0x01318212
                                                                                                                                                                                                                                0x01318215
                                                                                                                                                                                                                                0x0131821a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDC.USER32 ref: 013181C9
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 013181DA
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 013181E2
                                                                                                                                                                                                                                • ReleaseDC.USER32 ref: 013181EA
                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000004,00000000,000009EC), ref: 01318204
                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000000,?,000009EC), ref: 01318212
                                                                                                                                                                                                                                  • Part of subcall function 01311000: __CxxThrowException@8.LIBCMT ref: 01311012
                                                                                                                                                                                                                                  • Part of subcall function 01311000: SysFreeString.OLEAUT32(00000000), ref: 0131101A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CapsDevice$Exception@8FreeReleaseStringThrow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1710212063-0
                                                                                                                                                                                                                                • Opcode ID: 18b9752a2a2fb2570eadb0f88a5702a48586b93eae9822c0d3de447fa008faf4
                                                                                                                                                                                                                                • Instruction ID: 914001ef18e13387acb6fe12575d56f884ded58b52e8a67de419d386cd209c80
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18b9752a2a2fb2570eadb0f88a5702a48586b93eae9822c0d3de447fa008faf4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55014F71A00214BFEB219FA5CC49F5BBFB8EB95755F004069FA04A7254D6719900CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131821D, Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E0131821D(intOrPtr* __ebx, void* __ecx, int* _a4) {
				int _v8;
				int _v12;
				void* __ebp;
				int _t18;
				intOrPtr* _t19;
				struct HDC__* _t22;

				_t19 = __ebx;
				if(_a4 == 0) {
					L1:
					E01311000(0x80004003);
				}
				if(_t19 == 0) {
					goto L1;
				}
				_t22 = GetDC(0);
				_v8 = GetDeviceCaps(_t22, 0x58);
				_v12 = GetDeviceCaps(_t22, 0x5a);
				ReleaseDC(0, _t22);
				 *_t19 = MulDiv(0x9ec,  *_a4, _v8);
				_t18 = MulDiv(0x9ec, _a4[1], _v12);
				 *(_t19 + 4) = _t18;
				return _t18;
			}









                                                                                                                                                                                                                                0x0131821d
                                                                                                                                                                                                                                0x01318226
                                                                                                                                                                                                                                0x01318228
                                                                                                                                                                                                                                0x0131822d
                                                                                                                                                                                                                                0x0131822d
                                                                                                                                                                                                                                0x01318234
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01318246
                                                                                                                                                                                                                                0x01318250
                                                                                                                                                                                                                                0x01318258
                                                                                                                                                                                                                                0x0131825b
                                                                                                                                                                                                                                0x0131827a
                                                                                                                                                                                                                                0x01318283
                                                                                                                                                                                                                                0x01318286
                                                                                                                                                                                                                                0x0131828b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetDC.USER32 ref: 0131823A
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 0131824B
                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01318253
                                                                                                                                                                                                                                • ReleaseDC.USER32 ref: 0131825B
                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,00000000,?), ref: 01318275
                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 01318283
                                                                                                                                                                                                                                  • Part of subcall function 01311000: __CxxThrowException@8.LIBCMT ref: 01311012
                                                                                                                                                                                                                                  • Part of subcall function 01311000: SysFreeString.OLEAUT32(00000000), ref: 0131101A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CapsDevice$Exception@8FreeReleaseStringThrow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1710212063-0
                                                                                                                                                                                                                                • Opcode ID: a0ad7e02f2b0d3d6332a1ffe7d8609de4774224cfeed68da908456c2a99b6454
                                                                                                                                                                                                                                • Instruction ID: 88a54ef51cb5d7d870df3d1e4394d2db2fcfd93aa35f566dd039e803f5606a85
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0ad7e02f2b0d3d6332a1ffe7d8609de4774224cfeed68da908456c2a99b6454
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1018F71A00218BFEB219FA5CC48F9EBFB8EB59791F008059FA0867244D6718901DB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132094C, Relevance: 9.0, APIs: 6, Instructions: 38COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 69%
                                                                                                                                                                                                                                			E0132094C(void* __esi, struct HDC__* _a4) {
				long _t18;
				void* _t20;
				void* _t24;
				void* _t26;

				_t26 = __esi;
				if( *((intOrPtr*)(__esi + 0x3c)) == 0xffffffff) {
					 *((intOrPtr*)(__esi + 0x3c)) = GetTextColor(_a4);
				}
				if( *(_t26 + 0x28) == 0xffffffff) {
					_t18 = GetBkColor(_a4);
					 *(_t26 + 0x28) = _t18;
					_t24 = CreateSolidBrush(_t18);
					_t20 =  *(_t26 + 0x34);
					if(_t20 != 0 && _t20 != _t24) {
						DeleteObject(_t20);
					}
					 *(_t26 + 0x34) = _t24;
				}
				SetTextColor(_a4,  *(_t26 + 0x3c));
				if( *((char*)(_t26 + 0x2c)) == 0) {
					_push( *(_t26 + 0x28));
				} else {
					_push(1);
				}
				SetBkColor(_a4, ??);
				return  *(_t26 + 0x34);
			}







                                                                                                                                                                                                                                0x0132094c
                                                                                                                                                                                                                                0x01320953
                                                                                                                                                                                                                                0x0132095e
                                                                                                                                                                                                                                0x0132095e
                                                                                                                                                                                                                                0x01320965
                                                                                                                                                                                                                                0x0132096b
                                                                                                                                                                                                                                0x01320972
                                                                                                                                                                                                                                0x0132097b
                                                                                                                                                                                                                                0x0132097d
                                                                                                                                                                                                                                0x01320982
                                                                                                                                                                                                                                0x01320989
                                                                                                                                                                                                                                0x01320989
                                                                                                                                                                                                                                0x0132098f
                                                                                                                                                                                                                                0x01320992
                                                                                                                                                                                                                                0x01320999
                                                                                                                                                                                                                                0x013209a3
                                                                                                                                                                                                                                0x013209a9
                                                                                                                                                                                                                                0x013209a5
                                                                                                                                                                                                                                0x013209a5
                                                                                                                                                                                                                                0x013209a5
                                                                                                                                                                                                                                0x013209af
                                                                                                                                                                                                                                0x013209b9

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTextColor.GDI32(?), ref: 01320958
                                                                                                                                                                                                                                • GetBkColor.GDI32(?), ref: 0132096B
                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 01320975
                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 01320989
                                                                                                                                                                                                                                • SetTextColor.GDI32(?,000000FF), ref: 01320999
                                                                                                                                                                                                                                • SetBkColor.GDI32(?,000000FF), ref: 013209AF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Color$Text$BrushCreateDeleteObjectSolid
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 438708776-0
                                                                                                                                                                                                                                • Opcode ID: c54254f75ec0761b00d9e1cb312eeb7c6fbf17ed262975eaa07c3416177f731c
                                                                                                                                                                                                                                • Instruction ID: 42351ed1c72cd31122a7080da106c83519ffe613d6d5e1d1185dacb461626afb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c54254f75ec0761b00d9e1cb312eeb7c6fbf17ed262975eaa07c3416177f731c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D017130200700DFDB316F69D948A56BFB9BB05325F406619F58B82AA0C732E454CF10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132A91F, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 267COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                			E0132A91F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t210;
				intOrPtr* _t218;
				intOrPtr* _t233;
				intOrPtr _t244;
				intOrPtr* _t254;
				intOrPtr _t258;
				intOrPtr _t260;
				short* _t262;
				intOrPtr _t264;
				void* _t265;
				void* _t266;

				_t266 = __eflags;
				_push(4);
				E0137C1D9(0x1398350, __ebx, __edi, __esi);
				_t254 =  *((intOrPtr*)(_t265 + 8));
				 *((intOrPtr*)(_t254 + 4)) = 0;
				 *((intOrPtr*)(_t254 + 0x14)) = 0;
				 *((intOrPtr*)(_t254 + 0x18)) = 0;
				 *((intOrPtr*)(_t254 + 0x1c)) = 0;
				 *((char*)(_t254 + 0x20)) = 0;
				 *((intOrPtr*)(_t254 + 0x24)) = 0;
				 *((intOrPtr*)(_t265 - 4)) = 0;
				 *((char*)(_t254 + 0x28)) =  *((intOrPtr*)(_t265 + 0xc));
				 *_t254 = 0x13a6624;
				_t258 = 7;
				 *((intOrPtr*)(_t254 + 0x40)) = _t258;
				 *((intOrPtr*)(_t254 + 0x3c)) = 0;
				 *((short*)(_t254 + 0x2c)) = 0;
				 *((intOrPtr*)(_t254 + 0x5c)) = _t258;
				 *((intOrPtr*)(_t254 + 0x58)) = 0;
				 *((short*)(_t254 + 0x48)) = 0;
				 *((intOrPtr*)(_t254 + 0x78)) = _t258;
				 *((intOrPtr*)(_t254 + 0x74)) = 0;
				 *((short*)(_t254 + 0x64)) = 0;
				 *((intOrPtr*)(_t254 + 0x94)) = _t258;
				 *((intOrPtr*)(_t254 + 0x90)) = 0;
				 *((short*)(_t254 + 0x80)) = 0;
				 *((intOrPtr*)(_t254 + 0xb0)) = _t258;
				 *((intOrPtr*)(_t254 + 0xac)) = 0;
				 *((short*)(_t254 + 0x9c)) = 0;
				 *((intOrPtr*)(_t254 + 0xcc)) = _t258;
				 *((intOrPtr*)(_t254 + 0xc8)) = 0;
				 *((short*)(_t254 + 0xb8)) = 0;
				 *((intOrPtr*)(_t254 + 0xe8)) = _t258;
				 *((intOrPtr*)(_t254 + 0xe4)) = 0;
				 *((short*)(_t254 + 0xd4)) = 0;
				 *((intOrPtr*)(_t254 + 0x104)) = _t258;
				 *((intOrPtr*)(_t254 + 0x100)) = 0;
				 *((short*)(_t254 + 0xf0)) = 0;
				 *((intOrPtr*)(_t254 + 0x120)) = _t258;
				 *((intOrPtr*)(_t254 + 0x11c)) = 0;
				 *((short*)(_t254 + 0x10c)) = 0;
				 *((intOrPtr*)(_t254 + 0x128)) = 0;
				 *((intOrPtr*)(_t254 + 0x12c)) = 0;
				 *((intOrPtr*)(_t254 + 0x130)) = 0;
				 *((intOrPtr*)(_t254 + 0x134)) = 0;
				 *((intOrPtr*)(_t254 + 0x138)) = 0;
				 *((intOrPtr*)(_t254 + 0x13c)) = 0;
				 *((intOrPtr*)(_t254 + 0x144)) = 0;
				 *((intOrPtr*)(_t254 + 0x148)) = 0;
				 *((intOrPtr*)(_t254 + 0x14c)) = 0;
				 *((intOrPtr*)(_t254 + 0x150)) = 0;
				 *((intOrPtr*)(_t254 + 0x154)) = 0;
				 *((intOrPtr*)(_t254 + 0x158)) = 0;
				_push(_t254 + 0x15c);
				 *((char*)(_t265 - 4)) = 0xd;
				E0132A15A(0, _t254, _t258, _t266);
				 *((intOrPtr*)(_t254 + 0x1e8)) = _t258;
				 *((intOrPtr*)(_t254 + 0x1e4)) = 0;
				 *((short*)(_t254 + 0x1d4)) = 0;
				 *((intOrPtr*)(_t254 + 0x204)) = _t258;
				 *((intOrPtr*)(_t254 + 0x200)) = 0;
				 *((short*)(_t254 + 0x1f0)) = 0;
				E013297F1(_t254 + 0x224);
				 *((intOrPtr*)(_t254 + 0x25c)) = 0;
				_t260 = 7;
				 *((intOrPtr*)(_t254 + 0x274)) = _t260;
				 *((intOrPtr*)(_t254 + 0x270)) = 0;
				 *((short*)(_t254 + 0x260)) = 0;
				 *((intOrPtr*)(_t254 + 0x298)) = _t260;
				 *((intOrPtr*)(_t254 + 0x294)) = 0;
				 *((short*)(_t254 + 0x284)) = 0;
				 *((intOrPtr*)(_t254 + 0x2a0)) = 0;
				 *((intOrPtr*)(_t254 + 0x2a4)) = 0;
				 *((intOrPtr*)(_t254 + 0x2a8)) = 0;
				_push(_t254 + 0x2ac);
				 *((char*)(_t265 - 4)) = 0x13;
				E01352870(0, _t254, _t260, _t266);
				_push(_t254 + 0x31c);
				 *((char*)(_t265 - 4)) = 0x14;
				E01352870(0, _t254, _t260, _t266);
				_push(_t254 + 0x38c);
				 *((char*)(_t265 - 4)) = 0x15;
				E01352870(0, _t254, _t260, _t266);
				 *((intOrPtr*)(_t254 + 0x404)) = 0;
				 *((intOrPtr*)(_t254 + 0x408)) = 0;
				 *((intOrPtr*)(_t254 + 0x40c)) = 0;
				 *((intOrPtr*)(_t254 + 0x414)) = 0;
				 *((intOrPtr*)(_t254 + 0x418)) = 0;
				 *((intOrPtr*)(_t254 + 0x41c)) = 0;
				 *((intOrPtr*)(_t254 + 0x434)) = _t260;
				 *((intOrPtr*)(_t254 + 0x430)) = 0;
				 *((short*)(_t254 + 0x420)) = 0;
				 *((intOrPtr*)(_t254 + 0x474)) = _t260;
				 *((intOrPtr*)(_t254 + 0x470)) = 0;
				 *((short*)(_t254 + 0x460)) = 0;
				 *((intOrPtr*)(_t254 + 0x490)) = _t260;
				 *((intOrPtr*)(_t254 + 0x48c)) = 0;
				 *((short*)(_t254 + 0x47c)) = 0;
				_push(_t254 + 0x4a8);
				 *((char*)(_t265 - 4)) = 0x1a;
				E01359C0C(0, 0, _t254, _t260, _t266);
				 *((char*)(_t265 - 4)) = 0x1b;
				 *((intOrPtr*)(_t254 + 0x4f8)) = 0;
				_t210 = E013476E9(0);
				 *((intOrPtr*)(_t254 + 0x4f4)) = _t210;
				 *_t210 = _t210;
				 *((intOrPtr*)( *((intOrPtr*)(_t254 + 0x4f4)) + 4)) =  *((intOrPtr*)(_t254 + 0x4f4));
				 *((intOrPtr*)( *((intOrPtr*)(_t254 + 0x4f4)) + 8)) =  *((intOrPtr*)(_t254 + 0x4f4));
				 *((char*)( *((intOrPtr*)(_t254 + 0x4f4)) + 0x38)) = 1;
				 *((char*)( *((intOrPtr*)(_t254 + 0x4f4)) + 0x39)) = 1;
				 *((intOrPtr*)(_t254 + 0x500)) = 0;
				 *((intOrPtr*)(_t254 + 0x504)) = 0;
				 *((intOrPtr*)(_t254 + 0x508)) = 0;
				 *((intOrPtr*)(_t254 + 0x528)) = _t260;
				 *((intOrPtr*)(_t254 + 0x524)) = 0;
				 *((short*)(_t254 + 0x514)) = 0;
				 *((intOrPtr*)(_t254 + 0x530)) = 0;
				 *((intOrPtr*)(_t254 + 0x534)) = 0;
				 *((intOrPtr*)(_t254 + 0x538)) = 0;
				 *((intOrPtr*)(_t254 + 0x548)) = 0x13a77d0;
				 *((intOrPtr*)(_t254 + 0x550)) = 0;
				 *((intOrPtr*)(_t254 + 0x560)) = 0;
				 *((intOrPtr*)(_t254 + 0x564)) = 0;
				 *((intOrPtr*)(_t254 + 0x568)) = 0;
				 *((intOrPtr*)(_t254 + 0x56c)) = DefWindowProcW;
				 *((intOrPtr*)(_t254 + 0x54c)) = 0x13a8fa8;
				E01361FD3(_t254 + 0x574);
				E0131F24F(_t254 + 0x5f4);
				 *((intOrPtr*)(_t254 + 0x5f8)) = 0;
				 *((intOrPtr*)(_t254 + 0x600)) = 0;
				 *((intOrPtr*)(_t254 + 0x604)) = 0;
				 *((intOrPtr*)(_t254 + 0x608)) = 0;
				 *((intOrPtr*)(_t254 + 0x60c)) = 0;
				 *((intOrPtr*)(_t254 + 0x610)) = 0;
				 *((intOrPtr*)(_t254 + 0x614)) = 0;
				 *((intOrPtr*)(_t254 + 0x618)) = 0;
				 *((intOrPtr*)(_t254 + 0x61c)) = 0;
				 *((intOrPtr*)(_t254 + 0x620)) = 0;
				 *((intOrPtr*)(_t254 + 0x624)) = 0;
				 *((intOrPtr*)(_t254 + 0x628)) = 0;
				 *((intOrPtr*)(_t254 + 0x62c)) = 0;
				 *((intOrPtr*)(_t254 + 0x630)) = 0;
				 *((intOrPtr*)(_t254 + 0x634)) = 0;
				 *((intOrPtr*)(_t254 + 0x638)) = 0;
				 *((intOrPtr*)(_t254 + 0x640)) = 0;
				 *((intOrPtr*)(_t254 + 0x644)) = 0;
				 *((intOrPtr*)(_t254 + 0x650)) = 0;
				 *((intOrPtr*)(_t254 + 0x654)) = 0;
				 *((intOrPtr*)(_t254 + 0x658)) = 0;
				 *((intOrPtr*)(_t254 + 0x65c)) = 0;
				 *((intOrPtr*)(_t254 + 0x660)) = 0;
				 *((intOrPtr*)(_t254 + 0x664)) = 0;
				 *((char*)(_t254 + 0x64c)) = 1;
				_t244 = 7;
				 *((intOrPtr*)(_t254 + 0x67c)) = _t244;
				 *((intOrPtr*)(_t254 + 0x678)) = 0;
				 *((short*)(_t254 + 0x668)) = 0;
				 *((intOrPtr*)(_t254 + 0x698)) = _t244;
				 *((intOrPtr*)(_t254 + 0x694)) = 0;
				 *((short*)(_t254 + 0x684)) = 0;
				 *((char*)(_t265 - 4)) = 0x28;
				 *((intOrPtr*)(_t254 + 0x6a8)) = 0;
				_t218 = E0134783F(0);
				 *((intOrPtr*)(_t254 + 0x6a4)) = _t218;
				 *_t218 = _t218;
				 *((intOrPtr*)( *((intOrPtr*)(_t254 + 0x6a4)) + 4)) =  *((intOrPtr*)(_t254 + 0x6a4));
				 *((intOrPtr*)( *((intOrPtr*)(_t254 + 0x6a4)) + 8)) =  *((intOrPtr*)(_t254 + 0x6a4));
				 *((char*)( *((intOrPtr*)(_t254 + 0x6a4)) + 0x28)) = 1;
				 *((char*)( *((intOrPtr*)(_t254 + 0x6a4)) + 0x29)) = 1;
				 *((intOrPtr*)(_t254 + 0xa70)) = 0;
				 *((intOrPtr*)(_t254 + 0xa74)) = 0;
				 *((intOrPtr*)(_t254 + 0xa78)) = 0;
				_t262 = _t254 + 0xa80;
				 *((intOrPtr*)(_t262 + 0x14)) = 7;
				 *((intOrPtr*)(_t262 + 0x10)) = 0;
				 *_t262 = 0;
				 *((char*)(_t265 - 4)) = 0x2b;
				 *((char*)(_t254 + 0x510)) = 1;
				E0131B7E3(_t254 + 0x260, _t266, 0x13a0d00, E01376D83(0x13a0d00));
				 *(_t254 + 0x6b0) =  *(_t254 + 0x6b0) | 0xffffffff;
				 *(_t254 + 0x544) =  *(_t254 + 0x544) | 0xffffffff;
				 *(_t254 + 0xa7c) =  *(_t254 + 0xa7c) | 0xffffffff;
				 *((intOrPtr*)(_t254 + 0x27c)) = 0xffffd8f1;
				 *((intOrPtr*)(_t254 + 0x280)) = 0xffffd8f1;
				 *((intOrPtr*)(_t254 + 0x21c)) = 0;
				 *((char*)(_t254 + 0x211)) = 0;
				 *((char*)(_t254 + 0x648)) = 1;
				 *((intOrPtr*)(_t254 + 0x540)) = 0x7d0;
				 *((intOrPtr*)(_t254 + 0x43c)) = 0;
				 *((char*)(_t254 + 0x258)) = 0;
				 *((intOrPtr*)(_t254 + 0x214)) = 0;
				E0131B7E3(_t262, _t266, L"http://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}&src={publisher}", E01376D83(L"http://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}&src={publisher}"));
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(_t265 + 0xc);
				asm("movsd");
				 *((intOrPtr*)(_t265 + 0xc)) = 0;
				if(E01355088(0, _t262, 0x13c29b4, 0x13a0b9c, _t266) < 0) {
					L3:
					_t264 =  *((intOrPtr*)(_t265 + 8));
				} else {
					_t233 =  *((intOrPtr*)(_t265 + 0xc));
					if(_t233 == 0) {
						goto L3;
					} else {
						_t264 =  *((intOrPtr*)(_t265 + 8));
						 *((intOrPtr*)( *_t233))(_t233, 0x13a7508, _t264 + 0x5f8);
					}
				}
				 *((char*)(_t264 + 0x219)) = 0;
				 *((short*)(_t264 + 0xa9c)) = 0;
				return E0137C2B1(_t264);
			}














                                                                                                                                                                                                                                0x0132a91f
                                                                                                                                                                                                                                0x0132a91f
                                                                                                                                                                                                                                0x0132a926
                                                                                                                                                                                                                                0x0132a92b
                                                                                                                                                                                                                                0x0132a930
                                                                                                                                                                                                                                0x0132a933
                                                                                                                                                                                                                                0x0132a936
                                                                                                                                                                                                                                0x0132a939
                                                                                                                                                                                                                                0x0132a93c
                                                                                                                                                                                                                                0x0132a93f
                                                                                                                                                                                                                                0x0132a942
                                                                                                                                                                                                                                0x0132a948
                                                                                                                                                                                                                                0x0132a94d
                                                                                                                                                                                                                                0x0132a953
                                                                                                                                                                                                                                0x0132a956
                                                                                                                                                                                                                                0x0132a959
                                                                                                                                                                                                                                0x0132a95c
                                                                                                                                                                                                                                0x0132a960
                                                                                                                                                                                                                                0x0132a963
                                                                                                                                                                                                                                0x0132a966
                                                                                                                                                                                                                                0x0132a96a
                                                                                                                                                                                                                                0x0132a96d
                                                                                                                                                                                                                                0x0132a970
                                                                                                                                                                                                                                0x0132a976
                                                                                                                                                                                                                                0x0132a97c
                                                                                                                                                                                                                                0x0132a982
                                                                                                                                                                                                                                0x0132a989
                                                                                                                                                                                                                                0x0132a98f
                                                                                                                                                                                                                                0x0132a995
                                                                                                                                                                                                                                0x0132a99c
                                                                                                                                                                                                                                0x0132a9a2
                                                                                                                                                                                                                                0x0132a9a8
                                                                                                                                                                                                                                0x0132a9af
                                                                                                                                                                                                                                0x0132a9b5
                                                                                                                                                                                                                                0x0132a9bb
                                                                                                                                                                                                                                0x0132a9c2
                                                                                                                                                                                                                                0x0132a9c8
                                                                                                                                                                                                                                0x0132a9ce
                                                                                                                                                                                                                                0x0132a9d5
                                                                                                                                                                                                                                0x0132a9db
                                                                                                                                                                                                                                0x0132a9e1
                                                                                                                                                                                                                                0x0132a9e8
                                                                                                                                                                                                                                0x0132a9ee
                                                                                                                                                                                                                                0x0132a9f4
                                                                                                                                                                                                                                0x0132a9fa
                                                                                                                                                                                                                                0x0132aa00
                                                                                                                                                                                                                                0x0132aa06
                                                                                                                                                                                                                                0x0132aa0c
                                                                                                                                                                                                                                0x0132aa12
                                                                                                                                                                                                                                0x0132aa18
                                                                                                                                                                                                                                0x0132aa1e
                                                                                                                                                                                                                                0x0132aa24
                                                                                                                                                                                                                                0x0132aa2a
                                                                                                                                                                                                                                0x0132aa36
                                                                                                                                                                                                                                0x0132aa37
                                                                                                                                                                                                                                0x0132aa3b
                                                                                                                                                                                                                                0x0132aa42
                                                                                                                                                                                                                                0x0132aa48
                                                                                                                                                                                                                                0x0132aa4e
                                                                                                                                                                                                                                0x0132aa55
                                                                                                                                                                                                                                0x0132aa5b
                                                                                                                                                                                                                                0x0132aa61
                                                                                                                                                                                                                                0x0132aa6e
                                                                                                                                                                                                                                0x0132aa75
                                                                                                                                                                                                                                0x0132aa7b
                                                                                                                                                                                                                                0x0132aa7e
                                                                                                                                                                                                                                0x0132aa84
                                                                                                                                                                                                                                0x0132aa8a
                                                                                                                                                                                                                                0x0132aa91
                                                                                                                                                                                                                                0x0132aa97
                                                                                                                                                                                                                                0x0132aa9d
                                                                                                                                                                                                                                0x0132aaa4
                                                                                                                                                                                                                                0x0132aaaa
                                                                                                                                                                                                                                0x0132aab0
                                                                                                                                                                                                                                0x0132aabc
                                                                                                                                                                                                                                0x0132aabd
                                                                                                                                                                                                                                0x0132aac1
                                                                                                                                                                                                                                0x0132aacc
                                                                                                                                                                                                                                0x0132aacd
                                                                                                                                                                                                                                0x0132aad1
                                                                                                                                                                                                                                0x0132aadc
                                                                                                                                                                                                                                0x0132aadd
                                                                                                                                                                                                                                0x0132aae1
                                                                                                                                                                                                                                0x0132aae6
                                                                                                                                                                                                                                0x0132aaec
                                                                                                                                                                                                                                0x0132aaf2
                                                                                                                                                                                                                                0x0132aaf8
                                                                                                                                                                                                                                0x0132aafe
                                                                                                                                                                                                                                0x0132ab04
                                                                                                                                                                                                                                0x0132ab0c
                                                                                                                                                                                                                                0x0132ab12
                                                                                                                                                                                                                                0x0132ab18
                                                                                                                                                                                                                                0x0132ab1f
                                                                                                                                                                                                                                0x0132ab25
                                                                                                                                                                                                                                0x0132ab2b
                                                                                                                                                                                                                                0x0132ab32
                                                                                                                                                                                                                                0x0132ab38
                                                                                                                                                                                                                                0x0132ab3e
                                                                                                                                                                                                                                0x0132ab4b
                                                                                                                                                                                                                                0x0132ab4c
                                                                                                                                                                                                                                0x0132ab50
                                                                                                                                                                                                                                0x0132ab55
                                                                                                                                                                                                                                0x0132ab59
                                                                                                                                                                                                                                0x0132ab5f
                                                                                                                                                                                                                                0x0132ab64
                                                                                                                                                                                                                                0x0132ab6a
                                                                                                                                                                                                                                0x0132ab72
                                                                                                                                                                                                                                0x0132ab7b
                                                                                                                                                                                                                                0x0132ab84
                                                                                                                                                                                                                                0x0132ab8e
                                                                                                                                                                                                                                0x0132ab92
                                                                                                                                                                                                                                0x0132ab98
                                                                                                                                                                                                                                0x0132ab9e
                                                                                                                                                                                                                                0x0132aba4
                                                                                                                                                                                                                                0x0132abaa
                                                                                                                                                                                                                                0x0132abb2
                                                                                                                                                                                                                                0x0132abb9
                                                                                                                                                                                                                                0x0132abbf
                                                                                                                                                                                                                                0x0132abc5
                                                                                                                                                                                                                                0x0132abd0
                                                                                                                                                                                                                                0x0132abda
                                                                                                                                                                                                                                0x0132abe0
                                                                                                                                                                                                                                0x0132abe6
                                                                                                                                                                                                                                0x0132abec
                                                                                                                                                                                                                                0x0132abf8
                                                                                                                                                                                                                                0x0132abfe
                                                                                                                                                                                                                                0x0132ac08
                                                                                                                                                                                                                                0x0132ac13
                                                                                                                                                                                                                                0x0132ac1a
                                                                                                                                                                                                                                0x0132ac20
                                                                                                                                                                                                                                0x0132ac26
                                                                                                                                                                                                                                0x0132ac2c
                                                                                                                                                                                                                                0x0132ac32
                                                                                                                                                                                                                                0x0132ac38
                                                                                                                                                                                                                                0x0132ac3e
                                                                                                                                                                                                                                0x0132ac44
                                                                                                                                                                                                                                0x0132ac4a
                                                                                                                                                                                                                                0x0132ac50
                                                                                                                                                                                                                                0x0132ac56
                                                                                                                                                                                                                                0x0132ac5c
                                                                                                                                                                                                                                0x0132ac62
                                                                                                                                                                                                                                0x0132ac68
                                                                                                                                                                                                                                0x0132ac6e
                                                                                                                                                                                                                                0x0132ac74
                                                                                                                                                                                                                                0x0132ac7a
                                                                                                                                                                                                                                0x0132ac80
                                                                                                                                                                                                                                0x0132ac86
                                                                                                                                                                                                                                0x0132ac8c
                                                                                                                                                                                                                                0x0132ac92
                                                                                                                                                                                                                                0x0132ac98
                                                                                                                                                                                                                                0x0132ac9e
                                                                                                                                                                                                                                0x0132aca4
                                                                                                                                                                                                                                0x0132acaa
                                                                                                                                                                                                                                0x0132acb3
                                                                                                                                                                                                                                0x0132acb6
                                                                                                                                                                                                                                0x0132acbc
                                                                                                                                                                                                                                0x0132acc2
                                                                                                                                                                                                                                0x0132acc9
                                                                                                                                                                                                                                0x0132acd1
                                                                                                                                                                                                                                0x0132acd7
                                                                                                                                                                                                                                0x0132acde
                                                                                                                                                                                                                                0x0132ace2
                                                                                                                                                                                                                                0x0132ace8
                                                                                                                                                                                                                                0x0132aced
                                                                                                                                                                                                                                0x0132acf3
                                                                                                                                                                                                                                0x0132acfb
                                                                                                                                                                                                                                0x0132ad04
                                                                                                                                                                                                                                0x0132ad0d
                                                                                                                                                                                                                                0x0132ad17
                                                                                                                                                                                                                                0x0132ad1b
                                                                                                                                                                                                                                0x0132ad21
                                                                                                                                                                                                                                0x0132ad27
                                                                                                                                                                                                                                0x0132ad2d
                                                                                                                                                                                                                                0x0132ad35
                                                                                                                                                                                                                                0x0132ad3c
                                                                                                                                                                                                                                0x0132ad3f
                                                                                                                                                                                                                                0x0132ad42
                                                                                                                                                                                                                                0x0132ad4b
                                                                                                                                                                                                                                0x0132ad64
                                                                                                                                                                                                                                0x0132ad69
                                                                                                                                                                                                                                0x0132ad70
                                                                                                                                                                                                                                0x0132ad77
                                                                                                                                                                                                                                0x0132ad83
                                                                                                                                                                                                                                0x0132ad89
                                                                                                                                                                                                                                0x0132ad8f
                                                                                                                                                                                                                                0x0132ad95
                                                                                                                                                                                                                                0x0132ad9b
                                                                                                                                                                                                                                0x0132ada2
                                                                                                                                                                                                                                0x0132adac
                                                                                                                                                                                                                                0x0132adb2
                                                                                                                                                                                                                                0x0132adb8
                                                                                                                                                                                                                                0x0132adce
                                                                                                                                                                                                                                0x0132addd
                                                                                                                                                                                                                                0x0132adde
                                                                                                                                                                                                                                0x0132addf
                                                                                                                                                                                                                                0x0132ade3
                                                                                                                                                                                                                                0x0132ade4
                                                                                                                                                                                                                                0x0132ade5
                                                                                                                                                                                                                                0x0132adef
                                                                                                                                                                                                                                0x0132ae0e
                                                                                                                                                                                                                                0x0132ae0e
                                                                                                                                                                                                                                0x0132adf1
                                                                                                                                                                                                                                0x0132adf1
                                                                                                                                                                                                                                0x0132adf6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132adf8
                                                                                                                                                                                                                                0x0132adf8
                                                                                                                                                                                                                                0x0132ae0a
                                                                                                                                                                                                                                0x0132ae0a
                                                                                                                                                                                                                                0x0132adf6
                                                                                                                                                                                                                                0x0132ae11
                                                                                                                                                                                                                                0x0132ae17
                                                                                                                                                                                                                                0x0132ae25

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0132A926
                                                                                                                                                                                                                                  • Part of subcall function 0132A15A: __EH_prolog3.LIBCMT ref: 0132A161
                                                                                                                                                                                                                                  • Part of subcall function 0132A15A: _strlen.LIBCMT ref: 0132A1C2
                                                                                                                                                                                                                                  • Part of subcall function 0132A15A: _wcslen.LIBCMT ref: 0132A1DC
                                                                                                                                                                                                                                  • Part of subcall function 013297F1: EnterCriticalSection.KERNEL32(013C17C0,?), ref: 01329827
                                                                                                                                                                                                                                  • Part of subcall function 013297F1: LeaveCriticalSection.KERNEL32(013C17C0), ref: 01329834
                                                                                                                                                                                                                                  • Part of subcall function 01352870: __EH_prolog3.LIBCMT ref: 01352877
                                                                                                                                                                                                                                  • Part of subcall function 01352870: _wcslen.LIBCMT ref: 013528DD
                                                                                                                                                                                                                                  • Part of subcall function 01359C0C: __EH_prolog3.LIBCMT ref: 01359C13
                                                                                                                                                                                                                                  • Part of subcall function 013476E9: std::exception::exception.LIBCMT ref: 01347705
                                                                                                                                                                                                                                  • Part of subcall function 013476E9: __CxxThrowException@8.LIBCMT ref: 0134771A
                                                                                                                                                                                                                                  • Part of subcall function 0134783F: std::exception::exception.LIBCMT ref: 0134785B
                                                                                                                                                                                                                                  • Part of subcall function 0134783F: __CxxThrowException@8.LIBCMT ref: 01347870
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0132AD52
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0132ADC4
                                                                                                                                                                                                                                  • Part of subcall function 0131B7E3: _memmove.LIBCMT ref: 0131B83B
                                                                                                                                                                                                                                  • Part of subcall function 01355088: __EH_prolog3_catch.LIBCMT ref: 0135508F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • +, xrefs: 0132AD42
                                                                                                                                                                                                                                • http://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}&src={publisher}, xrefs: 0132ADBE, 0132ADC3, 0132ADCB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_wcslen$CriticalException@8SectionThrowstd::exception::exception$EnterH_prolog3_catchLeave_memmove_strlen
                                                                                                                                                                                                                                • String ID: +$http://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}&src={publisher}
                                                                                                                                                                                                                                • API String ID: 3606588679-64641019
                                                                                                                                                                                                                                • Opcode ID: 40360c31129622bf111eea07aef2c703e58af6a0226d5c5a34801747ae35ae6f
                                                                                                                                                                                                                                • Instruction ID: 6384c2c524ab4c6edef7e0f0d521d6ae43af779d55ceff6f3e54029ef95ec28f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40360c31129622bf111eea07aef2c703e58af6a0226d5c5a34801747ae35ae6f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6E197B0A15A42AEC348DF3AC5847C6FBA5BF69304F90832ED16C87251DB716164CFD5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0135736C, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 155COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                                                                			E0135736C(WCHAR* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t57;
				void* _t62;
				void* _t70;
				intOrPtr _t78;
				void* _t118;
				void* _t130;
				WCHAR* _t132;
				intOrPtr _t134;
				void* _t135;
				void* _t136;
				intOrPtr _t137;
				intOrPtr _t138;
				void* _t139;
				void* _t141;

				_t141 = __eflags;
				_t130 = __edi;
				_t129 = __edx;
				_t100 = __ebx;
				_push(0xa0);
				E0137C242(0x1395d8f, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t135 - 0xa4)) =  *((intOrPtr*)(_t135 + 8));
				_t57 = 7;
				_t132 = 0;
				 *((intOrPtr*)(_t135 - 0x18)) = _t57;
				 *((intOrPtr*)(_t135 - 0x1c)) = 0;
				 *((short*)(_t135 - 0x2c)) = 0;
				 *((intOrPtr*)(_t135 - 4)) = 0;
				 *((intOrPtr*)(_t135 - 0x50)) = _t57;
				 *((intOrPtr*)(_t135 - 0x54)) = 0;
				 *((short*)(_t135 - 0x64)) = 0;
				 *((intOrPtr*)(_t135 - 0x34)) = _t57;
				 *((intOrPtr*)(_t135 - 0x38)) = 0;
				 *((short*)(_t135 - 0x48)) = 0;
				 *((char*)(_t135 - 4)) = 2;
				if(E0135DAE1(_t135 - 0x2c, __edx, _t141, _t135 - 0x64, _t135 - 0x48) != 0) {
					_t101 = " ";
					_t62 = E01376D83(" ");
					_t133 = __edi + 0xc0;
					E0131B74B(_t62, __edi + 0xc0, __eflags, _t101);
					_t103 = L"-se";
					E0131B74B(E01376D83(L"-se"), _t133, __eflags, _t103);
					_t100 = 0;
					_push(0);
					_push(_t135 - 0xa0);
					_push( *((intOrPtr*)(_t135 - 0xa4)));
					 *((intOrPtr*)(_t135 - 0xa0)) = 0;
					_t137 = _t136 - 0x1c;
					 *((intOrPtr*)(_t135 - 0xac)) = _t137;
					E01319B08(_t137, _t133);
					_t138 = _t137 - 0x1c;
					 *((intOrPtr*)(_t135 - 0xa8)) = _t138;
					 *((char*)(_t135 - 4)) = 3;
					E01319B08(_t138, _t135 - 0x2c);
					 *((char*)(_t135 - 4)) = 2;
					_t70 = E0135DC37(0, __edx, __edi, _t133, __eflags);
					_t139 = _t138 + 0x44;
					__eflags = _t70;
					if(_t70 != 0) {
						__eflags =  *0x13c2a33 - _t100; // 0x0
						if(__eflags == 0) {
							L10:
							 *((intOrPtr*)(_t130 + 0xfc)) =  *((intOrPtr*)( *((intOrPtr*)(_t135 - 0xa4))));
							_t132 = 0;
							L5:
							E0131AA87(_t135 - 0x48, 1, _t100);
							E0131AA87(_t135 - 0x64, 1, _t100);
							E0131AA87(_t135 - 0x2c, 1, _t100);
							L2:
							return E0137C2C5(_t100, _t130, _t132);
						}
						_t78 =  *0x13bc000; // 0x139c820
						 *((intOrPtr*)(_t135 - 0xa0)) =  *((intOrPtr*)(_t78 + 0xc))() + 0x10;
						 *((char*)(_t135 - 4)) = 4;
						E01327581(_t135 - 0xa0, _t129, L"Remote process started. Handle %d",  *((intOrPtr*)( *((intOrPtr*)(_t135 - 0xa4)))));
						_t134 =  *((intOrPtr*)(_t135 - 0xa0));
						__eflags =  *((intOrPtr*)(_t134 - 4)) - 1;
						_pop(_t118);
						if( *((intOrPtr*)(_t134 - 4)) > 1) {
							E01327454(_t118, _t135 - 0xa0,  *((intOrPtr*)(_t134 - 0xc)));
							_t134 =  *((intOrPtr*)(_t135 - 0xa0));
						}
						E01319B30(_t135 - 0x9c, _t134);
						_push(_t135 - 0x80);
						 *((char*)(_t135 - 4)) = 5;
						E0135BE26(_t100, _t135 - 0x9c, _t130, _t134, __eflags);
						 *((char*)(_t135 - 4)) = 7;
						E0131AA87(_t135 - 0x9c, 1, _t100);
						_t140 = _t139 - 0x1c;
						 *((intOrPtr*)(_t135 - 0xa8)) = _t139 - 0x1c;
						E013116F0(_t140, _t135 - 0x80);
						E0134BA76(_t100, 0x13c2b18, _t129, _t130, _t134, __eflags);
						E01311524(_t135 - 0x80, 1, _t100);
						E0131EAF8(_t134 - 0x10, _t129);
						goto L10;
					}
					_t132 = 0x54f;
					goto L5;
				}
				E0131AA87(_t135 - 0x48, 1, 0);
				E0131AA87(_t135 - 0x64, 1, 0);
				E0131AA87(_t135 - 0x2c, 1, 0);
				goto L2;
			}

















                                                                                                                                                                                                                                0x0135736c
                                                                                                                                                                                                                                0x0135736c
                                                                                                                                                                                                                                0x0135736c
                                                                                                                                                                                                                                0x0135736c
                                                                                                                                                                                                                                0x0135736c
                                                                                                                                                                                                                                0x01357376
                                                                                                                                                                                                                                0x01357380
                                                                                                                                                                                                                                0x01357386
                                                                                                                                                                                                                                0x01357387
                                                                                                                                                                                                                                0x0135738b
                                                                                                                                                                                                                                0x0135738e
                                                                                                                                                                                                                                0x01357391
                                                                                                                                                                                                                                0x01357395
                                                                                                                                                                                                                                0x01357398
                                                                                                                                                                                                                                0x0135739b
                                                                                                                                                                                                                                0x0135739e
                                                                                                                                                                                                                                0x013573a2
                                                                                                                                                                                                                                0x013573a7
                                                                                                                                                                                                                                0x013573aa
                                                                                                                                                                                                                                0x013573b9
                                                                                                                                                                                                                                0x013573c6
                                                                                                                                                                                                                                0x013573f6
                                                                                                                                                                                                                                0x013573fc
                                                                                                                                                                                                                                0x01357403
                                                                                                                                                                                                                                0x0135740b
                                                                                                                                                                                                                                0x01357410
                                                                                                                                                                                                                                0x0135741f
                                                                                                                                                                                                                                0x01357424
                                                                                                                                                                                                                                0x01357426
                                                                                                                                                                                                                                0x0135742d
                                                                                                                                                                                                                                0x0135742e
                                                                                                                                                                                                                                0x01357434
                                                                                                                                                                                                                                0x0135743a
                                                                                                                                                                                                                                0x0135743f
                                                                                                                                                                                                                                0x01357446
                                                                                                                                                                                                                                0x0135744b
                                                                                                                                                                                                                                0x01357453
                                                                                                                                                                                                                                0x0135745a
                                                                                                                                                                                                                                0x0135745e
                                                                                                                                                                                                                                0x01357463
                                                                                                                                                                                                                                0x01357467
                                                                                                                                                                                                                                0x0135746c
                                                                                                                                                                                                                                0x0135746f
                                                                                                                                                                                                                                0x01357471
                                                                                                                                                                                                                                0x013574a0
                                                                                                                                                                                                                                0x013574a6
                                                                                                                                                                                                                                0x01357564
                                                                                                                                                                                                                                0x0135756c
                                                                                                                                                                                                                                0x01357572
                                                                                                                                                                                                                                0x01357478
                                                                                                                                                                                                                                0x0135747e
                                                                                                                                                                                                                                0x01357489
                                                                                                                                                                                                                                0x01357494
                                                                                                                                                                                                                                0x013573ee
                                                                                                                                                                                                                                0x013573f3
                                                                                                                                                                                                                                0x013573f3
                                                                                                                                                                                                                                0x013574ac
                                                                                                                                                                                                                                0x013574bc
                                                                                                                                                                                                                                0x013574c8
                                                                                                                                                                                                                                0x013574d9
                                                                                                                                                                                                                                0x013574de
                                                                                                                                                                                                                                0x013574e4
                                                                                                                                                                                                                                0x013574e9
                                                                                                                                                                                                                                0x013574ea
                                                                                                                                                                                                                                0x013574f6
                                                                                                                                                                                                                                0x013574fb
                                                                                                                                                                                                                                0x013574fb
                                                                                                                                                                                                                                0x01357508
                                                                                                                                                                                                                                0x01357510
                                                                                                                                                                                                                                0x01357517
                                                                                                                                                                                                                                0x0135751b
                                                                                                                                                                                                                                0x0135752a
                                                                                                                                                                                                                                0x0135752e
                                                                                                                                                                                                                                0x01357533
                                                                                                                                                                                                                                0x0135753b
                                                                                                                                                                                                                                0x01357542
                                                                                                                                                                                                                                0x0135754c
                                                                                                                                                                                                                                0x01357557
                                                                                                                                                                                                                                0x0135755f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0135755f
                                                                                                                                                                                                                                0x01357473
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01357473
                                                                                                                                                                                                                                0x013573ce
                                                                                                                                                                                                                                0x013573d9
                                                                                                                                                                                                                                0x013573e4
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01357376
                                                                                                                                                                                                                                  • Part of subcall function 0135DAE1: _memset.LIBCMT ref: 0135DB3F
                                                                                                                                                                                                                                  • Part of subcall function 0135DAE1: GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0135DB54
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 013573FC
                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 01357416
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _wcslen$FileH_prolog3_ModuleName_memmove_memset
                                                                                                                                                                                                                                • String ID: -se$Remote process started. Handle %d
                                                                                                                                                                                                                                • API String ID: 1459579566-1328473449
                                                                                                                                                                                                                                • Opcode ID: d4de47799a29dfcfb83de75576cb69eb57705147b90ef68926abab2c2c7b20b9
                                                                                                                                                                                                                                • Instruction ID: 0dea9d4ee1dd2ac0dc653d928dca2a5a2d754701af9946ab27fae3047328b84d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4de47799a29dfcfb83de75576cb69eb57705147b90ef68926abab2c2c7b20b9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B518171D002599FEF14EBACC891FEEBBB8EF25308F444099E549A7284DA705E44CB92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132111A, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 144windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 63%
                                                                                                                                                                                                                                			E0132111A(signed int __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t62;
				char* _t66;
				void* _t82;
				WCHAR* _t85;
				int _t86;
				signed int _t95;
				signed char _t103;
				WCHAR* _t106;
				void* _t107;
				void* _t113;
				signed int _t121;
				void* _t126;
				void* _t127;

				_t113 = __edx;
				_t95 = __ebx;
				_push(0xb4);
				_t62 = E0137C242(0x13958db, __ebx, __edi, __esi);
				 *(_t126 - 0xbc) = 0;
				if( *((char*)(__ebx + 0x28)) == 0) {
					L18:
					_t121 = 1;
					__eflags = 1;
					goto L19;
				} else {
					_t132 =  *((intOrPtr*)(__ebx + 0x90));
					if( *((intOrPtr*)(__ebx + 0x90)) == 0) {
						goto L18;
					} else {
						_push(0xffffffff);
						_push(0xfde9);
						_push(0xfde9);
						 *((intOrPtr*)(_t126 - 0xc0)) = _t127 - 0x1c;
						E013116F0(_t127 - 0x1c, __ebx + 0x80);
						_push(_t126 - 0x2c);
						E0135BED6(__ebx, __edi, 0, _t132);
						 *(_t126 - 4) = 0;
						E01319B30(_t126 - 0x48, L"LoadingTitle");
						 *(_t126 - 4) = 1;
						if(E0131FD87(_t126 - 0x48, _t126 - 0x48,  *((intOrPtr*)(__ebx + 0x9c)) + 0xa70) <= 0xffffffff) {
							_t82 = E01319B30(_t126 - 0xb8, 0x13a0d00);
							_push(4);
						} else {
							E01319B30(_t126 - 0x80, L"LoadingTitle");
							 *(_t126 - 4) = 2;
							 *(_t126 - 0xbc) = 1;
							_t82 = E0131FD37(_t126 - 0x9c, _t126 - 0x80, _t113, _t126 - 0x80, _t126 - 0x9c);
							_push(3);
						}
						_pop(_t103);
						 *(_t126 - 4) = _t103;
						 *(_t126 - 0xbc) = _t103;
						E01319B61(_t126 - 0x64, _t82);
						_t121 = 1;
						_t115 = 0;
						if(( *(_t126 - 0xbc) & 0x00000004) != 0) {
							 *(_t126 - 0xbc) =  *(_t126 - 0xbc) & 0xfffffffb;
							E0131AA87(_t126 - 0xb8, 1, 0);
						}
						if(( *(_t126 - 0xbc) & 0x00000002) != 0) {
							 *(_t126 - 0xbc) =  *(_t126 - 0xbc) & 0xfffffffd;
							E0131AA87(_t126 - 0x9c, _t121, _t115);
						}
						 *(_t126 - 4) = _t121;
						if(( *(_t126 - 0xbc) & 0x00000001) != 0) {
							E0131AA87(_t126 - 0x80, _t121, _t115);
						}
						 *(_t126 - 4) = 0;
						E0131AA87(_t126 - 0x48, _t121, _t115);
						_t106 =  *(_t126 - 0x64);
						if( *((intOrPtr*)(_t126 - 0x50)) < 8) {
							_t106 = _t126 - 0x64;
						}
						_t85 =  *(_t126 - 0x2c);
						if( *((intOrPtr*)(_t126 - 0x18)) < 8) {
							_t85 = _t126 - 0x2c;
						}
						_t86 = MessageBoxW( *(_t95 + 4), _t85, _t106, 4);
						_push(_t115);
						_t107 = _t126 - 0x64;
						_push(_t121);
						if(_t86 != 7) {
							E0131AA87(_t107);
							 *(_t126 - 4) =  *(_t126 - 4) | 0xffffffff;
							_t96 = _t126 - 0x2c;
							_t62 = E0131AA87(_t126 - 0x2c, _t121, _t115);
							L19:
							__eflags =  *((char*)(_t95 + 0x28));
							_t115 = _t95;
							_push((_t62 & 0xffffff00 |  *((char*)(_t95 + 0x28)) == 0x00000000) & 0x000000ff);
							E01321318(_t95, _t96, _t95);
							__eflags =  *((char*)(_t95 + 0x28));
							_t66 = "true";
							if( *((char*)(_t95 + 0x28)) == 0) {
								_t66 = "false";
							}
							E01319638(_t126 - 0x48, _t66);
							E0135CD33(_t126 - 0x48, _t95 + 0x38);
							E01311524(_t126 - 0x48, _t121, 0);
						} else {
							E0131AA87(_t107);
							E0131AA87(_t126 - 0x2c);
						}
					}
				}
				return E0137C2C5(_t95, _t115, _t121);
			}
















                                                                                                                                                                                                                                0x0132111a
                                                                                                                                                                                                                                0x0132111a
                                                                                                                                                                                                                                0x0132111a
                                                                                                                                                                                                                                0x01321124
                                                                                                                                                                                                                                0x0132112b
                                                                                                                                                                                                                                0x01321135
                                                                                                                                                                                                                                0x013212b4
                                                                                                                                                                                                                                0x013212b6
                                                                                                                                                                                                                                0x013212b6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132113b
                                                                                                                                                                                                                                0x0132113b
                                                                                                                                                                                                                                0x01321141
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01321147
                                                                                                                                                                                                                                0x01321147
                                                                                                                                                                                                                                0x0132114e
                                                                                                                                                                                                                                0x0132114f
                                                                                                                                                                                                                                0x0132115b
                                                                                                                                                                                                                                0x01321162
                                                                                                                                                                                                                                0x0132116a
                                                                                                                                                                                                                                0x0132116b
                                                                                                                                                                                                                                0x01321173
                                                                                                                                                                                                                                0x0132117f
                                                                                                                                                                                                                                0x01321184
                                                                                                                                                                                                                                0x0132119f
                                                                                                                                                                                                                                0x013211e2
                                                                                                                                                                                                                                0x013211e7
                                                                                                                                                                                                                                0x013211a1
                                                                                                                                                                                                                                0x013211a5
                                                                                                                                                                                                                                0x013211aa
                                                                                                                                                                                                                                0x013211c4
                                                                                                                                                                                                                                0x013211ce
                                                                                                                                                                                                                                0x013211d3
                                                                                                                                                                                                                                0x013211d3
                                                                                                                                                                                                                                0x013211e9
                                                                                                                                                                                                                                0x013211ea
                                                                                                                                                                                                                                0x013211ed
                                                                                                                                                                                                                                0x013211f7
                                                                                                                                                                                                                                0x013211fe
                                                                                                                                                                                                                                0x013211ff
                                                                                                                                                                                                                                0x01321208
                                                                                                                                                                                                                                0x0132120a
                                                                                                                                                                                                                                0x01321219
                                                                                                                                                                                                                                0x01321219
                                                                                                                                                                                                                                0x01321225
                                                                                                                                                                                                                                0x01321227
                                                                                                                                                                                                                                0x01321236
                                                                                                                                                                                                                                0x01321236
                                                                                                                                                                                                                                0x0132123b
                                                                                                                                                                                                                                0x01321245
                                                                                                                                                                                                                                0x0132124c
                                                                                                                                                                                                                                0x0132124c
                                                                                                                                                                                                                                0x01321256
                                                                                                                                                                                                                                0x0132125a
                                                                                                                                                                                                                                0x01321263
                                                                                                                                                                                                                                0x01321266
                                                                                                                                                                                                                                0x01321268
                                                                                                                                                                                                                                0x01321268
                                                                                                                                                                                                                                0x0132126f
                                                                                                                                                                                                                                0x01321272
                                                                                                                                                                                                                                0x01321274
                                                                                                                                                                                                                                0x01321274
                                                                                                                                                                                                                                0x0132127e
                                                                                                                                                                                                                                0x01321284
                                                                                                                                                                                                                                0x01321285
                                                                                                                                                                                                                                0x01321288
                                                                                                                                                                                                                                0x0132128c
                                                                                                                                                                                                                                0x0132129f
                                                                                                                                                                                                                                0x013212a4
                                                                                                                                                                                                                                0x013212aa
                                                                                                                                                                                                                                0x013212ad
                                                                                                                                                                                                                                0x013212b7
                                                                                                                                                                                                                                0x013212b7
                                                                                                                                                                                                                                0x013212bb
                                                                                                                                                                                                                                0x013212c3
                                                                                                                                                                                                                                0x013212c4
                                                                                                                                                                                                                                0x013212c9
                                                                                                                                                                                                                                0x013212cd
                                                                                                                                                                                                                                0x013212d2
                                                                                                                                                                                                                                0x013212d4
                                                                                                                                                                                                                                0x013212d4
                                                                                                                                                                                                                                0x013212dd
                                                                                                                                                                                                                                0x013212e8
                                                                                                                                                                                                                                0x013212f3
                                                                                                                                                                                                                                0x0132128e
                                                                                                                                                                                                                                0x0132128e
                                                                                                                                                                                                                                0x01321298
                                                                                                                                                                                                                                0x01321298
                                                                                                                                                                                                                                0x0132128c
                                                                                                                                                                                                                                0x01321141
                                                                                                                                                                                                                                0x013212ff

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01321124
                                                                                                                                                                                                                                  • Part of subcall function 0135BED6: __EH_prolog3_GS.LIBCMT ref: 0135BEDD
                                                                                                                                                                                                                                  • Part of subcall function 0135BED6: MultiByteToWideChar.KERNEL32(0135D1A8,00000000,?,00000000,00000000,00000000,00000028,0135D1A8,?), ref: 0135BF0C
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00000004), ref: 0132127E
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3_$ByteCharMessageMultiWide_memmove_wcslen
                                                                                                                                                                                                                                • String ID: LoadingTitle$false$true
                                                                                                                                                                                                                                • API String ID: 1608090813-3632203004
                                                                                                                                                                                                                                • Opcode ID: 1a7c5d7064dbb47000b15c2b105aa15e603d0ccef4a20b8e1d2960a9f9023bb9
                                                                                                                                                                                                                                • Instruction ID: c463ee096333f19f93c9cb3b3c6ef6321baa77c462fc59601313b75d42cb2dce
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a7c5d7064dbb47000b15c2b105aa15e603d0ccef4a20b8e1d2960a9f9023bb9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A51A6B1C04369DAEF14EBA8CD44FEDBB78AF52318F544198E805B7185CB705B45CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134686A, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                			E0134686A(void* __ecx, short** _a4, signed int* _a8, short** _a12, short** _a16, intOrPtr* _a20, short* _a24) {
				char _v5;
				short* _v12;
				short* _t33;
				short* _t34;
				signed int _t42;
				short* _t51;
				short* _t56;

				_push(__ecx);
				_push(__ecx);
				_t42 = 0;
				 *_a4 = 0;
				 *_a8 = 0;
				 *_a12 = 0;
				 *_a16 = 0;
				 *_a20 = 0;
				 *_a24 = 0;
				_t33 =  *(__ecx + 0x24);
				if(_t33 == 0) {
					_t33 =  *(__ecx + 0x28);
				}
				_t56 = _t33;
				_v12 = _t33;
				_t34 = lstrlenW(_t56);
				_t51 = _t34;
				_v5 = 1;
				if(_t51 <= _t42) {
					L14:
					return _t34;
				} else {
					do {
						if( *_t56 != 0x3c) {
							goto L11;
						}
						if(_v5 == 0) {
							_t34 = CompareStringW(0x400, 1, _t56, 4, L"</A>", 4);
							if(_t34 != 2) {
								goto L11;
							}
							_t34 = _t42 -  *_a8 - 3;
							 *_a16 = _t34;
							if(_t56[4] != 0) {
								 *_a20 = _v12 + 8 + _t42 * 2;
								_t34 = _a24;
								 *_t34 = _t51 - _t42 - 4;
								goto L14;
							}
							goto L11;
						}
						_t34 = CompareStringW(0x400, 1, _t56, 3, L"<A>", 3);
						if(_t34 == 2) {
							if(_t42 > 0) {
								 *_a4 = _v12;
								 *_a8 = _t42;
							}
							_t34 =  &(_t56[3]);
							 *_a12 = _t34;
							_v5 = 0;
						}
						L11:
						_t42 = _t42 + 1;
						_t56 =  &(_t56[1]);
					} while (_t42 < _t51);
					goto L14;
				}
			}










                                                                                                                                                                                                                                0x0134686d
                                                                                                                                                                                                                                0x0134686e
                                                                                                                                                                                                                                0x01346873
                                                                                                                                                                                                                                0x01346875
                                                                                                                                                                                                                                0x0134687a
                                                                                                                                                                                                                                0x0134687f
                                                                                                                                                                                                                                0x01346884
                                                                                                                                                                                                                                0x01346889
                                                                                                                                                                                                                                0x0134688e
                                                                                                                                                                                                                                0x01346890
                                                                                                                                                                                                                                0x01346897
                                                                                                                                                                                                                                0x01346899
                                                                                                                                                                                                                                0x01346899
                                                                                                                                                                                                                                0x0134689c
                                                                                                                                                                                                                                0x0134689f
                                                                                                                                                                                                                                0x013468a2
                                                                                                                                                                                                                                0x013468a8
                                                                                                                                                                                                                                0x013468aa
                                                                                                                                                                                                                                0x013468b0
                                                                                                                                                                                                                                0x01346953
                                                                                                                                                                                                                                0x01346957
                                                                                                                                                                                                                                0x013468b6
                                                                                                                                                                                                                                0x013468b6
                                                                                                                                                                                                                                0x013468ba
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013468c0
                                                                                                                                                                                                                                0x0134690e
                                                                                                                                                                                                                                0x01346917
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01346923
                                                                                                                                                                                                                                0x0134692b
                                                                                                                                                                                                                                0x0134692d
                                                                                                                                                                                                                                0x01346949
                                                                                                                                                                                                                                0x0134694b
                                                                                                                                                                                                                                0x01346951
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01346951
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0134692d
                                                                                                                                                                                                                                0x013468d3
                                                                                                                                                                                                                                0x013468dc
                                                                                                                                                                                                                                0x013468e0
                                                                                                                                                                                                                                0x013468e8
                                                                                                                                                                                                                                0x013468ed
                                                                                                                                                                                                                                0x013468ed
                                                                                                                                                                                                                                0x013468f2
                                                                                                                                                                                                                                0x013468f5
                                                                                                                                                                                                                                0x013468f7
                                                                                                                                                                                                                                0x013468f7
                                                                                                                                                                                                                                0x0134692f
                                                                                                                                                                                                                                0x0134692f
                                                                                                                                                                                                                                0x01346930
                                                                                                                                                                                                                                0x01346933
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0134693b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,00000000,?,?,?,?,013469D4,?,?,?,?,?,?,?,?), ref: 013468A2
                                                                                                                                                                                                                                • CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003,?,00000000,?,?,?,?,013469D4,?,?,?), ref: 013468D3
                                                                                                                                                                                                                                • CompareStringW.KERNEL32(00000400,00000001,?,00000004,</A>,00000004,?,00000000,?,?,?,?,013469D4,?,?,?), ref: 0134690E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CompareString$lstrlen
                                                                                                                                                                                                                                • String ID: </A>$<A>
                                                                                                                                                                                                                                • API String ID: 1657112622-2122467442
                                                                                                                                                                                                                                • Opcode ID: 991dc914cb7ac7b2004d04bf25c5303af6c3e233a25c5d5913bc2ccf04fd1dd9
                                                                                                                                                                                                                                • Instruction ID: 201c94faf2af99dee001610fbb2cbe2161b0e18ac96dce520373a70521b62200
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 991dc914cb7ac7b2004d04bf25c5303af6c3e233a25c5d5913bc2ccf04fd1dd9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF316CF5640209AFDB21CF5DC486A9A7FF5FB4A318F104069F909DB390D3B1A945CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013272E2, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E013272E2(signed int __ecx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t19;
				intOrPtr* _t22;
				intOrPtr* _t27;
				intOrPtr _t28;
				signed int _t29;
				intOrPtr* _t33;
				intOrPtr _t35;
				intOrPtr* _t37;

				_t29 = __ecx;
				_t2 = _a4 + 0x10; // 0x490050
				_t17 =  *_t2;
				_t37 = __ecx;
				if(_t17 < _a8) {
					_t17 = E01363221("invalid string position");
				}
				_t18 = _t17 - _a8;
				_t28 = _a12;
				if(_t18 < _t28) {
					_t28 = _t18;
				}
				_t19 =  *((intOrPtr*)(_t37 + 0x10));
				if((_t29 | 0xffffffff) - _t19 <= _t28) {
					_t19 = E013631D4("string too long");
				}
				if(_t28 != 0) {
					_t35 = _t19 + _t28;
					if(E013117AF(_t28, _t37, _t35, _t35, 0) != 0) {
						_t22 = _a4;
						if( *((intOrPtr*)(_t22 + 0x14)) >= 0x10) {
							_t22 =  *_t22;
						}
						if( *((intOrPtr*)(_t37 + 0x14)) < 0x10) {
							_t33 = _t37;
						} else {
							_t33 =  *_t37;
						}
						E013748D0( *((intOrPtr*)(_t37 + 0x10)) + _t33, _t22 + _a8, _t28);
						 *((intOrPtr*)(_t37 + 0x10)) = _t35;
						if( *((intOrPtr*)(_t37 + 0x14)) < 0x10) {
							_t27 = _t37;
						} else {
							_t27 =  *_t37;
						}
						 *((char*)(_t27 + _t35)) = 0;
					}
				}
				return _t37;
			}















                                                                                                                                                                                                                                0x013272e2
                                                                                                                                                                                                                                0x013272e8
                                                                                                                                                                                                                                0x013272e8
                                                                                                                                                                                                                                0x013272ed
                                                                                                                                                                                                                                0x013272f2
                                                                                                                                                                                                                                0x013272f9
                                                                                                                                                                                                                                0x013272f9
                                                                                                                                                                                                                                0x013272fe
                                                                                                                                                                                                                                0x01327301
                                                                                                                                                                                                                                0x01327306
                                                                                                                                                                                                                                0x01327308
                                                                                                                                                                                                                                0x01327308
                                                                                                                                                                                                                                0x0132730a
                                                                                                                                                                                                                                0x01327314
                                                                                                                                                                                                                                0x0132731b
                                                                                                                                                                                                                                0x0132731b
                                                                                                                                                                                                                                0x01327322
                                                                                                                                                                                                                                0x01327325
                                                                                                                                                                                                                                0x01327334
                                                                                                                                                                                                                                0x01327336
                                                                                                                                                                                                                                0x0132733d
                                                                                                                                                                                                                                0x0132733f
                                                                                                                                                                                                                                0x0132733f
                                                                                                                                                                                                                                0x01327345
                                                                                                                                                                                                                                0x0132734b
                                                                                                                                                                                                                                0x01327347
                                                                                                                                                                                                                                0x01327347
                                                                                                                                                                                                                                0x01327347
                                                                                                                                                                                                                                0x01327358
                                                                                                                                                                                                                                0x01327364
                                                                                                                                                                                                                                0x01327367
                                                                                                                                                                                                                                0x0132736d
                                                                                                                                                                                                                                0x01327369
                                                                                                                                                                                                                                0x01327369
                                                                                                                                                                                                                                0x01327369
                                                                                                                                                                                                                                0x0132736f
                                                                                                                                                                                                                                0x0132736f
                                                                                                                                                                                                                                0x01327373
                                                                                                                                                                                                                                0x01327379

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 013272F9
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 01363236
                                                                                                                                                                                                                                  • Part of subcall function 01363221: __CxxThrowException@8.LIBCMT ref: 0136324B
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 0136325C
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0132731B
                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 01327358
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                                                                                                                                                                • String ID: invalid string position$string too long
                                                                                                                                                                                                                                • API String ID: 3404309857-4289949731
                                                                                                                                                                                                                                • Opcode ID: 43d48b57bebb9c11107123fc7741e513a0ecf90b61efc6458e9926b6ff58a258
                                                                                                                                                                                                                                • Instruction ID: 270feec6aac72070d622df741bc804a94e998146673af3f18340639853a3eceb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43d48b57bebb9c11107123fc7741e513a0ecf90b61efc6458e9926b6ff58a258
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0711B2313103259FDB28EE6CD881A5AB7E9FF25618B04092DFA52CB241D770E9408794
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01312376, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                			E01312376(void** __edi, short* _a4) {
				void* __esi;
				intOrPtr* _t6;
				struct HINSTANCE__* _t9;

				_t12 = __edi;
				_t13 = __edi[2];
				if(__edi[2] == 0) {
					if( *0x13c29d4 == 0) {
						_t9 = GetModuleHandleW(L"Advapi32.dll");
						if(_t9 != 0) {
							 *0x13c29d8 = GetProcAddress(_t9, "RegDeleteKeyExW");
						}
						 *0x13c29d4 = 1;
					}
					_t6 =  *0x13c29d8; // 0x0
					if(_t6 == 0) {
						return RegDeleteKeyW( *_t12, _a4);
					} else {
						return  *_t6( *_t12, _a4, _t12[1], 0);
					}
				}
				return E01311D42(_t13,  *__edi, _a4);
			}






                                                                                                                                                                                                                                0x01312376
                                                                                                                                                                                                                                0x0131237a
                                                                                                                                                                                                                                0x0131237f
                                                                                                                                                                                                                                0x01312394
                                                                                                                                                                                                                                0x0131239b
                                                                                                                                                                                                                                0x013123a3
                                                                                                                                                                                                                                0x013123b1
                                                                                                                                                                                                                                0x013123b1
                                                                                                                                                                                                                                0x013123b6
                                                                                                                                                                                                                                0x013123b6
                                                                                                                                                                                                                                0x013123bd
                                                                                                                                                                                                                                0x013123c4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013123c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013123d0
                                                                                                                                                                                                                                0x013123c4
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,?,013125C9,?), ref: 0131239B
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 013123AB
                                                                                                                                                                                                                                  • Part of subcall function 01311D42: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 01311D51
                                                                                                                                                                                                                                  • Part of subcall function 01311D42: GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 01311D61
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                • String ID: Advapi32.dll$RegDeleteKeyExW
                                                                                                                                                                                                                                • API String ID: 1646373207-2191092095
                                                                                                                                                                                                                                • Opcode ID: 56c1dcc92b9403cdeaec7546e863e7acb68fe5be4cf782b9455fd9ea57abfce0
                                                                                                                                                                                                                                • Instruction ID: 9cd4e88f5a8ce1a9a3d8698fe5484cb693faab49c301bc027db8f347f45ff6c2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56c1dcc92b9403cdeaec7546e863e7acb68fe5be4cf782b9455fd9ea57abfce0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11F04F35501209BFEB295F64EC44FD6BF6CFB04788F540415FA00A551DC7B2A4B0EB51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01320320, Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E01320320(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				char _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				intOrPtr _t26;
				void* _t41;
				void* _t45;
				intOrPtr _t47;
				signed int _t50;
				intOrPtr _t53;

				_t24 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t24 ^ _t50;
				_t26 = 0xe;
				_t47 = __ecx;
				_v12 = _t26;
				_v16 = _t26;
				 *((intOrPtr*)(__ecx + 0x48)) = __ecx;
				_v20 = 0;
				_v24 = 0;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_t41 = __ecx + 0x24;
				_t53 =  *0x13bf300; // 0x0
				if(_t53 == 0) {
					 *0x13bf300 = 0;
				}
				_push(_v28);
				E01347E09(_t41, _t53, _v28,  &_v24, 0, 0x50000000, 0, 0, E0131D71A(0x13bf2d0, _t41 + 0x20) & 0x0000ffff);
				 *((intOrPtr*)(_t47 + 0x4c)) = LoadBitmapW( *0x13c172c, 0xd0);
				if( *(_t41 + 0x2c) != 0 && DeleteObject( *(_t41 + 0x2c)) != 0) {
					 *(_t41 + 0x2c) = 0;
				}
				if( *(_t41 + 0x30) != 0 && DeleteObject( *(_t41 + 0x30)) != 0) {
					 *(_t41 + 0x30) = 0;
				}
				 *(_t41 + 0x2c) = LoadBitmapW( *0x13c172c, 0xd1);
				 *(_t41 + 0x30) = LoadBitmapW( *0x13c172c, 0xd2);
				return E013748C1(0, _t41, _v8 ^ _t50, _t45, 0, LoadBitmapW);
			}



















                                                                                                                                                                                                                                0x01320326
                                                                                                                                                                                                                                0x0132032d
                                                                                                                                                                                                                                0x01320335
                                                                                                                                                                                                                                0x01320336
                                                                                                                                                                                                                                0x0132033a
                                                                                                                                                                                                                                0x0132033d
                                                                                                                                                                                                                                0x01320343
                                                                                                                                                                                                                                0x01320346
                                                                                                                                                                                                                                0x01320349
                                                                                                                                                                                                                                0x0132034c
                                                                                                                                                                                                                                0x0132034f
                                                                                                                                                                                                                                0x01320352
                                                                                                                                                                                                                                0x01320358
                                                                                                                                                                                                                                0x0132035a
                                                                                                                                                                                                                                0x0132035a
                                                                                                                                                                                                                                0x01320360
                                                                                                                                                                                                                                0x01320389
                                                                                                                                                                                                                                0x0132039f
                                                                                                                                                                                                                                0x013203ab
                                                                                                                                                                                                                                0x013203b6
                                                                                                                                                                                                                                0x013203b6
                                                                                                                                                                                                                                0x013203bc
                                                                                                                                                                                                                                0x013203c7
                                                                                                                                                                                                                                0x013203c7
                                                                                                                                                                                                                                0x013203e2
                                                                                                                                                                                                                                0x013203f1
                                                                                                                                                                                                                                0x01320400

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: BitmapLoad$DeleteObject
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3795396168-0
                                                                                                                                                                                                                                • Opcode ID: 871731467f1d04993c0817cc13ec2c956ef2714d423db5a607ae411941d1c193
                                                                                                                                                                                                                                • Instruction ID: 617a37c57c29d25e9549859961b932ef338873a42f3edf5ea543aea3226e97b5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 871731467f1d04993c0817cc13ec2c956ef2714d423db5a607ae411941d1c193
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B215CB1900219EFDB21DF69DC80AAABFFDFB44704F50416BEA04E6259E771A844DF90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0137F16F, Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                			E0137F16F(void* __edx, void* __edi, void* __esi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t27;
				long _t30;

				if(_a4 != 0) {
					_push(__esi);
					_t30 = _a8;
					__eflags = _t30;
					if(_t30 != 0) {
						_push(__edi);
						while(1) {
							__eflags = _t30 - 0xffffffe0;
							if(_t30 > 0xffffffe0) {
								break;
							}
							__eflags = _t30;
							if(_t30 == 0) {
								_t30 = _t30 + 1;
								__eflags = _t30;
							}
							_t7 = HeapReAlloc( *0x13c1e9c, 0, _a4, _t30);
							_t27 = _t7;
							__eflags = _t27;
							if(_t27 != 0) {
								L17:
								_t8 = _t27;
							} else {
								__eflags =  *0x13c24e0 - _t7;
								if(__eflags == 0) {
									_t9 = E0137BDAC(__eflags);
									 *_t9 = E0137BD6A(GetLastError());
									goto L17;
								} else {
									__eflags = E0137F2CE(_t7, _t30);
									if(__eflags == 0) {
										_t12 = E0137BDAC(__eflags);
										 *_t12 = E0137BD6A(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E0137F2CE(_t6, _t30);
						 *((intOrPtr*)(E0137BDAC(__eflags))) = 0xc;
						goto L12;
					} else {
						E01375111(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E01376C17(__edx, __edi, __esi, _a8);
				}
			}









                                                                                                                                                                                                                                0x0137f178
                                                                                                                                                                                                                                0x0137f185
                                                                                                                                                                                                                                0x0137f186
                                                                                                                                                                                                                                0x0137f189
                                                                                                                                                                                                                                0x0137f18b
                                                                                                                                                                                                                                0x0137f19a
                                                                                                                                                                                                                                0x0137f1cd
                                                                                                                                                                                                                                0x0137f1cd
                                                                                                                                                                                                                                0x0137f1d0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137f19d
                                                                                                                                                                                                                                0x0137f19f
                                                                                                                                                                                                                                0x0137f1a1
                                                                                                                                                                                                                                0x0137f1a1
                                                                                                                                                                                                                                0x0137f1a1
                                                                                                                                                                                                                                0x0137f1ae
                                                                                                                                                                                                                                0x0137f1b4
                                                                                                                                                                                                                                0x0137f1b6
                                                                                                                                                                                                                                0x0137f1b8
                                                                                                                                                                                                                                0x0137f218
                                                                                                                                                                                                                                0x0137f218
                                                                                                                                                                                                                                0x0137f1ba
                                                                                                                                                                                                                                0x0137f1ba
                                                                                                                                                                                                                                0x0137f1c0
                                                                                                                                                                                                                                0x0137f202
                                                                                                                                                                                                                                0x0137f216
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137f1c2
                                                                                                                                                                                                                                0x0137f1c9
                                                                                                                                                                                                                                0x0137f1cb
                                                                                                                                                                                                                                0x0137f1ea
                                                                                                                                                                                                                                0x0137f1fe
                                                                                                                                                                                                                                0x0137f1e4
                                                                                                                                                                                                                                0x0137f1e4
                                                                                                                                                                                                                                0x0137f1e4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137f1cb
                                                                                                                                                                                                                                0x0137f1c0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137f1e6
                                                                                                                                                                                                                                0x0137f1d3
                                                                                                                                                                                                                                0x0137f1de
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0137f18d
                                                                                                                                                                                                                                0x0137f190
                                                                                                                                                                                                                                0x0137f196
                                                                                                                                                                                                                                0x0137f196
                                                                                                                                                                                                                                0x0137f1e7
                                                                                                                                                                                                                                0x0137f1e9
                                                                                                                                                                                                                                0x0137f17a
                                                                                                                                                                                                                                0x0137f184
                                                                                                                                                                                                                                0x0137f184

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 0137F17D
                                                                                                                                                                                                                                  • Part of subcall function 01376C17: __FF_MSGBANNER.LIBCMT ref: 01376C30
                                                                                                                                                                                                                                  • Part of subcall function 01376C17: __NMSG_WRITE.LIBCMT ref: 01376C37
                                                                                                                                                                                                                                  • Part of subcall function 01376C17: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,0137C61D,?,00000001,?,?,013822FD,00000018,013B0180,0000000C,0138238D), ref: 01376C5C
                                                                                                                                                                                                                                • _free.LIBCMT ref: 0137F190
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeap_free_malloc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1020059152-0
                                                                                                                                                                                                                                • Opcode ID: 8105cedcd203bc6cbf616679ec08cda3845100bde0c36dfedbed5da7127e9304
                                                                                                                                                                                                                                • Instruction ID: 46518e5406057f9b33c4661d9d5f2cc963cece95634a693a5610d0d66b0040b3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8105cedcd203bc6cbf616679ec08cda3845100bde0c36dfedbed5da7127e9304
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4311E336804616ABCB323F7CFC046597BADBB413BDF100126E8A997144DB3C88408791
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01315A18, Relevance: 7.6, APIs: 5, Instructions: 60windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 61%
                                                                                                                                                                                                                                			E01315A18(void* __ebx, void* __edi, intOrPtr* __esi, void* __eflags) {
				intOrPtr* _t35;
				intOrPtr* _t39;
				intOrPtr* _t45;
				intOrPtr* _t50;
				void* _t51;

				_t50 = __esi;
				_push(4);
				E0137C1D9(0x13913f3, __ebx, __edi, __esi);
				if( *((intOrPtr*)(__esi + 0x64)) != 0 && ( *(__esi + 0x98) & 0x00000002) == 0) {
					 *((intOrPtr*)(_t51 - 0x10)) = 0;
					 *(_t51 - 4) = 0;
					_t35 =  *((intOrPtr*)( *__esi + 0x10))();
					 *((intOrPtr*)( *_t35))(_t35, 0x13a0518, _t51 - 0x10);
					_t45 =  *((intOrPtr*)(_t51 - 0x10));
					if(_t45 != 0) {
						_t39 =  *((intOrPtr*)(__esi + 0x64));
						 *((intOrPtr*)( *_t39 + 0x2c))(_t39, 0xfffffffc, 0, _t45, 0,  *((intOrPtr*)(__esi + 4)), __esi + 0xb4);
						_t45 =  *((intOrPtr*)(_t51 - 0x10));
					}
					 *(_t51 - 4) =  *(_t51 - 4) | 0xffffffff;
					if(_t45 != 0) {
						 *((intOrPtr*)( *_t45 + 8))(_t45);
					}
				}
				if(( *(_t50 + 0x98) & 0x00000008) == 0) {
					if(IsChild( *(_t50 + 4), GetFocus()) != 0) {
						goto L11;
					}
					_push(GetWindow( *(_t50 + 4), 5));
					goto L10;
				} else {
					_push( *(_t50 + 4));
					L10:
					SetFocus();
					L11:
					 *((intOrPtr*)( *((intOrPtr*)(_t51 + 8)))) = 0;
					return E0137C2B1(0);
				}
			}








                                                                                                                                                                                                                                0x01315a18
                                                                                                                                                                                                                                0x01315a18
                                                                                                                                                                                                                                0x01315a1f
                                                                                                                                                                                                                                0x01315a29
                                                                                                                                                                                                                                0x01315a34
                                                                                                                                                                                                                                0x01315a37
                                                                                                                                                                                                                                0x01315a3e
                                                                                                                                                                                                                                0x01315a4d
                                                                                                                                                                                                                                0x01315a4f
                                                                                                                                                                                                                                0x01315a54
                                                                                                                                                                                                                                0x01315a56
                                                                                                                                                                                                                                0x01315a6b
                                                                                                                                                                                                                                0x01315a6e
                                                                                                                                                                                                                                0x01315a6e
                                                                                                                                                                                                                                0x01315a71
                                                                                                                                                                                                                                0x01315a77
                                                                                                                                                                                                                                0x01315a7c
                                                                                                                                                                                                                                0x01315a7c
                                                                                                                                                                                                                                0x01315a77
                                                                                                                                                                                                                                0x01315a86
                                                                                                                                                                                                                                0x01315a9f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01315aac
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01315a88
                                                                                                                                                                                                                                0x01315a88
                                                                                                                                                                                                                                0x01315aad
                                                                                                                                                                                                                                0x01315aad
                                                                                                                                                                                                                                0x01315ab3
                                                                                                                                                                                                                                0x01315ab6
                                                                                                                                                                                                                                0x01315abf
                                                                                                                                                                                                                                0x01315abf

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Focus$ChildH_prolog3Window
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3907702801-0
                                                                                                                                                                                                                                • Opcode ID: a5b3f159f0161592d3f5c65afd90aa470ff98027f7a1dfcfd395571523eaca1a
                                                                                                                                                                                                                                • Instruction ID: 97c58d0464e05074abe0a72baddab3c129d99a2bad98a4b7c8cb1d2600ff888e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5b3f159f0161592d3f5c65afd90aa470ff98027f7a1dfcfd395571523eaca1a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA217F71640705DFEB269F68C889E2ABBB9FF85708F14494CE5A6972A5D731A900CB10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013811AE, Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                                                			E013811AE(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t12;
				void* _t28;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t20 = __ebx;
				_push(0xc);
				_push(0x13b00b0);
				E0137EF80(__ebx, __edi, __esi);
				_t28 = E013813D7(__ebx, __edx, _t31);
				_t12 =  *0x13bcf8c; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t12) == 0) {
					L6:
					E01382372(_t20, _t26, 0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t29 = _t28 + 0x6c;
					 *((intOrPtr*)(_t30 - 0x1c)) = E01381161(_t29,  *0x13bd1d8);
					 *(_t30 - 4) = 0xfffffffe;
					E0138121B();
				} else {
					_t33 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E013813D7(_t20, __edx, _t33) + 0x6c));
					}
				}
				_t34 = _t29;
				if(_t29 == 0) {
					_push(0x20);
					E013791CF(_t25, _t34);
				}
				return E0137EFC5(_t29);
			}








                                                                                                                                                                                                                                0x013811ae
                                                                                                                                                                                                                                0x013811ae
                                                                                                                                                                                                                                0x013811ae
                                                                                                                                                                                                                                0x013811ae
                                                                                                                                                                                                                                0x013811ae
                                                                                                                                                                                                                                0x013811b0
                                                                                                                                                                                                                                0x013811b5
                                                                                                                                                                                                                                0x013811bf
                                                                                                                                                                                                                                0x013811c1
                                                                                                                                                                                                                                0x013811c9
                                                                                                                                                                                                                                0x013811ed
                                                                                                                                                                                                                                0x013811ef
                                                                                                                                                                                                                                0x013811f5
                                                                                                                                                                                                                                0x013811ff
                                                                                                                                                                                                                                0x0138120a
                                                                                                                                                                                                                                0x0138120d
                                                                                                                                                                                                                                0x01381214
                                                                                                                                                                                                                                0x013811cb
                                                                                                                                                                                                                                0x013811cb
                                                                                                                                                                                                                                0x013811cf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013811d1
                                                                                                                                                                                                                                0x013811d6
                                                                                                                                                                                                                                0x013811d6
                                                                                                                                                                                                                                0x013811cf
                                                                                                                                                                                                                                0x013811d9
                                                                                                                                                                                                                                0x013811db
                                                                                                                                                                                                                                0x013811dd
                                                                                                                                                                                                                                0x013811df
                                                                                                                                                                                                                                0x013811e4
                                                                                                                                                                                                                                0x013811ec

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 013811BA
                                                                                                                                                                                                                                  • Part of subcall function 013813D7: __getptd_noexit.LIBCMT ref: 013813DA
                                                                                                                                                                                                                                  • Part of subcall function 013813D7: __amsg_exit.LIBCMT ref: 013813E7
                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 013811D1
                                                                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 013811DF
                                                                                                                                                                                                                                • __lock.LIBCMT ref: 013811EF
                                                                                                                                                                                                                                • __updatetlocinfoEx_nolock.LIBCMT ref: 01381203
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 938513278-0
                                                                                                                                                                                                                                • Opcode ID: c457faf5516085b3a850b9d1c1783d9e5afa13f57d6ce0d1378ef3891307d608
                                                                                                                                                                                                                                • Instruction ID: ab0d5ec4848f85d8f869ad2e4f202d4f4b03caaeb4247606b4eaa675162c215d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c457faf5516085b3a850b9d1c1783d9e5afa13f57d6ce0d1378ef3891307d608
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DF0E232A407169FEB71BBFD9406B4E77E06F1072CF114149E600A7AC0DBB89602CB56
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01352B23, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 221COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                			E01352B23(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t93;
				intOrPtr _t107;
				void* _t111;
				intOrPtr _t112;
				intOrPtr _t121;
				void* _t126;
				intOrPtr _t129;
				void* _t130;
				void* _t136;
				void* _t139;
				intOrPtr _t163;
				void* _t182;
				intOrPtr _t183;
				intOrPtr _t184;
				void* _t185;
				intOrPtr _t187;

				_t181 = __esi;
				_push(0xd0);
				E0137C242(0x1392cbf, __ebx, __edi, __esi);
				_t175 = __ecx;
				 *((intOrPtr*)(_t182 - 0xc8)) =  *((intOrPtr*)(_t182 + 8));
				if(__ecx == 0) {
					L22:
					__eflags = 0;
					L23:
					return E0137C2C5(0, _t175, _t181);
				}
				 *((intOrPtr*)(_t182 - 0xc0)) = _t183;
				_t181 = _t182 - 0xd8;
				 *((intOrPtr*)(_t182 - 0xc0)) = _t183;
				E013531C7(_t182 - 0xd8, __ecx);
				 *(_t182 - 4) = 0;
				 *((intOrPtr*)(_t182 - 0x38)) = 7;
				 *((intOrPtr*)(_t182 - 0x3c)) = 0;
				 *((short*)(_t182 - 0x4c)) = 0;
				 *(_t182 - 4) = 1;
				_t93 = E0131107E(__ecx);
				 *((intOrPtr*)(_t182 - 0xc4)) = _t93;
				if(_t93 == 0) {
					L17:
					if( *((intOrPtr*)(_t182 - 0xd0)) == 0) {
						L21:
						E0131AA87(_t182 - 0x4c, 1, 0);
						_t82 = _t182 - 4;
						 *_t82 =  *(_t182 - 4) | 0xffffffff;
						__eflags =  *_t82;
						_push(_t182 - 0xd8);
						E01348C84(0, _t175, _t181,  *_t82);
						goto L22;
					}
					_t201 =  *((intOrPtr*)(_t182 - 0x3c));
					if( *((intOrPtr*)(_t182 - 0x3c)) == 0) {
						goto L21;
					}
					_t175 = E01352F4C(0, _t182 - 0x4c,  *((intOrPtr*)(_t182 - 0xc8)), _t181, _t201);
					E01352FFE(_t182 - 0xd8, _t182 - 0x4c, _t97);
					E0131AA87(_t182 - 0x4c, 1, 0);
					 *(_t182 - 4) =  *(_t182 - 4) | 0xffffffff;
					_push(_t182 - 0xd8);
					E01348C84(0, _t97, _t181, _t201);
					goto L23;
				} else {
					_t181 = 0xfde9;
					do {
						_t175 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t182 - 0xc4)))) + 0x14))();
						 *((intOrPtr*)(_t182 - 0xc0)) = _t175;
						if(_t175 != 0 &&  *((intOrPtr*)(_t175 + 0x20)) + 8 != 0) {
							_t111 = E01359BF2(_t175);
							_t193 = _t111;
							if(_t111 != 0) {
								_t112 = 0xf;
								 *((intOrPtr*)(_t182 - 0x8c)) = _t112;
								 *((intOrPtr*)(_t182 - 0x90)) = 0;
								 *((char*)(_t182 - 0xa0)) = 0;
								 *((intOrPtr*)(_t182 - 0x70)) = _t112;
								 *((intOrPtr*)(_t182 - 0x74)) = 0;
								 *((char*)(_t182 - 0x84)) = 0;
								 *(_t182 - 4) = 3;
								E01311568(_t182 - 0xa0, _t193,  *((intOrPtr*)(_t175 + 0x20)) + 8, E01375190( *((intOrPtr*)(_t175 + 0x20)) + 8));
								_t175 = E01359BF2( *((intOrPtr*)(_t182 - 0xc0)));
								E01311568(_t182 - 0x84, _t193, _t116, E01375190(_t116));
								if( *((intOrPtr*)(_t182 - 0x90)) != 0) {
									_t195 =  *((intOrPtr*)(_t182 - 0x74));
									if( *((intOrPtr*)(_t182 - 0x74)) != 0) {
										_t121 = 7;
										 *((intOrPtr*)(_t182 - 0x1c)) = _t121;
										 *(_t182 - 0x20) = 0;
										 *((short*)(_t182 - 0x30)) = 0;
										 *((intOrPtr*)(_t182 - 0x54)) = _t121;
										 *((intOrPtr*)(_t182 - 0x58)) = 0;
										 *((short*)(_t182 - 0x68)) = 0;
										_push(0xffffffff);
										_push(_t181);
										_push(_t181);
										_t184 = _t183 - 0x1c;
										 *((intOrPtr*)(_t182 - 0xc0)) = _t184;
										 *(_t182 - 4) = 5;
										E013116F0(_t184, _t182 - 0xa0);
										_push(_t182 - 0xbc);
										_t126 = E0135BED6(0, _t175, _t181, _t195);
										_t185 = _t184 + 0x2c;
										 *(_t182 - 4) = 6;
										E0131A941(_t182 - 0x30, _t126);
										 *(_t182 - 4) = 5;
										E0131AA87(_t182 - 0xbc, 1, 0);
										_t163 =  *((intOrPtr*)(_t182 - 0x30));
										_t173 = _t163;
										if( *((intOrPtr*)(_t182 - 0x1c)) >= 8) {
											_t129 = _t163;
										} else {
											_t173 = _t182 - 0x30;
											_t129 = _t182 - 0x30;
										}
										_t197 =  *((intOrPtr*)(_t182 - 0x1c)) - 8;
										_t179 =  *(_t182 - 0x20);
										_t130 = _t129 +  *(_t182 - 0x20) * 2;
										if( *((intOrPtr*)(_t182 - 0x1c)) < 8) {
											_t163 = _t182 - 0x30;
										}
										E01327736(_t182 - 0xdc, _t163, _t130, _t173, E0137814A);
										_push(0xffffffff);
										_push(_t181);
										_push(_t181);
										_t187 = _t185 + 0x14 - 0x1c;
										 *((intOrPtr*)(_t182 - 0xc0)) = _t187;
										E013116F0(_t187, _t182 - 0x84);
										_push(_t182 - 0xbc);
										_t136 = E0135BED6(0, _t179, _t181, _t197);
										_t183 = _t187 + 0x2c;
										 *(_t182 - 4) = 7;
										E0131A941(_t182 - 0x68, _t136);
										 *(_t182 - 4) = 5;
										E0131AA87(_t182 - 0xbc, 1, 0);
										_t139 = E01327839(_t173, _t182 - 0x30, _t197, L"offerid");
										_t198 = _t139;
										if(_t139 == 0) {
											E0131A995(_t182 - 0x4c, _t182 - 0x68, 0, 0xffffffff);
										}
										_t175 = _t182 - 0xd8;
										E0131A995(E01353072(0, _t182 - 0x30, _t182 - 0xd8, _t181, _t198), _t182 - 0x68, 0, 0xffffffff);
										E0131AA87(_t182 - 0x68, 1, 0);
										E0131AA87(_t182 - 0x30, 1, 0);
									}
								}
								E01311524(_t182 - 0x84, 1, 0);
								 *(_t182 - 4) = 1;
								E01311524(_t182 - 0xa0, 1, 0);
							}
						}
						_t107 = E0131105A( *((intOrPtr*)(_t182 - 0xc4)));
						 *((intOrPtr*)(_t182 - 0xc4)) = _t107;
					} while (_t107 != 0);
					goto L17;
				}
			}



















                                                                                                                                                                                                                                0x01352b23
                                                                                                                                                                                                                                0x01352b23
                                                                                                                                                                                                                                0x01352b2d
                                                                                                                                                                                                                                0x01352b35
                                                                                                                                                                                                                                0x01352b39
                                                                                                                                                                                                                                0x01352b41
                                                                                                                                                                                                                                0x01352e1a
                                                                                                                                                                                                                                0x01352e1a
                                                                                                                                                                                                                                0x01352e1c
                                                                                                                                                                                                                                0x01352e21
                                                                                                                                                                                                                                0x01352e21
                                                                                                                                                                                                                                0x01352b48
                                                                                                                                                                                                                                0x01352b4e
                                                                                                                                                                                                                                0x01352b54
                                                                                                                                                                                                                                0x01352b5a
                                                                                                                                                                                                                                0x01352b5f
                                                                                                                                                                                                                                0x01352b64
                                                                                                                                                                                                                                0x01352b6b
                                                                                                                                                                                                                                0x01352b6e
                                                                                                                                                                                                                                0x01352b74
                                                                                                                                                                                                                                0x01352b78
                                                                                                                                                                                                                                0x01352b7d
                                                                                                                                                                                                                                0x01352b85
                                                                                                                                                                                                                                0x01352db1
                                                                                                                                                                                                                                0x01352db7
                                                                                                                                                                                                                                0x01352dff
                                                                                                                                                                                                                                0x01352e05
                                                                                                                                                                                                                                0x01352e0a
                                                                                                                                                                                                                                0x01352e0a
                                                                                                                                                                                                                                0x01352e0a
                                                                                                                                                                                                                                0x01352e14
                                                                                                                                                                                                                                0x01352e15
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01352e15
                                                                                                                                                                                                                                0x01352db9
                                                                                                                                                                                                                                0x01352dbc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01352dcc
                                                                                                                                                                                                                                0x01352dd4
                                                                                                                                                                                                                                0x01352ddf
                                                                                                                                                                                                                                0x01352de4
                                                                                                                                                                                                                                0x01352dee
                                                                                                                                                                                                                                0x01352def
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01352b8b
                                                                                                                                                                                                                                0x01352b8b
                                                                                                                                                                                                                                0x01352b90
                                                                                                                                                                                                                                0x01352b9b
                                                                                                                                                                                                                                0x01352b9d
                                                                                                                                                                                                                                0x01352ba5
                                                                                                                                                                                                                                0x01352bb9
                                                                                                                                                                                                                                0x01352bbe
                                                                                                                                                                                                                                0x01352bc0
                                                                                                                                                                                                                                0x01352bc8
                                                                                                                                                                                                                                0x01352bc9
                                                                                                                                                                                                                                0x01352bcf
                                                                                                                                                                                                                                0x01352bd5
                                                                                                                                                                                                                                0x01352bdb
                                                                                                                                                                                                                                0x01352bde
                                                                                                                                                                                                                                0x01352be1
                                                                                                                                                                                                                                0x01352be7
                                                                                                                                                                                                                                0x01352c00
                                                                                                                                                                                                                                0x01352c10
                                                                                                                                                                                                                                0x01352c21
                                                                                                                                                                                                                                0x01352c2c
                                                                                                                                                                                                                                0x01352c32
                                                                                                                                                                                                                                0x01352c35
                                                                                                                                                                                                                                0x01352c3d
                                                                                                                                                                                                                                0x01352c40
                                                                                                                                                                                                                                0x01352c43
                                                                                                                                                                                                                                0x01352c46
                                                                                                                                                                                                                                0x01352c4a
                                                                                                                                                                                                                                0x01352c4f
                                                                                                                                                                                                                                0x01352c52
                                                                                                                                                                                                                                0x01352c56
                                                                                                                                                                                                                                0x01352c58
                                                                                                                                                                                                                                0x01352c59
                                                                                                                                                                                                                                0x01352c5a
                                                                                                                                                                                                                                0x01352c65
                                                                                                                                                                                                                                0x01352c6c
                                                                                                                                                                                                                                0x01352c70
                                                                                                                                                                                                                                0x01352c7b
                                                                                                                                                                                                                                0x01352c7c
                                                                                                                                                                                                                                0x01352c81
                                                                                                                                                                                                                                0x01352c88
                                                                                                                                                                                                                                0x01352c8c
                                                                                                                                                                                                                                0x01352c9a
                                                                                                                                                                                                                                0x01352c9e
                                                                                                                                                                                                                                0x01352ca7
                                                                                                                                                                                                                                0x01352caa
                                                                                                                                                                                                                                0x01352cac
                                                                                                                                                                                                                                0x01352df8
                                                                                                                                                                                                                                0x01352cb2
                                                                                                                                                                                                                                0x01352cb2
                                                                                                                                                                                                                                0x01352cb5
                                                                                                                                                                                                                                0x01352cb5
                                                                                                                                                                                                                                0x01352cb7
                                                                                                                                                                                                                                0x01352cbb
                                                                                                                                                                                                                                0x01352cbe
                                                                                                                                                                                                                                0x01352cc1
                                                                                                                                                                                                                                0x01352cc3
                                                                                                                                                                                                                                0x01352cc3
                                                                                                                                                                                                                                0x01352cd5
                                                                                                                                                                                                                                0x01352cdd
                                                                                                                                                                                                                                0x01352cdf
                                                                                                                                                                                                                                0x01352ce0
                                                                                                                                                                                                                                0x01352ce1
                                                                                                                                                                                                                                0x01352cec
                                                                                                                                                                                                                                0x01352cf3
                                                                                                                                                                                                                                0x01352cfe
                                                                                                                                                                                                                                0x01352cff
                                                                                                                                                                                                                                0x01352d04
                                                                                                                                                                                                                                0x01352d0b
                                                                                                                                                                                                                                0x01352d0f
                                                                                                                                                                                                                                0x01352d1d
                                                                                                                                                                                                                                0x01352d21
                                                                                                                                                                                                                                0x01352d2e
                                                                                                                                                                                                                                0x01352d33
                                                                                                                                                                                                                                0x01352d35
                                                                                                                                                                                                                                0x01352d41
                                                                                                                                                                                                                                0x01352d41
                                                                                                                                                                                                                                0x01352d49
                                                                                                                                                                                                                                0x01352d5d
                                                                                                                                                                                                                                0x01352d68
                                                                                                                                                                                                                                0x01352d73
                                                                                                                                                                                                                                0x01352d73
                                                                                                                                                                                                                                0x01352c35
                                                                                                                                                                                                                                0x01352d81
                                                                                                                                                                                                                                0x01352d8f
                                                                                                                                                                                                                                0x01352d93
                                                                                                                                                                                                                                0x01352d93
                                                                                                                                                                                                                                0x01352bc0
                                                                                                                                                                                                                                0x01352d9e
                                                                                                                                                                                                                                0x01352da3
                                                                                                                                                                                                                                0x01352da9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01352b90

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01352B2D
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01352BF2
                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 01352C13
                                                                                                                                                                                                                                  • Part of subcall function 01311568: _memmove.LIBCMT ref: 013115B9
                                                                                                                                                                                                                                  • Part of subcall function 0135BED6: __EH_prolog3_GS.LIBCMT ref: 0135BEDD
                                                                                                                                                                                                                                  • Part of subcall function 0135BED6: MultiByteToWideChar.KERNEL32(0135D1A8,00000000,?,00000000,00000000,00000000,00000028,0135D1A8,?), ref: 0135BF0C
                                                                                                                                                                                                                                  • Part of subcall function 0131A941: _memmove.LIBCMT ref: 0131A968
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove$H_prolog3__strlen$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID: offerid
                                                                                                                                                                                                                                • API String ID: 2512056922-2367701880
                                                                                                                                                                                                                                • Opcode ID: b6198a75451a70176c888e638e26cc2536c7c880053a76a936056507be363719
                                                                                                                                                                                                                                • Instruction ID: 423db00aced861fd571fe12745e3808167388bc6ecff761f61c8dd22c1295003
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6198a75451a70176c888e638e26cc2536c7c880053a76a936056507be363719
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92815F71D0125AEEDF14EBA8CC90FEEBBB4BF14718F1441A9E519A7280DB705A84CB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013201F2, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                			E013201F2(char* __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				char _v28;
				intOrPtr _v32;
				char _v36;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* _v68;
				void* _v72;
				intOrPtr _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t55;
				intOrPtr _t57;
				signed int _t66;
				intOrPtr _t68;
				void* _t78;
				int _t81;
				void* _t82;
				intOrPtr _t91;
				intOrPtr _t93;
				signed int _t95;
				void* _t96;
				intOrPtr _t97;
				char* _t98;
				intOrPtr _t110;
				char* _t112;
				intOrPtr _t113;
				intOrPtr _t115;
				signed int _t117;
				intOrPtr _t118;
				intOrPtr _t119;
				intOrPtr _t122;
				signed int _t123;
				signed int _t125;

				_t110 = __edx;
				_t98 = __ecx;
				_t55 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t55 ^ _t123;
				_t112 = __ecx;
				_t57 =  *((intOrPtr*)(__ecx + 0xd0));
				_t117 = 0;
				if( *((intOrPtr*)(_t57 + 0x61c)) <= 0) {
					L10:
					E01320401(1, _t95, _t112, _t117);
					E01319638( &_v36, "true");
					E0135CD33( &_v36, _t112 + 0x6c);
					E01311524( &_v36, 1, 0);
					_pop(_t113);
					_pop(_t118);
					return E013748C1(0, _t95, _v8 ^ _t123, _t110, _t113, _t118);
				} else {
					_push(_t95);
					while(_t117 >= 0 && _t117 <  *((intOrPtr*)(_t57 + 0x61c))) {
						_t95 = _t117;
						_t98 =  *((intOrPtr*)( *((intOrPtr*)(_t57 + 0x618)) + _t95 * 4)) + 0x98;
						if(E01320930(_t112 + 0x98, _t98) == 0) {
							L8:
							_t57 =  *((intOrPtr*)(_t112 + 0xd0));
							_t117 = _t117 + 1;
							if(_t117 <  *((intOrPtr*)(_t57 + 0x61c))) {
								continue;
							} else {
								_pop(_t95);
								goto L10;
							}
						} else {
							_t98 =  &_v36;
							E01319638(_t98, "false");
							_t86 =  *((intOrPtr*)(_t112 + 0xd0));
							if(_t117 >=  *((intOrPtr*)( *((intOrPtr*)(_t112 + 0xd0)) + 0x61c))) {
								break;
							} else {
								E0135CD33( &_v36,  *((intOrPtr*)( *((intOrPtr*)(_t86 + 0x618)) + _t95 * 4)) + 0x6c);
								_t98 =  &_v36;
								E01311524(_t98, 1, 0);
								_t91 =  *((intOrPtr*)(_t112 + 0xd0));
								if(_t117 >=  *((intOrPtr*)(_t91 + 0x61c))) {
									break;
								} else {
									_t93 =  *((intOrPtr*)( *((intOrPtr*)(_t91 + 0x618)) + _t95 * 4));
									 *((char*)(_t93 + 0x5c)) = 0;
									 *((char*)(_t93 + 0x59)) = 0;
									RedrawWindow( *(_t93 + 0x28), 0, 0, 0x105);
									goto L8;
								}
							}
						}
						goto L21;
					}
					RaiseException(0xc000008c, 1, 0, 0);
					asm("int3");
					_push(_t123);
					_t124 = _t125;
					_t66 =  *0x13bce20; // 0xa1d783ff
					_v56 = _t66 ^ _t125;
					_push(_t95);
					_push(_t117);
					_push(_t112);
					_t68 = 0xe;
					_t119 = _t98;
					_v60 = _t68;
					_v64 = _t68;
					 *((intOrPtr*)(_t119 + 0x48)) = _t119;
					_v68 = 0;
					_v72 = 0;
					_v76 =  *((intOrPtr*)(_t119 + 4));
					_t96 = _t119 + 0x24;
					__eflags =  *0x13bf300; // 0x0
					if(__eflags == 0) {
						 *0x13bf300 = 0;
					}
					_push(_v32);
					E01347E09(_t96, __eflags, _v32,  &_v28, 0, 0x50000000, 0, 0, E0131D71A(0x13bf2d0, _t96 + 0x20) & 0x0000ffff);
					 *((intOrPtr*)(_t119 + 0x4c)) = LoadBitmapW( *0x13c172c, 0xd0);
					__eflags =  *(_t96 + 0x2c);
					if( *(_t96 + 0x2c) != 0) {
						_t82 = DeleteObject( *(_t96 + 0x2c));
						__eflags = _t82;
						if(_t82 != 0) {
							 *(_t96 + 0x2c) = 0;
						}
					}
					__eflags =  *(_t96 + 0x30);
					if( *(_t96 + 0x30) != 0) {
						_t81 = DeleteObject( *(_t96 + 0x30));
						__eflags = _t81;
						if(_t81 != 0) {
							 *(_t96 + 0x30) = 0;
						}
					}
					 *(_t96 + 0x2c) = LoadBitmapW( *0x13c172c, 0xd1);
					_t78 = LoadBitmapW( *0x13c172c, 0xd2);
					_pop(_t115);
					 *(_t96 + 0x30) = _t78;
					_pop(_t122);
					__eflags = 0;
					_pop(_t97);
					return E013748C1(0, _t97, _v12 ^ _t124, _t110, _t115, _t122);
				}
				L21:
			}








































                                                                                                                                                                                                                                0x013201f2
                                                                                                                                                                                                                                0x013201f2
                                                                                                                                                                                                                                0x013201f8
                                                                                                                                                                                                                                0x013201ff
                                                                                                                                                                                                                                0x01320204
                                                                                                                                                                                                                                0x01320206
                                                                                                                                                                                                                                0x0132020c
                                                                                                                                                                                                                                0x01320214
                                                                                                                                                                                                                                0x013202d3
                                                                                                                                                                                                                                0x013202d5
                                                                                                                                                                                                                                0x013202e2
                                                                                                                                                                                                                                0x013202ed
                                                                                                                                                                                                                                0x013202f9
                                                                                                                                                                                                                                0x01320301
                                                                                                                                                                                                                                0x01320306
                                                                                                                                                                                                                                0x0132030d
                                                                                                                                                                                                                                0x0132021a
                                                                                                                                                                                                                                0x0132021a
                                                                                                                                                                                                                                0x0132021b
                                                                                                                                                                                                                                0x01320235
                                                                                                                                                                                                                                0x01320240
                                                                                                                                                                                                                                0x0132024d
                                                                                                                                                                                                                                0x013202bf
                                                                                                                                                                                                                                0x013202bf
                                                                                                                                                                                                                                0x013202c5
                                                                                                                                                                                                                                0x013202cc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013202d2
                                                                                                                                                                                                                                0x013202d2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013202d2
                                                                                                                                                                                                                                0x0132024f
                                                                                                                                                                                                                                0x01320254
                                                                                                                                                                                                                                0x01320257
                                                                                                                                                                                                                                0x0132025c
                                                                                                                                                                                                                                0x01320268
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132026e
                                                                                                                                                                                                                                0x0132027d
                                                                                                                                                                                                                                0x01320286
                                                                                                                                                                                                                                0x01320289
                                                                                                                                                                                                                                0x0132028e
                                                                                                                                                                                                                                0x0132029a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132029c
                                                                                                                                                                                                                                0x013202a2
                                                                                                                                                                                                                                0x013202b1
                                                                                                                                                                                                                                0x013202b5
                                                                                                                                                                                                                                0x013202b9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013202b9
                                                                                                                                                                                                                                0x0132029a
                                                                                                                                                                                                                                0x01320268
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0132024d
                                                                                                                                                                                                                                0x01320319
                                                                                                                                                                                                                                0x0132031f
                                                                                                                                                                                                                                0x01320320
                                                                                                                                                                                                                                0x01320321
                                                                                                                                                                                                                                0x01320326
                                                                                                                                                                                                                                0x0132032d
                                                                                                                                                                                                                                0x01320330
                                                                                                                                                                                                                                0x01320331
                                                                                                                                                                                                                                0x01320332
                                                                                                                                                                                                                                0x01320335
                                                                                                                                                                                                                                0x01320336
                                                                                                                                                                                                                                0x0132033a
                                                                                                                                                                                                                                0x0132033d
                                                                                                                                                                                                                                0x01320343
                                                                                                                                                                                                                                0x01320346
                                                                                                                                                                                                                                0x01320349
                                                                                                                                                                                                                                0x0132034c
                                                                                                                                                                                                                                0x0132034f
                                                                                                                                                                                                                                0x01320352
                                                                                                                                                                                                                                0x01320358
                                                                                                                                                                                                                                0x0132035a
                                                                                                                                                                                                                                0x0132035a
                                                                                                                                                                                                                                0x01320360
                                                                                                                                                                                                                                0x01320389
                                                                                                                                                                                                                                0x0132039f
                                                                                                                                                                                                                                0x013203a8
                                                                                                                                                                                                                                0x013203ab
                                                                                                                                                                                                                                0x013203b0
                                                                                                                                                                                                                                0x013203b2
                                                                                                                                                                                                                                0x013203b4
                                                                                                                                                                                                                                0x013203b6
                                                                                                                                                                                                                                0x013203b6
                                                                                                                                                                                                                                0x013203b4
                                                                                                                                                                                                                                0x013203b9
                                                                                                                                                                                                                                0x013203bc
                                                                                                                                                                                                                                0x013203c1
                                                                                                                                                                                                                                0x013203c3
                                                                                                                                                                                                                                0x013203c5
                                                                                                                                                                                                                                0x013203c7
                                                                                                                                                                                                                                0x013203c7
                                                                                                                                                                                                                                0x013203c5
                                                                                                                                                                                                                                0x013203e2
                                                                                                                                                                                                                                0x013203eb
                                                                                                                                                                                                                                0x013203f0
                                                                                                                                                                                                                                0x013203f1
                                                                                                                                                                                                                                0x013203f4
                                                                                                                                                                                                                                0x013203f7
                                                                                                                                                                                                                                0x013203f9
                                                                                                                                                                                                                                0x01320400
                                                                                                                                                                                                                                0x01320400
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RedrawWindow.USER32 ref: 013202B9
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,?), ref: 01320319
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0135CD33: WritePrivateProfileStringA.KERNEL32(66706300,?,?,02CE7A00), ref: 0135CD6F
                                                                                                                                                                                                                                  • Part of subcall function 01311524: _memmove.LIBCMT ref: 01311544
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionPrivateProfileRaiseRedrawStringWindowWrite_memmove_strlen
                                                                                                                                                                                                                                • String ID: false$true
                                                                                                                                                                                                                                • API String ID: 2279222524-2658103896
                                                                                                                                                                                                                                • Opcode ID: 9532ae660858b4df5b746b9f808910718074f8853e06f4994d90dd83bee896bb
                                                                                                                                                                                                                                • Instruction ID: 7edc4581a54d4c859635ed3ae0044ef5a54717b2463d489214721f9c720038ee
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9532ae660858b4df5b746b9f808910718074f8853e06f4994d90dd83bee896bb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB31E5316002199FDB18EB6CC890FDCB7F2BF58718F0500A5F5057B2A1CB61B955CBA4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013279EA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 90%
                                                                                                                                                                                                                                			E013279EA(void* __eax, signed int __ecx, void* __eflags, intOrPtr _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t15;
				intOrPtr _t18;
				intOrPtr* _t19;
				intOrPtr* _t22;
				intOrPtr* _t24;
				signed int _t25;
				intOrPtr _t28;
				signed int _t29;
				intOrPtr* _t36;
				void* _t40;
				intOrPtr* _t42;

				_t32 = __ecx;
				_t28 = _a4;
				_t40 = __eax;
				_t42 = __ecx;
				if(E0131C6EE(__ecx, _t28) == 0) {
					_t3 = _t42 + 0x10; // 0x5959fffe
					_t15 =  *_t3;
					if((__ecx | 0xffffffff) - _t15 <= _t40) {
						_t15 = E013631D4("string too long");
					}
					if(_t40 != 0) {
						_t29 = _t15 + _t40;
						if(E0131B8E0(_t29, _t42, _t40, _t29, 0) != 0) {
							_t5 = _t42 + 0x14; // 0x9c4d8d50
							_t18 =  *_t5;
							if(_t18 < 8) {
								_t36 = _t42;
							} else {
								_t36 =  *_t42;
							}
							if(_t18 < 8) {
								_t19 = _t42;
							} else {
								_t19 =  *_t42;
							}
							_t6 = _t42 + 0x10; // 0x5959fffe
							_t41 = _t40 + _t40;
							E01374DB0(_t19 + _t40 + _t40, _t36,  *_t6 +  *_t6);
							if( *((intOrPtr*)(_t42 + 0x14)) < 8) {
								_t22 = _t42;
							} else {
								_t22 =  *_t42;
							}
							E013748D0(_t22, _a4, _t41);
							 *(_t42 + 0x10) = _t29;
							if( *((intOrPtr*)(_t42 + 0x14)) < 8) {
								_t24 = _t42;
							} else {
								_t24 =  *_t42;
							}
							 *((short*)(_t24 + _t29 * 2)) = 0;
						}
					}
					return _t42;
				}
				if( *((intOrPtr*)(__ecx + 0x14)) < 8) {
					_t25 = __ecx;
				} else {
					_t25 =  *__ecx;
				}
				_push(_t28 - _t25 >> 1);
				return E013278DD(_t40, _t28 - _t25 >> 1, _t32, _t42, _t42);
			}

















                                                                                                                                                                                                                                0x013279ea
                                                                                                                                                                                                                                0x013279ee
                                                                                                                                                                                                                                0x013279f4
                                                                                                                                                                                                                                0x013279f6
                                                                                                                                                                                                                                0x013279ff
                                                                                                                                                                                                                                0x01327a1f
                                                                                                                                                                                                                                0x01327a1f
                                                                                                                                                                                                                                0x01327a29
                                                                                                                                                                                                                                0x01327a30
                                                                                                                                                                                                                                0x01327a30
                                                                                                                                                                                                                                0x01327a37
                                                                                                                                                                                                                                0x01327a39
                                                                                                                                                                                                                                0x01327a48
                                                                                                                                                                                                                                0x01327a4a
                                                                                                                                                                                                                                0x01327a4a
                                                                                                                                                                                                                                0x01327a50
                                                                                                                                                                                                                                0x01327a56
                                                                                                                                                                                                                                0x01327a52
                                                                                                                                                                                                                                0x01327a52
                                                                                                                                                                                                                                0x01327a52
                                                                                                                                                                                                                                0x01327a5b
                                                                                                                                                                                                                                0x01327a61
                                                                                                                                                                                                                                0x01327a5d
                                                                                                                                                                                                                                0x01327a5d
                                                                                                                                                                                                                                0x01327a5d
                                                                                                                                                                                                                                0x01327a63
                                                                                                                                                                                                                                0x01327a69
                                                                                                                                                                                                                                0x01327a6f
                                                                                                                                                                                                                                0x01327a7b
                                                                                                                                                                                                                                0x01327a81
                                                                                                                                                                                                                                0x01327a7d
                                                                                                                                                                                                                                0x01327a7d
                                                                                                                                                                                                                                0x01327a7d
                                                                                                                                                                                                                                0x01327a88
                                                                                                                                                                                                                                0x01327a94
                                                                                                                                                                                                                                0x01327a97
                                                                                                                                                                                                                                0x01327a9d
                                                                                                                                                                                                                                0x01327a99
                                                                                                                                                                                                                                0x01327a99
                                                                                                                                                                                                                                0x01327a99
                                                                                                                                                                                                                                0x01327aa1
                                                                                                                                                                                                                                0x01327aa1
                                                                                                                                                                                                                                0x01327a48
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01327aa5
                                                                                                                                                                                                                                0x01327a05
                                                                                                                                                                                                                                0x01327a0b
                                                                                                                                                                                                                                0x01327a07
                                                                                                                                                                                                                                0x01327a07
                                                                                                                                                                                                                                0x01327a07
                                                                                                                                                                                                                                0x01327a11
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                                                                • API String ID: 1771113911-2556327735
                                                                                                                                                                                                                                • Opcode ID: 7dda14220bfb5f68f3e0197a977b001ab92cdd56e4ad1b5508b1875892b8d824
                                                                                                                                                                                                                                • Instruction ID: 5a0bb2b31d49da11bf2875b4a6eb0f8f3ec19f38613dab7967d106d643c128ec
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7dda14220bfb5f68f3e0197a977b001ab92cdd56e4ad1b5508b1875892b8d824
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F21D1317102649BE634AEACDC84D1ABBFAFBA5B7C714091DE586C7740DB20EE04C7A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131F16D, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                                                                			E0131F16D(intOrPtr __edx, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v16;
				char _v36;
				char _v40;
				char _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t22;
				intOrPtr _t24;
				void* _t25;
				char* _t28;
				intOrPtr _t53;
				intOrPtr* _t54;
				intOrPtr _t55;
				char _t56;
				signed int _t57;

				_t53 = __edx;
				_t22 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t22 ^ _t57;
				_t24 =  *0x13bc000; // 0x139c820
				_t54 = _a8;
				_t25 =  *((intOrPtr*)(_t24 + 0xc))();
				_t42 = 0;
				_t4 = _t25 + 0x10; // 0x10
				_t56 = _t4;
				_v40 = _t56;
				if(_t54 != 0) {
					_push( &_v36);
					_v44 = 0;
					E013242DA(0,  &_v44, _t54, _t56, __eflags);
					__eflags = _v44;
					if(_v44 == 0) {
						__eflags = _v16 - 8;
						_t28 = _v36;
						if(_v16 < 8) {
							_t28 =  &_v36;
						}
						__imp__#2(_t28);
						 *_t54 = _t28;
						__eflags = _t28 - _t42;
						if(_t28 != _t42) {
							E0131AA87( &_v36, 1, _t42);
							_t55 = 0;
							L3:
							_t8 = _t56 - 0x10; // 0x0
							E0131EAF8(_t8, _t53);
							return E013748C1(_t55, _t42, _v8 ^ _t57, _t53, _t55, _t56);
						}
						E01326209( &_v40, L"Return buffer allocation NULL");
						L6:
						E0131AA87( &_v36, 1, _t42);
						_t55 = 0x80004005;
						L2:
						_t56 = _v40;
						_t42 = 0x13a0bcc;
						L0131E99D(0x13a0bcc, _t56, 0x13a0bcc, _t55);
						goto L3;
					}
					E01327581( &_v40, _t53, L"Failed to get GChrome HPR value. Win32 error code %d", _v44);
					goto L6;
				}
				E01326209( &_v40, L"Invalid argument");
				_t55 = 0x80070057;
				goto L2;
			}





















                                                                                                                                                                                                                                0x0131f16d
                                                                                                                                                                                                                                0x0131f173
                                                                                                                                                                                                                                0x0131f17a
                                                                                                                                                                                                                                0x0131f17d
                                                                                                                                                                                                                                0x0131f185
                                                                                                                                                                                                                                0x0131f18d
                                                                                                                                                                                                                                0x0131f190
                                                                                                                                                                                                                                0x0131f192
                                                                                                                                                                                                                                0x0131f192
                                                                                                                                                                                                                                0x0131f195
                                                                                                                                                                                                                                0x0131f19a
                                                                                                                                                                                                                                0x0131f1de
                                                                                                                                                                                                                                0x0131f1e2
                                                                                                                                                                                                                                0x0131f1e5
                                                                                                                                                                                                                                0x0131f1eb
                                                                                                                                                                                                                                0x0131f1ee
                                                                                                                                                                                                                                0x0131f214
                                                                                                                                                                                                                                0x0131f218
                                                                                                                                                                                                                                0x0131f21b
                                                                                                                                                                                                                                0x0131f21d
                                                                                                                                                                                                                                0x0131f21d
                                                                                                                                                                                                                                0x0131f221
                                                                                                                                                                                                                                0x0131f227
                                                                                                                                                                                                                                0x0131f229
                                                                                                                                                                                                                                0x0131f22b
                                                                                                                                                                                                                                0x0131f243
                                                                                                                                                                                                                                0x0131f248
                                                                                                                                                                                                                                0x0131f1c0
                                                                                                                                                                                                                                0x0131f1c0
                                                                                                                                                                                                                                0x0131f1c3
                                                                                                                                                                                                                                0x0131f1d8
                                                                                                                                                                                                                                0x0131f1d8
                                                                                                                                                                                                                                0x0131f236
                                                                                                                                                                                                                                0x0131f202
                                                                                                                                                                                                                                0x0131f208
                                                                                                                                                                                                                                0x0131f20d
                                                                                                                                                                                                                                0x0131f1af
                                                                                                                                                                                                                                0x0131f1af
                                                                                                                                                                                                                                0x0131f1b3
                                                                                                                                                                                                                                0x0131f1bb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131f1bb
                                                                                                                                                                                                                                0x0131f1fb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131f201
                                                                                                                                                                                                                                0x0131f1a5
                                                                                                                                                                                                                                0x0131f1aa
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01326209: _wcslen.LIBCMT ref: 01326216
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 0131F221
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Invalid argument, xrefs: 0131F19C
                                                                                                                                                                                                                                • Failed to get GChrome HPR value. Win32 error code %d, xrefs: 0131F1F6
                                                                                                                                                                                                                                • Return buffer allocation NULL, xrefs: 0131F22D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString_wcslen
                                                                                                                                                                                                                                • String ID: Failed to get GChrome HPR value. Win32 error code %d$Invalid argument$Return buffer allocation NULL
                                                                                                                                                                                                                                • API String ID: 1837159753-1011807906
                                                                                                                                                                                                                                • Opcode ID: 75adedfa8b99699a6d4bd78c8c3b3deddadf2e43838622bf102290d364d53f76
                                                                                                                                                                                                                                • Instruction ID: 818d541e1d7a0fc291a5cf3543b5becb9984bfda792a46430f04bae513c3d61b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75adedfa8b99699a6d4bd78c8c3b3deddadf2e43838622bf102290d364d53f76
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68217C76A0021DABDB04EFA9C885CDDB7BCFF6D318B54002AE502B7244DA75A9098B60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131F08B, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                                                                			E0131F08B(intOrPtr __edx, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v16;
				char _v36;
				char _v40;
				char _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t22;
				intOrPtr _t24;
				void* _t25;
				char* _t28;
				intOrPtr _t53;
				intOrPtr* _t54;
				intOrPtr _t55;
				char _t56;
				signed int _t57;

				_t53 = __edx;
				_t22 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t22 ^ _t57;
				_t24 =  *0x13bc000; // 0x139c820
				_t54 = _a8;
				_t25 =  *((intOrPtr*)(_t24 + 0xc))();
				_t42 = 0;
				_t4 = _t25 + 0x10; // 0x10
				_t56 = _t4;
				_v40 = _t56;
				if(_t54 != 0) {
					_push( &_v36);
					_v44 = 0;
					E01323F5D(0,  &_v44, _t54, _t56, __eflags);
					__eflags = _v44;
					if(_v44 == 0) {
						__eflags = _v16 - 8;
						_t28 = _v36;
						if(_v16 < 8) {
							_t28 =  &_v36;
						}
						__imp__#2(_t28);
						 *_t54 = _t28;
						__eflags = _t28 - _t42;
						if(_t28 != _t42) {
							E0131AA87( &_v36, 1, _t42);
							_t55 = 0;
							L3:
							_t8 = _t56 - 0x10; // 0x0
							E0131EAF8(_t8, _t53);
							return E013748C1(_t55, _t42, _v8 ^ _t57, _t53, _t55, _t56);
						}
						E01326209( &_v40, L"Return buffer allocation NULL");
						L6:
						E0131AA87( &_v36, 1, _t42);
						_t55 = 0x80004005;
						L2:
						_t56 = _v40;
						_t42 = 0x13a0bcc;
						L0131E99D(0x13a0bcc, _t56, 0x13a0bcc, _t55);
						goto L3;
					}
					E01327581( &_v40, _t53, L"Failed to get GChrome DS value. Win32 error code %d", _v44);
					goto L6;
				}
				E01326209( &_v40, L"Invalid argument");
				_t55 = 0x80070057;
				goto L2;
			}





















                                                                                                                                                                                                                                0x0131f08b
                                                                                                                                                                                                                                0x0131f091
                                                                                                                                                                                                                                0x0131f098
                                                                                                                                                                                                                                0x0131f09b
                                                                                                                                                                                                                                0x0131f0a3
                                                                                                                                                                                                                                0x0131f0ab
                                                                                                                                                                                                                                0x0131f0ae
                                                                                                                                                                                                                                0x0131f0b0
                                                                                                                                                                                                                                0x0131f0b0
                                                                                                                                                                                                                                0x0131f0b3
                                                                                                                                                                                                                                0x0131f0b8
                                                                                                                                                                                                                                0x0131f0fc
                                                                                                                                                                                                                                0x0131f100
                                                                                                                                                                                                                                0x0131f103
                                                                                                                                                                                                                                0x0131f109
                                                                                                                                                                                                                                0x0131f10c
                                                                                                                                                                                                                                0x0131f132
                                                                                                                                                                                                                                0x0131f136
                                                                                                                                                                                                                                0x0131f139
                                                                                                                                                                                                                                0x0131f13b
                                                                                                                                                                                                                                0x0131f13b
                                                                                                                                                                                                                                0x0131f13f
                                                                                                                                                                                                                                0x0131f145
                                                                                                                                                                                                                                0x0131f147
                                                                                                                                                                                                                                0x0131f149
                                                                                                                                                                                                                                0x0131f161
                                                                                                                                                                                                                                0x0131f166
                                                                                                                                                                                                                                0x0131f0de
                                                                                                                                                                                                                                0x0131f0de
                                                                                                                                                                                                                                0x0131f0e1
                                                                                                                                                                                                                                0x0131f0f6
                                                                                                                                                                                                                                0x0131f0f6
                                                                                                                                                                                                                                0x0131f154
                                                                                                                                                                                                                                0x0131f120
                                                                                                                                                                                                                                0x0131f126
                                                                                                                                                                                                                                0x0131f12b
                                                                                                                                                                                                                                0x0131f0cd
                                                                                                                                                                                                                                0x0131f0cd
                                                                                                                                                                                                                                0x0131f0d1
                                                                                                                                                                                                                                0x0131f0d9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131f0d9
                                                                                                                                                                                                                                0x0131f119
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131f11f
                                                                                                                                                                                                                                0x0131f0c3
                                                                                                                                                                                                                                0x0131f0c8
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01326209: _wcslen.LIBCMT ref: 01326216
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 0131F13F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Invalid argument, xrefs: 0131F0BA
                                                                                                                                                                                                                                • Return buffer allocation NULL, xrefs: 0131F14B
                                                                                                                                                                                                                                • Failed to get GChrome DS value. Win32 error code %d, xrefs: 0131F114
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString_wcslen
                                                                                                                                                                                                                                • String ID: Failed to get GChrome DS value. Win32 error code %d$Invalid argument$Return buffer allocation NULL
                                                                                                                                                                                                                                • API String ID: 1837159753-878758417
                                                                                                                                                                                                                                • Opcode ID: c086de729c19c10db0b4be504ab7314f8cd2d0ac48d4fd14f39a65c2fe2cfb0c
                                                                                                                                                                                                                                • Instruction ID: 7e90e241a11f62db8c6e8be8338287c0d6d5fd5e5f2d36ad7e7db2e7a099b574
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c086de729c19c10db0b4be504ab7314f8cd2d0ac48d4fd14f39a65c2fe2cfb0c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE216D72A002199BCB04EFA9C884CDDB7BCFF1D318B50002AE501B7244DA75AD09CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131ED04, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                                                                			E0131ED04(intOrPtr __edx, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v16;
				char _v36;
				char _v40;
				char _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t22;
				intOrPtr _t24;
				void* _t25;
				char* _t28;
				intOrPtr _t53;
				intOrPtr* _t54;
				intOrPtr _t55;
				char _t56;
				signed int _t57;

				_t53 = __edx;
				_t22 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t22 ^ _t57;
				_t24 =  *0x13bc000; // 0x139c820
				_t54 = _a8;
				_t25 =  *((intOrPtr*)(_t24 + 0xc))();
				_t42 = 0;
				_t4 = _t25 + 0x10; // 0x10
				_t56 = _t4;
				_v40 = _t56;
				if(_t54 != 0) {
					_push( &_v44);
					_v44 = 0;
					E013234AE(0,  &_v36, _t54, _t56, __eflags);
					__eflags = _v44;
					if(_v44 == 0) {
						__eflags = _v16 - 8;
						_t28 = _v36;
						if(_v16 < 8) {
							_t28 =  &_v36;
						}
						__imp__#2(_t28);
						 *_t54 = _t28;
						__eflags = _t28 - _t42;
						if(_t28 != _t42) {
							E0131AA87( &_v36, 1, _t42);
							_t55 = 0;
							L3:
							_t8 = _t56 - 0x10; // 0x0
							E0131EAF8(_t8, _t53);
							return E013748C1(_t55, _t42, _v8 ^ _t57, _t53, _t55, _t56);
						}
						E01326209( &_v40, L"Return buffer allocation NULL");
						L6:
						E0131AA87( &_v36, 1, _t42);
						_t55 = 0x80004005;
						L2:
						_t56 = _v40;
						_t42 = 0x13a0bcc;
						L0131E99D(0x13a0bcc, _t56, 0x13a0bcc, _t55);
						goto L3;
					}
					E01327581( &_v40, _t53, L"Failed to get IE default Search provider. Win32 error code %d", _v44);
					goto L6;
				}
				E01326209( &_v40, L"Invalid argument");
				_t55 = 0x80070057;
				goto L2;
			}





















                                                                                                                                                                                                                                0x0131ed04
                                                                                                                                                                                                                                0x0131ed0a
                                                                                                                                                                                                                                0x0131ed11
                                                                                                                                                                                                                                0x0131ed14
                                                                                                                                                                                                                                0x0131ed1c
                                                                                                                                                                                                                                0x0131ed24
                                                                                                                                                                                                                                0x0131ed27
                                                                                                                                                                                                                                0x0131ed29
                                                                                                                                                                                                                                0x0131ed29
                                                                                                                                                                                                                                0x0131ed2c
                                                                                                                                                                                                                                0x0131ed31
                                                                                                                                                                                                                                0x0131ed75
                                                                                                                                                                                                                                0x0131ed79
                                                                                                                                                                                                                                0x0131ed7c
                                                                                                                                                                                                                                0x0131ed82
                                                                                                                                                                                                                                0x0131ed85
                                                                                                                                                                                                                                0x0131edab
                                                                                                                                                                                                                                0x0131edaf
                                                                                                                                                                                                                                0x0131edb2
                                                                                                                                                                                                                                0x0131edb4
                                                                                                                                                                                                                                0x0131edb4
                                                                                                                                                                                                                                0x0131edb8
                                                                                                                                                                                                                                0x0131edbe
                                                                                                                                                                                                                                0x0131edc0
                                                                                                                                                                                                                                0x0131edc2
                                                                                                                                                                                                                                0x0131edda
                                                                                                                                                                                                                                0x0131eddf
                                                                                                                                                                                                                                0x0131ed57
                                                                                                                                                                                                                                0x0131ed57
                                                                                                                                                                                                                                0x0131ed5a
                                                                                                                                                                                                                                0x0131ed6f
                                                                                                                                                                                                                                0x0131ed6f
                                                                                                                                                                                                                                0x0131edcd
                                                                                                                                                                                                                                0x0131ed99
                                                                                                                                                                                                                                0x0131ed9f
                                                                                                                                                                                                                                0x0131eda4
                                                                                                                                                                                                                                0x0131ed46
                                                                                                                                                                                                                                0x0131ed46
                                                                                                                                                                                                                                0x0131ed4a
                                                                                                                                                                                                                                0x0131ed52
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131ed52
                                                                                                                                                                                                                                0x0131ed92
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131ed98
                                                                                                                                                                                                                                0x0131ed3c
                                                                                                                                                                                                                                0x0131ed41
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01326209: _wcslen.LIBCMT ref: 01326216
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 0131EDB8
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Invalid argument, xrefs: 0131ED33
                                                                                                                                                                                                                                • Failed to get IE default Search provider. Win32 error code %d, xrefs: 0131ED8D
                                                                                                                                                                                                                                • Return buffer allocation NULL, xrefs: 0131EDC4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString_wcslen
                                                                                                                                                                                                                                • String ID: Failed to get IE default Search provider. Win32 error code %d$Invalid argument$Return buffer allocation NULL
                                                                                                                                                                                                                                • API String ID: 1837159753-3531589439
                                                                                                                                                                                                                                • Opcode ID: bcd0d32a222835199d857f1ce5d18865112f89f7640ec1fb05246fa86d3fbbee
                                                                                                                                                                                                                                • Instruction ID: b3b82a0471d6fc1777abbad3a72324ff36dfc1a3abb648756301ae447244ae57
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bcd0d32a222835199d857f1ce5d18865112f89f7640ec1fb05246fa86d3fbbee
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D217F76A0021D9FCB05EFA9C8858DDB7B8FF68318B95043AE502B7140DA35A9058B60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131EB3A, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                			E0131EB3A(intOrPtr __edx, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v16;
				char _v36;
				char _v40;
				signed int _v44;
				intOrPtr* _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t25;
				intOrPtr _t27;
				char* _t30;
				intOrPtr _t54;
				intOrPtr* _t55;
				intOrPtr _t57;
				char _t58;
				signed int _t59;

				_t54 = __edx;
				_t25 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t25 ^ _t59;
				_t27 =  *0x13bc000; // 0x139c820
				_t55 = _a8;
				_v48 = _t55;
				_t5 =  *((intOrPtr*)(_t27 + 0xc))() + 0x10; // 0x10
				_t58 = _t5;
				_v40 = _t58;
				if(_t55 != 0) {
					_v44 = _v44 & 0x00000000;
					_t44 =  &_v44;
					E013232AE( &_v44,  &_v36, _t58, __eflags);
					_t57 = 0;
					__eflags = _v44;
					if(_v44 == 0) {
						__eflags = _v16 - 8;
						_t30 = _v36;
						if(_v16 < 8) {
							_t30 =  &_v36;
						}
						__imp__#2(_t30);
						 *_v48 = _t30;
						__eflags = _t30 - _t57;
						if(_t30 != _t57) {
							E0131AA87( &_v36, 1, _t57);
							L3:
							_t9 = _t58 - 0x10; // 0x0
							E0131EAF8(_t9, _t54);
							return E013748C1(_t57, _t44, _v8 ^ _t59, _t54, _t57, _t58);
						}
						E01326209( &_v40, L"Return buffer allocation NULL");
						L6:
						E0131AA87( &_v36, 1, _t57);
						_t57 = 0x80004005;
						L2:
						_t58 = _v40;
						_t44 = 0x13a0bcc;
						L0131E99D(0x13a0bcc, _t58, 0x13a0bcc, _t57);
						goto L3;
					}
					E01327581( &_v40, _t54, L"Failed to get IE version. Win32 error code %d", _v44);
					goto L6;
				}
				E01326209( &_v40, L"Invalid argument");
				_t57 = 0x80070057;
				goto L2;
			}





















                                                                                                                                                                                                                                0x0131eb3a
                                                                                                                                                                                                                                0x0131eb40
                                                                                                                                                                                                                                0x0131eb47
                                                                                                                                                                                                                                0x0131eb4a
                                                                                                                                                                                                                                0x0131eb52
                                                                                                                                                                                                                                0x0131eb5a
                                                                                                                                                                                                                                0x0131eb60
                                                                                                                                                                                                                                0x0131eb60
                                                                                                                                                                                                                                0x0131eb63
                                                                                                                                                                                                                                0x0131eb68
                                                                                                                                                                                                                                0x0131eba9
                                                                                                                                                                                                                                0x0131ebad
                                                                                                                                                                                                                                0x0131ebb3
                                                                                                                                                                                                                                0x0131ebb8
                                                                                                                                                                                                                                0x0131ebba
                                                                                                                                                                                                                                0x0131ebbd
                                                                                                                                                                                                                                0x0131ebe3
                                                                                                                                                                                                                                0x0131ebe7
                                                                                                                                                                                                                                0x0131ebea
                                                                                                                                                                                                                                0x0131ebec
                                                                                                                                                                                                                                0x0131ebec
                                                                                                                                                                                                                                0x0131ebf0
                                                                                                                                                                                                                                0x0131ebf9
                                                                                                                                                                                                                                0x0131ebfb
                                                                                                                                                                                                                                0x0131ebfd
                                                                                                                                                                                                                                0x0131ec15
                                                                                                                                                                                                                                0x0131eb8e
                                                                                                                                                                                                                                0x0131eb8e
                                                                                                                                                                                                                                0x0131eb91
                                                                                                                                                                                                                                0x0131eba6
                                                                                                                                                                                                                                0x0131eba6
                                                                                                                                                                                                                                0x0131ec08
                                                                                                                                                                                                                                0x0131ebd1
                                                                                                                                                                                                                                0x0131ebd7
                                                                                                                                                                                                                                0x0131ebdc
                                                                                                                                                                                                                                0x0131eb7d
                                                                                                                                                                                                                                0x0131eb7d
                                                                                                                                                                                                                                0x0131eb81
                                                                                                                                                                                                                                0x0131eb89
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131eb89
                                                                                                                                                                                                                                0x0131ebca
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0131ebd0
                                                                                                                                                                                                                                0x0131eb73
                                                                                                                                                                                                                                0x0131eb78
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 01326209: _wcslen.LIBCMT ref: 01326216
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 0131EBF0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • Invalid argument, xrefs: 0131EB6A
                                                                                                                                                                                                                                • Failed to get IE version. Win32 error code %d, xrefs: 0131EBC5
                                                                                                                                                                                                                                • Return buffer allocation NULL, xrefs: 0131EBFF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString_wcslen
                                                                                                                                                                                                                                • String ID: Failed to get IE version. Win32 error code %d$Invalid argument$Return buffer allocation NULL
                                                                                                                                                                                                                                • API String ID: 1837159753-2934273037
                                                                                                                                                                                                                                • Opcode ID: 3e8bbf8be9c537fdba9feaf7bb6a636957d19989651edb78db0c44a8688907ac
                                                                                                                                                                                                                                • Instruction ID: aebb4b58747de26014fb2bd08c7bbd98ed9a2111b9baf3a991362781f0b13e5f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e8bbf8be9c537fdba9feaf7bb6a636957d19989651edb78db0c44a8688907ac
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA21A332A0021DDBCF05EB99CC84DDDB7B8FF99319F504029E902B7244DA76AA05CB70
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132332E, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                                                                                                			E0132332E(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t38;

				_push(0x5c);
				E0137C242(0x13933c4, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t38 - 0x68)) = 0;
				E01319B30(_t38 - 0x64, L"CurrentVersion");
				 *((intOrPtr*)(_t38 - 4)) = 0;
				E01319B30(_t38 - 0x48, L"SOFTWARE\\Mozilla\\Mozilla Firefox");
				 *((char*)(_t38 - 4)) = 1;
				E01319B30(_t38 - 0x2c, L"HKEY_LOCAL_MACHINE");
				_push(__ebx);
				_push(_t38 - 0x64);
				_push(__edi);
				 *((char*)(_t38 - 4)) = 2;
				E0135CB2A(__ebx, _t38 - 0x2c, _t38 - 0x48, __edi, 0, 0);
				E0131AA87(_t38 - 0x2c, 1, 0);
				E0131AA87(_t38 - 0x48, 1, 0);
				E0131AA87(_t38 - 0x64, 1, 0);
				return E0137C2C5(__ebx, __edi, 0);
			}




                                                                                                                                                                                                                                0x0132332e
                                                                                                                                                                                                                                0x01323335
                                                                                                                                                                                                                                0x01323344
                                                                                                                                                                                                                                0x01323347
                                                                                                                                                                                                                                0x01323354
                                                                                                                                                                                                                                0x01323357
                                                                                                                                                                                                                                0x01323364
                                                                                                                                                                                                                                0x01323368
                                                                                                                                                                                                                                0x0132336d
                                                                                                                                                                                                                                0x01323371
                                                                                                                                                                                                                                0x01323372
                                                                                                                                                                                                                                0x01323379
                                                                                                                                                                                                                                0x0132337d
                                                                                                                                                                                                                                0x0132338b
                                                                                                                                                                                                                                0x01323396
                                                                                                                                                                                                                                0x013233a1
                                                                                                                                                                                                                                0x013233ad

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 01323335
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: __EH_prolog3_GS.LIBCMT ref: 0135CB34
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: _wcslen.LIBCMT ref: 0135CC26
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: RegCloseKey.KERNEL32(00000000,?,?,?,013A0D00), ref: 0135CC68
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3__wcslen$Close_memmove
                                                                                                                                                                                                                                • String ID: CurrentVersion$HKEY_LOCAL_MACHINE$SOFTWARE\Mozilla\Mozilla Firefox
                                                                                                                                                                                                                                • API String ID: 4252202261-2812246979
                                                                                                                                                                                                                                • Opcode ID: 2d4780ba64a1a1d1c4c5ca1948527623582549e2d31f44c44b056ca7b66d9e90
                                                                                                                                                                                                                                • Instruction ID: c42fe34b8a5c946210c3a76552e8dc61afcb644a1d389f6ffe035900d9e8e1a1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d4780ba64a1a1d1c4c5ca1948527623582549e2d31f44c44b056ca7b66d9e90
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37014F71941359AADB18EBE8C961FEEBF74EF34709F904008E40577284DBA41B09C7A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013232AE, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                                                                                                			E013232AE(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t38;

				_push(0x5c);
				E0137C242(0x13933c4, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t38 - 0x68)) = 0;
				E01319B30(_t38 - 0x64, L"Version");
				 *((intOrPtr*)(_t38 - 4)) = 0;
				E01319B30(_t38 - 0x48, L"SOFTWARE\\Microsoft\\Internet Explorer");
				 *((char*)(_t38 - 4)) = 1;
				E01319B30(_t38 - 0x2c, L"HKEY_LOCAL_MACHINE");
				_push(__ebx);
				_push(_t38 - 0x64);
				_push(__edi);
				 *((char*)(_t38 - 4)) = 2;
				E0135CB2A(__ebx, _t38 - 0x2c, _t38 - 0x48, __edi, 0, 0);
				E0131AA87(_t38 - 0x2c, 1, 0);
				E0131AA87(_t38 - 0x48, 1, 0);
				E0131AA87(_t38 - 0x64, 1, 0);
				return E0137C2C5(__ebx, __edi, 0);
			}




                                                                                                                                                                                                                                0x013232ae
                                                                                                                                                                                                                                0x013232b5
                                                                                                                                                                                                                                0x013232c4
                                                                                                                                                                                                                                0x013232c7
                                                                                                                                                                                                                                0x013232d4
                                                                                                                                                                                                                                0x013232d7
                                                                                                                                                                                                                                0x013232e4
                                                                                                                                                                                                                                0x013232e8
                                                                                                                                                                                                                                0x013232ed
                                                                                                                                                                                                                                0x013232f1
                                                                                                                                                                                                                                0x013232f2
                                                                                                                                                                                                                                0x013232f9
                                                                                                                                                                                                                                0x013232fd
                                                                                                                                                                                                                                0x0132330b
                                                                                                                                                                                                                                0x01323316
                                                                                                                                                                                                                                0x01323321
                                                                                                                                                                                                                                0x0132332d

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 013232B5
                                                                                                                                                                                                                                  • Part of subcall function 01319B30: _wcslen.LIBCMT ref: 01319B49
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: __EH_prolog3_GS.LIBCMT ref: 0135CB34
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: _wcslen.LIBCMT ref: 0135CC26
                                                                                                                                                                                                                                  • Part of subcall function 0135CB2A: RegCloseKey.KERNEL32(00000000,?,?,?,013A0D00), ref: 0135CC68
                                                                                                                                                                                                                                  • Part of subcall function 0131AA87: _memmove.LIBCMT ref: 0131AAAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: H_prolog3__wcslen$Close_memmove
                                                                                                                                                                                                                                • String ID: HKEY_LOCAL_MACHINE$SOFTWARE\Microsoft\Internet Explorer$Version
                                                                                                                                                                                                                                • API String ID: 4252202261-2675485649
                                                                                                                                                                                                                                • Opcode ID: 04eb31c829e5a5392ebad107a0322adb9cef4148f88f39212eede765a5db7fab
                                                                                                                                                                                                                                • Instruction ID: 0f26c92a1b83765f9b2d808d7ed677882d2373420dc37710addd37296d5702e2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 04eb31c829e5a5392ebad107a0322adb9cef4148f88f39212eede765a5db7fab
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7014F71941359AADB18EBE9C961FEEBF74EF34709F904008E40577284DBA41B08C7A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 013478AD, Relevance: 6.3, APIs: 5, Instructions: 68stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 76%
                                                                                                                                                                                                                                			E013478AD(void* __ecx, short** _a4, char* _a8, int _a12) {
				int _v8;
				int _v12;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t19;
				signed int _t21;
				int _t23;
				signed int* _t26;
				int _t28;
				void* _t33;
				short** _t38;
				void* _t41;
				short** _t43;

				_push(__ecx);
				_push(__ecx);
				if(_a8 != 0) {
					_t19 = lstrlenA(_a8);
					_t38 = _a4;
					_t5 = _t19 + 1; // 0x1
					_t28 = _t5;
					_t35 =  &(_t38[1]);
					_t32 = _t28;
					_v8 = _t28;
					E0134809B(_t28, _t33,  &(_t38[1]), _t38);
					_t21 = MultiByteToWideChar(_a12, 0, _a8, _t28,  *_t38, _t28);
					asm("sbb esi, esi");
					_t41 =  ~_t21 + 1;
					if(_t41 != 0) {
						_t21 = GetLastError();
						if(_t21 == 0x7a) {
							_t23 = MultiByteToWideChar(_a12, 0, _a8, _v8, 0, 0);
							_t43 = _a4;
							_t32 = _t23;
							_v12 = _t23;
							E0134809B(_t23, _t33, _t35, _t43);
							_t21 = MultiByteToWideChar(_a12, 0, _a8, _v8,  *_t43, _v12);
							asm("sbb esi, esi");
							_t41 =  ~_t21 + 1;
						}
						if(_t41 != 0) {
							_t21 = E01329196(_t32, _t35, _t41);
						}
					}
					return _t21;
				}
				_t26 = _a4;
				 *_t26 =  *_t26 & 0x00000000;
				return _t26;
			}

















                                                                                                                                                                                                                                0x013478b0
                                                                                                                                                                                                                                0x013478b1
                                                                                                                                                                                                                                0x013478b6
                                                                                                                                                                                                                                0x013478c9
                                                                                                                                                                                                                                0x013478cf
                                                                                                                                                                                                                                0x013478d2
                                                                                                                                                                                                                                0x013478d2
                                                                                                                                                                                                                                0x013478d5
                                                                                                                                                                                                                                0x013478d8
                                                                                                                                                                                                                                0x013478da
                                                                                                                                                                                                                                0x013478dd
                                                                                                                                                                                                                                0x013478f4
                                                                                                                                                                                                                                0x013478fa
                                                                                                                                                                                                                                0x013478fc
                                                                                                                                                                                                                                0x013478fd
                                                                                                                                                                                                                                0x013478ff
                                                                                                                                                                                                                                0x01347908
                                                                                                                                                                                                                                0x01347918
                                                                                                                                                                                                                                0x0134791a
                                                                                                                                                                                                                                0x0134791d
                                                                                                                                                                                                                                0x0134791f
                                                                                                                                                                                                                                0x01347922
                                                                                                                                                                                                                                0x01347939
                                                                                                                                                                                                                                0x0134793f
                                                                                                                                                                                                                                0x01347941
                                                                                                                                                                                                                                0x01347941
                                                                                                                                                                                                                                0x01347944
                                                                                                                                                                                                                                0x01347946
                                                                                                                                                                                                                                0x01347946
                                                                                                                                                                                                                                0x01347944
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0134794d
                                                                                                                                                                                                                                0x013478b8
                                                                                                                                                                                                                                0x013478bb
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,-00000008,73FB4880,00001234,00001234,?,01345C80,?,-00000008), ref: 013478C9
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(-00000008,00000000,00000000,00000001,?,00000001,?,01345C80,?,-00000008), ref: 013478F4
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,01345C80,?,-00000008), ref: 013478FF
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(-00000008,00000000,00000000,?,00000000,00000000,?,01345C80,?,-00000008), ref: 01347918
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(-00000008,00000000,00000000,?,?,?,?,01345C80,?,-00000008), ref: 01347939
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3322701435-0
                                                                                                                                                                                                                                • Opcode ID: 43e78b3bc26ccfbc7d40d27bd9024638187784d671b6fcf4c64802d00886214c
                                                                                                                                                                                                                                • Instruction ID: 3fe8f0e1d497532038447d072fb32f596a2b50fd8753198f71c8a6cdd02c2b50
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43e78b3bc26ccfbc7d40d27bd9024638187784d671b6fcf4c64802d00886214c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA114936500229BFDF215FA9CC40FAE7BA9EF04768F119554FD05AA260C731AE509BA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01317972, Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E01317972(void* __eax, void* __edi, long __esi, int _a4, signed int _a8) {
				struct HWND__* _t33;
				intOrPtr* _t36;
				intOrPtr _t38;
				void* _t45;
				signed char _t48;
				void* _t51;
				long _t52;
				void* _t53;
				void* _t56;

				_t52 = __esi;
				_t51 = __edi;
				_t45 = __eax;
				_t53 = __eax - 0x4e;
				if(_t53 > 0) {
					if(__eax == 0x111) {
						if(__esi == 0) {
							L30:
							 *_a8 =  *_a8 & 0x00000000;
							return 1;
						}
						L28:
						_t33 = _t52;
						L29:
						if(_t33 != 0) {
							_t48 =  *(_t51 + 0x98);
							if((_t48 & 0x00000008) == 0) {
								return SendMessageW(_t33, _t45 + 0x2000, _a4, _t52);
							}
							_a8 = _a8 & 0x00000000;
							if((_t48 & 0x00000001) != 0) {
								_t36 =  *((intOrPtr*)(_t51 + 0x74));
								if(_t36 != 0) {
									 *((intOrPtr*)( *_t36 + 0x24))(_t36, _t45 + 0x2000, _a4, _t52,  &_a8);
								}
							}
							return _a8;
						}
						goto L30;
					}
					if(__eax <= 0x113) {
						goto L30;
					}
					if(__eax <= 0x115) {
						goto L28;
					}
					if(__eax <= 0x131) {
						goto L30;
					}
					if(__eax <= 0x138) {
						goto L28;
					}
					if(__eax != 0x210) {
						goto L30;
					}
					_t38 =  *((intOrPtr*)(__edi + 0x18));
					if(_t38 != 0) {
						CallWindowProcW( *(__edi + 0x20),  *(__edi + 4),  *(_t38 + 4),  *(_t38 + 8),  *(_t38 + 0xc));
					}
					if((_a4 & 0x0000ffff) - 1 <= 1) {
						goto L28;
					} else {
						_push(_a4 >> 0x10);
						L26:
						_t33 = GetDlgItem( *(_t51 + 4), ??);
						goto L29;
					}
				}
				if(_t53 == 0) {
					_t33 =  *__esi;
					goto L29;
				}
				if(__eax == 0x2b) {
					if( *__esi != 1 || IsWindow( *(__esi + 0x14)) != 0) {
						_t33 =  *(_t52 + 0x14);
						goto L29;
					} else {
						goto L30;
					}
				}
				if(__eax == 0x2c) {
					if( *__esi == 1) {
						goto L30;
					}
					_push( *((intOrPtr*)(__esi + 4)));
					goto L26;
				}
				_t56 = __eax - 0x2d;
				if(_t56 == 0) {
					_t33 =  *(__esi + 0xc);
					goto L29;
				}
				if(_t56 <= 0) {
					goto L30;
				}
				if(__eax <= 0x2f) {
					goto L28;
				}
				if(__eax != 0x39) {
					goto L30;
				}
				_t33 =  *(__esi + 8);
				goto L29;
			}












                                                                                                                                                                                                                                0x01317972
                                                                                                                                                                                                                                0x01317972
                                                                                                                                                                                                                                0x01317976
                                                                                                                                                                                                                                0x01317978
                                                                                                                                                                                                                                0x0131797b
                                                                                                                                                                                                                                0x013179e5
                                                                                                                                                                                                                                0x01317a49
                                                                                                                                                                                                                                0x01317a51
                                                                                                                                                                                                                                0x01317a54
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01317a59
                                                                                                                                                                                                                                0x01317a4b
                                                                                                                                                                                                                                0x01317a4b
                                                                                                                                                                                                                                0x01317a4d
                                                                                                                                                                                                                                0x01317a4f
                                                                                                                                                                                                                                0x01317a5c
                                                                                                                                                                                                                                0x01317a65
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01317a9d
                                                                                                                                                                                                                                0x01317a67
                                                                                                                                                                                                                                0x01317a6e
                                                                                                                                                                                                                                0x01317a70
                                                                                                                                                                                                                                0x01317a75
                                                                                                                                                                                                                                0x01317a89
                                                                                                                                                                                                                                0x01317a89
                                                                                                                                                                                                                                0x01317a75
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01317a8c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01317a4f
                                                                                                                                                                                                                                0x013179ed
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013179f5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013179fd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01317a05
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01317a0d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01317a0f
                                                                                                                                                                                                                                0x01317a14
                                                                                                                                                                                                                                0x01317a25
                                                                                                                                                                                                                                0x01317a25
                                                                                                                                                                                                                                0x01317a33
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01317a35
                                                                                                                                                                                                                                0x01317a3b
                                                                                                                                                                                                                                0x01317a3c
                                                                                                                                                                                                                                0x01317a3f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01317a3f
                                                                                                                                                                                                                                0x01317a33
                                                                                                                                                                                                                                0x0131797d
                                                                                                                                                                                                                                0x013179db
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013179db
                                                                                                                                                                                                                                0x01317982
                                                                                                                                                                                                                                0x013179c7
                                                                                                                                                                                                                                0x013179d6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013179c7
                                                                                                                                                                                                                                0x01317987
                                                                                                                                                                                                                                0x013179b9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013179bf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013179bf
                                                                                                                                                                                                                                0x01317989
                                                                                                                                                                                                                                0x0131798c
                                                                                                                                                                                                                                0x013179ae
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013179ae
                                                                                                                                                                                                                                0x0131798e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01317997
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013179a0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013179a6
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Window$CallItemMessageProcSend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3375755978-0
                                                                                                                                                                                                                                • Opcode ID: 182ed7effe794c68af39d17b80ad1092434fe7df42fe7ba80cf6dce97a318385
                                                                                                                                                                                                                                • Instruction ID: e0e38e90332814d6f3f7b9ec2131985d224847b739cb3196474d529fdf9411e8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 182ed7effe794c68af39d17b80ad1092434fe7df42fe7ba80cf6dce97a318385
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62317432500205EBFB3D4F98C8C8B797BBAEB05349F1C9015E95686659C332EA90CB91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0132999E, Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 54%
                                                                                                                                                                                                                                			E0132999E(struct HDC__* __eax, void* __ecx, int _a4, int _a8, int _a12, int _a16, int _a20, int _a24) {
				struct tagRGBQUAD _v8;
				void* __esi;
				int _t35;
				int _t42;
				struct HDC__* _t51;
				void* _t55;

				_push(__ecx);
				_t51 = __eax;
				_t55 = __ecx;
				if(__eax != 0) {
					E01329A7B(__ecx);
					_t35 =  *(__ecx + 0x20);
					if(_t35 != 0xffffffff) {
						L8:
						GetDIBColorTable( *(_t55 + 0x28), _t35, 1,  &_v8);
						_t35 = ((_v8.rgbBlue & 0x000000ff) << 0x00000008 | _v8.rgbGreen & 0x000000ff) << 0x00000008 | _v8.rgbRed & 0x000000ff;
						L10:
						__imp__TransparentBlt(_t51, _a4, _a8, _a12, _a16,  *(_t55 + 0x28), 0, 0, _a20, _a24, _t35);
						L11:
						E0132A05B(_t55);
						_t42 = _t35;
						L12:
						return _t42;
					}
					if( *(__ecx + 0x24) != _t35) {
						if(_t35 == 0xffffffff) {
							_t35 =  *(__ecx + 0x24);
							goto L10;
						}
						goto L8;
					}
					if( *((intOrPtr*)(__ecx + 0x1d)) == 0) {
						_t35 = StretchBlt(_t51, _a4, _a8, _a12, _a16,  *(__ecx + 0x28), 0, 0, _a20, _a24, 0xcc0020);
					} else {
						_v8 = 0x1ff0000;
						__imp__AlphaBlend(_t51, _a4, _a8, _a12, _a16,  *(__ecx + 0x28), 0, 0, _a20, _a24, _v8);
					}
					goto L11;
				}
				_t42 = 0;
				goto L12;
			}









                                                                                                                                                                                                                                0x013299a1
                                                                                                                                                                                                                                0x013299a5
                                                                                                                                                                                                                                0x013299a9
                                                                                                                                                                                                                                0x013299ad
                                                                                                                                                                                                                                0x013299b6
                                                                                                                                                                                                                                0x013299bb
                                                                                                                                                                                                                                0x013299c1
                                                                                                                                                                                                                                0x01329a21
                                                                                                                                                                                                                                0x01329a2b
                                                                                                                                                                                                                                0x01329a45
                                                                                                                                                                                                                                0x01329a4c
                                                                                                                                                                                                                                0x01329a65
                                                                                                                                                                                                                                0x01329a6b
                                                                                                                                                                                                                                0x01329a6d
                                                                                                                                                                                                                                0x01329a72
                                                                                                                                                                                                                                0x01329a74
                                                                                                                                                                                                                                0x01329a78
                                                                                                                                                                                                                                0x01329a78
                                                                                                                                                                                                                                0x013299c6
                                                                                                                                                                                                                                0x01329a1f
                                                                                                                                                                                                                                0x01329a49
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329a49
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01329a1f
                                                                                                                                                                                                                                0x013299cb
                                                                                                                                                                                                                                0x01329a14
                                                                                                                                                                                                                                0x013299cd
                                                                                                                                                                                                                                0x013299cd
                                                                                                                                                                                                                                0x013299ef
                                                                                                                                                                                                                                0x013299ef
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013299cb
                                                                                                                                                                                                                                0x013299af
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • AlphaBlend.MSIMG32(?,?,?,?,?,?,00000000,00000000,?,?,01FF0000), ref: 013299EF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AlphaBlend
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1400541316-0
                                                                                                                                                                                                                                • Opcode ID: 0864950f080095c9916644cae5a01ad69c6e5604793d0dcaba87834a2baf3727
                                                                                                                                                                                                                                • Instruction ID: 96f0c608bb1666150074083c8d62bd9cc0189cfb92066c51395d27091a368816
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0864950f080095c9916644cae5a01ad69c6e5604793d0dcaba87834a2baf3727
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07215C72100229FFDF229F95CC84DAF7FBAEF49368F004518FA5681060D236DA61EB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01317365, Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                			E01317365(intOrPtr _a4, struct HDC__* _a8) {
				signed int _v8;
				struct tagRECT _v24;
				void* __edi;
				void* __esi;
				signed int _t18;
				intOrPtr _t31;
				intOrPtr _t34;
				struct HDC__* _t35;
				intOrPtr _t36;
				signed int _t37;

				_t18 =  *0x13bce20; // 0xa1d783ff
				_v8 = _t18 ^ _t37;
				_t36 = _a4;
				_t35 = _a8;
				 *((char*)(_t36 + 0x30)) = 1;
				if( *(_t36 + 0x2c) != 0) {
					GetClientRect( *(_t36 - 0x28),  &_v24);
					BitBlt( *(_t36 + 0x2c), _v24.left, _v24.top, _v24.right - _v24, _v24.bottom - _v24.top, _t35, 0, 0, 0xcc0020);
					DeleteDC(_t35);
					_t35 =  *(_t36 + 0x2c);
				}
				ReleaseDC( *(_t36 - 0x28), _t35);
				return E013748C1(0, _t31, _v8 ^ _t37, _t34, _t35, _t36);
			}













                                                                                                                                                                                                                                0x0131736b
                                                                                                                                                                                                                                0x01317372
                                                                                                                                                                                                                                0x01317376
                                                                                                                                                                                                                                0x0131737e
                                                                                                                                                                                                                                0x01317381
                                                                                                                                                                                                                                0x01317385
                                                                                                                                                                                                                                0x0131738e
                                                                                                                                                                                                                                0x013173b5
                                                                                                                                                                                                                                0x013173bc
                                                                                                                                                                                                                                0x013173c2
                                                                                                                                                                                                                                0x013173c2
                                                                                                                                                                                                                                0x013173c9
                                                                                                                                                                                                                                0x013173de

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetClientRect.USER32 ref: 0131738E
                                                                                                                                                                                                                                • BitBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00CC0020), ref: 013173B5
                                                                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 013173BC
                                                                                                                                                                                                                                • ReleaseDC.USER32 ref: 013173C9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ClientDeleteRectRelease
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2015589292-0
                                                                                                                                                                                                                                • Opcode ID: 976dd45a68728445fd84ca4b340c424a5977f66731c5ab30df880490394bb0ed
                                                                                                                                                                                                                                • Instruction ID: 8d195cd72b31621c8d264780dfb9db56f8188b0f1a1939f3439a61fc97b6e12a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 976dd45a68728445fd84ca4b340c424a5977f66731c5ab30df880490394bb0ed
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90012532600208EFDB21DFA8CD48FAEBBB9FF48314F604419E901A2254C771B905CB64
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0134032A, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                			E0134032A(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t76;
				intOrPtr _t78;
				signed int _t80;
				intOrPtr _t84;
				intOrPtr _t86;
				intOrPtr _t89;
				intOrPtr _t91;
				intOrPtr* _t93;
				intOrPtr* _t95;
				intOrPtr _t97;
				signed int _t103;
				intOrPtr _t108;
				void* _t111;
				signed int _t112;
				void* _t114;
				void* _t117;
				signed int _t118;
				intOrPtr _t119;
				intOrPtr _t120;
				intOrPtr _t122;
				intOrPtr _t125;
				signed int _t128;
				void* _t130;
				void* _t132;
				void* _t133;
				void* _t136;

				_push(0x18);
				E0137C1D9(0x1394e97, __ebx, __edi, __esi);
				_t122 = __ecx;
				 *((intOrPtr*)(_t132 - 0x14)) = __ecx;
				_t103 = 0;
				 *((intOrPtr*)(_t132 - 4)) = 0;
				_t136 =  *0x13c2a33 - _t103; // 0x0
				if(_t136 != 0) {
					 *((intOrPtr*)(_t132 - 0x20)) = _t133 - 0x1c;
					E01319638(_t133 - 0x1c, "GetOfferUIControl()...");
					E0134BA76(0, 0x13c2b18, _t117, _t122, __esi, _t136);
				}
				if( *((intOrPtr*)(_t122 + 0x628)) <= _t103) {
					L26:
					E01311524(_t132 + 8, 1, 0);
					_t76 = 0;
					__eflags = 0;
				} else {
					 *(_t132 - 0x1c) = _t103;
					do {
						_t128 = 0;
						_t108 = 0;
						 *((intOrPtr*)(_t132 - 0x10)) = 0;
						L5:
						while(_t103 >= _t108 && _t103 <  *((intOrPtr*)(_t122 + 0x628))) {
							_t84 =  *((intOrPtr*)(_t122 + 0x624));
							_t118 =  *(_t132 - 0x1c);
							if(_t128 >=  *((intOrPtr*)(_t84 + _t118 + 0x32c))) {
								goto L25;
							} else {
								if(_t128 < _t108 || _t128 >=  *((intOrPtr*)(_t84 + _t118 + 0x32c))) {
									break;
								} else {
									_t111 =  *((intOrPtr*)(_t132 - 0x10)) +  *((intOrPtr*)(_t84 + _t118 + 0x328)) + 0xc;
									_t86 =  *((intOrPtr*)(_t132 + 8));
									if( *((intOrPtr*)(_t132 + 0x1c)) < 0x10) {
										_t86 = _t132 + 8;
									}
									if(E01320766( *((intOrPtr*)(_t111 + 0x10)), _t111,  *((intOrPtr*)(_t132 + 0x18)), _t86) == 0) {
										_t89 =  *((intOrPtr*)(_t132 - 0x14));
										__eflags = _t103 -  *((intOrPtr*)(_t89 + 0x628));
										if(_t103 >=  *((intOrPtr*)(_t89 + 0x628))) {
											goto L32;
										} else {
											_t103 = _t103 * 0x334 +  *((intOrPtr*)(_t89 + 0x624)) + 0x328;
											__eflags = _t128 -  *((intOrPtr*)(_t103 + 4));
											if(_t128 >=  *((intOrPtr*)(_t103 + 4))) {
												goto L32;
											} else {
												_t130 = _t128 * 0x198 +  *_t103;
												__eflags = _t130;
											}
										}
										goto L31;
									} else {
										_t119 = 0;
										_t112 = 0;
										 *(_t132 - 0x18) = 0;
										 *((intOrPtr*)(_t132 - 0x20)) = 0;
										while(1) {
											_t91 =  *((intOrPtr*)(_t132 - 0x14));
											if(_t103 >=  *((intOrPtr*)(_t91 + 0x628))) {
												break;
											}
											_t31 =  *((intOrPtr*)(_t91 + 0x624)) + 0x328; // 0x338
											_t93 =  *(_t132 - 0x1c) + _t31;
											if(_t128 >=  *((intOrPtr*)(_t93 + 4))) {
												break;
											} else {
												_t120 =  *_t93;
												_t125 =  *((intOrPtr*)(_t132 - 0x10));
												if(_t112 >=  *((intOrPtr*)(_t125 + _t120 + 4))) {
													 *((intOrPtr*)(_t132 - 0x10)) =  *((intOrPtr*)(_t132 - 0x10)) + 0x198;
													_t122 =  *((intOrPtr*)(_t132 - 0x14));
													_t128 = _t128 + 1;
													_t108 = 0;
													goto L5;
												} else {
													if(_t128 >=  *((intOrPtr*)(_t93 + 4))) {
														L32:
														_push(0);
														_push(0);
														L33:
														RaiseException(0xc000008c, 1, ??, ??);
														goto L34;
													} else {
														_t95 = _t120 + _t125;
														if(_t112 < 0 || _t112 >=  *((intOrPtr*)(_t95 + 4))) {
															goto L32;
														} else {
															_t114 =  *((intOrPtr*)(_t132 - 0x20)) +  *_t95 + 0xc;
															_t97 =  *((intOrPtr*)(_t132 + 8));
															if( *((intOrPtr*)(_t132 + 0x1c)) < 0x10) {
																_t97 = _t132 + 8;
															}
															if(E01320766( *((intOrPtr*)(_t114 + 0x10)), _t114,  *((intOrPtr*)(_t132 + 0x18)), _t97) == 0) {
																L34:
																_t78 =  *((intOrPtr*)(_t132 - 0x14));
																__eflags = _t103 -  *((intOrPtr*)(_t78 + 0x628));
																if(_t103 >=  *((intOrPtr*)(_t78 + 0x628))) {
																	goto L32;
																}
																_t103 = _t103 * 0x334 +  *((intOrPtr*)(_t78 + 0x624)) + 0x328;
																__eflags = _t128 -  *((intOrPtr*)(_t103 + 4));
																if(_t128 >=  *((intOrPtr*)(_t103 + 4))) {
																	goto L32;
																}
																_t80 =  *(_t132 - 0x18);
																_t128 = _t128 * 0x198 +  *_t103;
																__eflags = _t80 -  *((intOrPtr*)(_t128 + 4));
																if(_t80 >=  *((intOrPtr*)(_t128 + 4))) {
																	goto L32;
																}
																_t130 = _t80 * 0x198 +  *_t128;
																L31:
																E01311524(_t132 + 8, 1, 0);
																_t76 = _t130;
															} else {
																 *(_t132 - 0x18) =  *(_t132 - 0x18) + 1;
																 *((intOrPtr*)(_t132 - 0x20)) =  *((intOrPtr*)(_t132 - 0x20)) + 0x198;
																_t112 =  *(_t132 - 0x18);
																_t119 = 0;
																continue;
															}
														}
													}
												}
											}
											goto L27;
										}
										_push(_t119);
										_push(_t119);
										goto L33;
									}
								}
							}
							goto L27;
						}
						_push(_t108);
						_push(_t108);
						goto L33;
						L25:
						 *(_t132 - 0x1c) =  *(_t132 - 0x1c) + 0x334;
						_t103 = _t103 + 1;
						__eflags = _t103 -  *((intOrPtr*)(_t122 + 0x628));
					} while (_t103 <  *((intOrPtr*)(_t122 + 0x628)));
					goto L26;
				}
				L27:
				return E0137C2B1(_t76);
			}





























                                                                                                                                                                                                                                0x0134032a
                                                                                                                                                                                                                                0x01340331
                                                                                                                                                                                                                                0x01340336
                                                                                                                                                                                                                                0x01340338
                                                                                                                                                                                                                                0x0134033b
                                                                                                                                                                                                                                0x0134033d
                                                                                                                                                                                                                                0x01340340
                                                                                                                                                                                                                                0x01340346
                                                                                                                                                                                                                                0x0134034d
                                                                                                                                                                                                                                0x01340355
                                                                                                                                                                                                                                0x0134035f
                                                                                                                                                                                                                                0x0134035f
                                                                                                                                                                                                                                0x0134036a
                                                                                                                                                                                                                                0x013404a5
                                                                                                                                                                                                                                0x013404ac
                                                                                                                                                                                                                                0x013404b1
                                                                                                                                                                                                                                0x013404b1
                                                                                                                                                                                                                                0x01340370
                                                                                                                                                                                                                                0x01340370
                                                                                                                                                                                                                                0x01340373
                                                                                                                                                                                                                                0x01340373
                                                                                                                                                                                                                                0x01340375
                                                                                                                                                                                                                                0x01340377
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0134037a
                                                                                                                                                                                                                                0x0134038e
                                                                                                                                                                                                                                0x01340394
                                                                                                                                                                                                                                0x0134039e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013403a4
                                                                                                                                                                                                                                0x013403a6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013403b9
                                                                                                                                                                                                                                0x013403c7
                                                                                                                                                                                                                                0x013403cb
                                                                                                                                                                                                                                0x013403ce
                                                                                                                                                                                                                                0x013403d0
                                                                                                                                                                                                                                0x013403d0
                                                                                                                                                                                                                                0x013403e1
                                                                                                                                                                                                                                0x013404bb
                                                                                                                                                                                                                                0x013404be
                                                                                                                                                                                                                                0x013404c4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013404c6
                                                                                                                                                                                                                                0x013404d2
                                                                                                                                                                                                                                0x013404d9
                                                                                                                                                                                                                                0x013404dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013404de
                                                                                                                                                                                                                                0x013404e4
                                                                                                                                                                                                                                0x013404e4
                                                                                                                                                                                                                                0x013404e4
                                                                                                                                                                                                                                0x013404dc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013403e7
                                                                                                                                                                                                                                0x013403e7
                                                                                                                                                                                                                                0x013403e9
                                                                                                                                                                                                                                0x013403eb
                                                                                                                                                                                                                                0x013403ee
                                                                                                                                                                                                                                0x013403f1
                                                                                                                                                                                                                                0x013403f1
                                                                                                                                                                                                                                0x013403fa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01340409
                                                                                                                                                                                                                                0x01340409
                                                                                                                                                                                                                                0x01340413
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01340419
                                                                                                                                                                                                                                0x01340419
                                                                                                                                                                                                                                0x0134041b
                                                                                                                                                                                                                                0x01340422
                                                                                                                                                                                                                                0x0134047f
                                                                                                                                                                                                                                0x01340486
                                                                                                                                                                                                                                0x01340489
                                                                                                                                                                                                                                0x0134048a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01340424
                                                                                                                                                                                                                                0x01340427
                                                                                                                                                                                                                                0x013404f6
                                                                                                                                                                                                                                0x013404f6
                                                                                                                                                                                                                                0x013404f8
                                                                                                                                                                                                                                0x013404fa
                                                                                                                                                                                                                                0x01340501
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0134042d
                                                                                                                                                                                                                                0x0134042f
                                                                                                                                                                                                                                0x01340433
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01340442
                                                                                                                                                                                                                                0x0134044b
                                                                                                                                                                                                                                0x0134044f
                                                                                                                                                                                                                                0x01340452
                                                                                                                                                                                                                                0x01340454
                                                                                                                                                                                                                                0x01340454
                                                                                                                                                                                                                                0x01340465
                                                                                                                                                                                                                                0x01340507
                                                                                                                                                                                                                                0x01340507
                                                                                                                                                                                                                                0x0134050a
                                                                                                                                                                                                                                0x01340510
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0134051e
                                                                                                                                                                                                                                0x01340525
                                                                                                                                                                                                                                0x01340528
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0134052a
                                                                                                                                                                                                                                0x01340533
                                                                                                                                                                                                                                0x01340535
                                                                                                                                                                                                                                0x01340538
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01340542
                                                                                                                                                                                                                                0x013404e6
                                                                                                                                                                                                                                0x013404ed
                                                                                                                                                                                                                                0x013404f2
                                                                                                                                                                                                                                0x0134046b
                                                                                                                                                                                                                                0x0134046b
                                                                                                                                                                                                                                0x0134046e
                                                                                                                                                                                                                                0x01340475
                                                                                                                                                                                                                                0x01340478
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01340478
                                                                                                                                                                                                                                0x01340465
                                                                                                                                                                                                                                0x01340433
                                                                                                                                                                                                                                0x01340427
                                                                                                                                                                                                                                0x01340422
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01340413
                                                                                                                                                                                                                                0x01340546
                                                                                                                                                                                                                                0x01340547
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01340547
                                                                                                                                                                                                                                0x013403e1
                                                                                                                                                                                                                                0x013403a6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x0134039e
                                                                                                                                                                                                                                0x0134054a
                                                                                                                                                                                                                                0x0134054b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01340491
                                                                                                                                                                                                                                0x01340491
                                                                                                                                                                                                                                0x01340498
                                                                                                                                                                                                                                0x01340499
                                                                                                                                                                                                                                0x01340499
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x01340373
                                                                                                                                                                                                                                0x013404b3
                                                                                                                                                                                                                                0x013404b8

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 01340331
                                                                                                                                                                                                                                  • Part of subcall function 01319638: _strlen.LIBCMT ref: 0131964F
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: __EH_prolog3_GS.LIBCMT ref: 0134BA80
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetLocalTime.KERNEL32(?,00000550,013578BE,?), ref: 0134BA93
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: GetCurrentProcessId.KERNEL32 ref: 0134BAA1
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: _memset.LIBCMT ref: 0134BABF
                                                                                                                                                                                                                                  • Part of subcall function 0134BA76: swprintf.LIBCMT ref: 0134BB26
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,00000018,01320484,?), ref: 01340501
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentExceptionH_prolog3H_prolog3_LocalProcessRaiseTime_memset_strlenswprintf
                                                                                                                                                                                                                                • String ID: GetOfferUIControl()...
                                                                                                                                                                                                                                • API String ID: 2467488664-3969660796
                                                                                                                                                                                                                                • Opcode ID: 8f7619e569ddcdb36fd5a75ad604ce8555a6e87a726515162be4e5cca1f1722a
                                                                                                                                                                                                                                • Instruction ID: 4c9ae0ab2cd11aa62c2b743d6c6d4aa0d4ddd59dbcdfa01a5b7c204c128be54e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f7619e569ddcdb36fd5a75ad604ce8555a6e87a726515162be4e5cca1f1722a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A516A31A0020ACFDB59CF58C5C0AEEB7F5FB58308F5580A9EA05AB242DB30B9458F90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 01327116, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E01327116(signed int __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* __ebx;
				void* __edi;
				intOrPtr _t14;
				intOrPtr _t17;
				intOrPtr _t19;
				signed int _t20;
				intOrPtr _t23;
				intOrPtr _t33;
				void* _t35;

				_t32 = _a4;
				_t35 = __ecx;
				if(E01311813(__ecx, _a4) == 0) {
					_t4 = _t35 + 0x10; // 0x490050
					_t14 =  *_t4;
					_t23 = _a8;
					if((__ecx | 0xffffffff) - _t14 <= _t23) {
						_t14 = E013631D4("string too long");
					}
					if(_t23 != 0) {
						_t33 = _t14 + _t23;
						if(E013117AF(_t23, _t35, _t33, _t33, 0) != 0) {
							if( *((intOrPtr*)(_t35 + 0x14)) < 0x10) {
								_t17 = _t35;
							} else {
								_t17 =  *_t35;
							}
							_t8 = _t35 + 0x10; // 0x490050
							E013748D0( *_t8 + _t17, _a4, _t23);
							 *((intOrPtr*)(_t35 + 0x10)) = _t33;
							if( *((intOrPtr*)(_t35 + 0x14)) < 0x10) {
								_t19 = _t35;
							} else {
								_t19 =  *_t35;
							}
							 *((char*)(_t19 + _t33)) = 0;
						}
					}
					return _t35;
				}
				if( *((intOrPtr*)(__ecx + 0x14)) < 0x10) {
					_t20 = __ecx;
				} else {
					_t20 =  *__ecx;
				}
				return E013272E2(_t35, _t35, _t32 - _t20, _a8);
			}












                                                                                                                                                                                                                                0x0132711b
                                                                                                                                                                                                                                0x0132711f
                                                                                                                                                                                                                                0x01327128
                                                                                                                                                                                                                                0x01327146
                                                                                                                                                                                                                                0x01327146
                                                                                                                                                                                                                                0x0132714d
                                                                                                                                                                                                                                0x01327154
                                                                                                                                                                                                                                0x0132715b
                                                                                                                                                                                                                                0x0132715b
                                                                                                                                                                                                                                0x01327162
                                                                                                                                                                                                                                0x01327164
                                                                                                                                                                                                                                0x01327173
                                                                                                                                                                                                                                0x01327179
                                                                                                                                                                                                                                0x0132717f
                                                                                                                                                                                                                                0x0132717b
                                                                                                                                                                                                                                0x0132717b
                                                                                                                                                                                                                                0x0132717b
                                                                                                                                                                                                                                0x01327181
                                                                                                                                                                                                                                0x0132718b
                                                                                                                                                                                                                                0x01327197
                                                                                                                                                                                                                                0x0132719a
                                                                                                                                                                                                                                0x013271a0
                                                                                                                                                                                                                                0x0132719c
                                                                                                                                                                                                                                0x0132719c
                                                                                                                                                                                                                                0x0132719c
                                                                                                                                                                                                                                0x013271a2
                                                                                                                                                                                                                                0x013271a2
                                                                                                                                                                                                                                0x01327173
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x013271a8
                                                                                                                                                                                                                                0x0132712e
                                                                                                                                                                                                                                0x01327134
                                                                                                                                                                                                                                0x01327130
                                                                                                                                                                                                                                0x01327130
                                                                                                                                                                                                                                0x01327130
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Xinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                                                                • API String ID: 256744135-2556327735
                                                                                                                                                                                                                                • Opcode ID: 53e6b7d5404f931d9164e24d28f4ec5075898a748793656435729ca1e2924445
                                                                                                                                                                                                                                • Instruction ID: 890114e5e0b31f70de2c9626176b156ab918d89e9f74fded69342cf2ca121ad6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53e6b7d5404f931d9164e24d28f4ec5075898a748793656435729ca1e2924445
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E11C4313002249BEB34BE6D9C40D6ABBFAFF62618B24051DF9428B240CB71B804C795
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131A995, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E0131A995(intOrPtr* __ecx, intOrPtr* _a4, signed int _a8, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				signed int _t16;
				intOrPtr* _t19;
				intOrPtr* _t22;
				intOrPtr* _t25;
				void* _t26;
				intOrPtr* _t28;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t35;

				_t27 = __ecx;
				_t16 = _a8;
				_t25 = _a4;
				_t32 =  *((intOrPtr*)(_t25 + 0x10));
				_t35 = __ecx;
				if(_t32 < _t16) {
					_t16 = E01363221("invalid string position");
				}
				_t33 = _t32 - _t16;
				if(_a12 < _t33) {
					_t33 = _a12;
				}
				if(_t35 != _t25) {
					if(E0131B8E0(_t25, _t27, _t33, _t33, 0) != 0) {
						if( *((intOrPtr*)(_t25 + 0x14)) < 8) {
							_t19 = _t25;
						} else {
							_t19 =  *_t25;
						}
						if( *((intOrPtr*)(_t35 + 0x14)) < 8) {
							_t28 = _t35;
						} else {
							_t28 =  *_t35;
						}
						_t26 = _t33 + _t33;
						E013748D0(_t28, _t19 + _a8 * 2, _t26);
						 *((intOrPtr*)(_t35 + 0x10)) = _t33;
						if( *((intOrPtr*)(_t35 + 0x14)) < 8) {
							_t22 = _t35;
						} else {
							_t22 =  *_t35;
						}
						 *((short*)(_t26 + _t22)) = 0;
					}
				} else {
					E0131B861(_t27, _t33 + _t16, 0xffffffff);
					E0131B861(_t35, 0, _a8);
				}
				return _t35;
			}














                                                                                                                                                                                                                                0x0131a995
                                                                                                                                                                                                                                0x0131a998
                                                                                                                                                                                                                                0x0131a99c
                                                                                                                                                                                                                                0x0131a9a1
                                                                                                                                                                                                                                0x0131a9a4
                                                                                                                                                                                                                                0x0131a9a8
                                                                                                                                                                                                                                0x0131a9af
                                                                                                                                                                                                                                0x0131a9af
                                                                                                                                                                                                                                0x0131a9b4
                                                                                                                                                                                                                                0x0131a9b9
                                                                                                                                                                                                                                0x0131a9bb
                                                                                                                                                                                                                                0x0131a9bb
                                                                                                                                                                                                                                0x0131a9c0
                                                                                                                                                                                                                                0x0131a9e4
                                                                                                                                                                                                                                0x0131a9ea
                                                                                                                                                                                                                                0x0131a9f0
                                                                                                                                                                                                                                0x0131a9ec
                                                                                                                                                                                                                                0x0131a9ec
                                                                                                                                                                                                                                0x0131a9ec
                                                                                                                                                                                                                                0x0131a9f6
                                                                                                                                                                                                                                0x0131a9fc
                                                                                                                                                                                                                                0x0131a9f8
                                                                                                                                                                                                                                0x0131a9f8
                                                                                                                                                                                                                                0x0131a9f8
                                                                                                                                                                                                                                0x0131aa01
                                                                                                                                                                                                                                0x0131aa0a
                                                                                                                                                                                                                                0x0131aa16
                                                                                                                                                                                                                                0x0131aa19
                                                                                                                                                                                                                                0x0131aa1f
                                                                                                                                                                                                                                0x0131aa1b
                                                                                                                                                                                                                                0x0131aa1b
                                                                                                                                                                                                                                0x0131aa1b
                                                                                                                                                                                                                                0x0131aa23
                                                                                                                                                                                                                                0x0131aa23
                                                                                                                                                                                                                                0x0131a9c2
                                                                                                                                                                                                                                0x0131a9c7
                                                                                                                                                                                                                                0x0131a9d3
                                                                                                                                                                                                                                0x0131a9d3
                                                                                                                                                                                                                                0x0131aa2d

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0131A9AF
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 01363236
                                                                                                                                                                                                                                  • Part of subcall function 01363221: __CxxThrowException@8.LIBCMT ref: 0136324B
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 0136325C
                                                                                                                                                                                                                                  • Part of subcall function 0131B8E0: std::_Xinvalid_argument.LIBCPMT ref: 0131B8F4
                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0131AA0A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • invalid string position, xrefs: 0131A9AA
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                                                                                                                                                                                                                • String ID: invalid string position
                                                                                                                                                                                                                                • API String ID: 3404309857-1799206989
                                                                                                                                                                                                                                • Opcode ID: 64013f4cca3dc0ab6c122467768f69e261c956f20d48afa2faa5eb83c7f83bbf
                                                                                                                                                                                                                                • Instruction ID: a1d9753adf02c4aaab600fa358dd4f4619c9bcae5a26a3aaeb76d5d4ae404695
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64013f4cca3dc0ab6c122467768f69e261c956f20d48afa2faa5eb83c7f83bbf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0311083231529DDBCB289E5CCC8096ABBBAFB4472EB01051AE94147249E730E9A4C7A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131B861, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E0131B861(intOrPtr* __ecx, signed int _a4, intOrPtr _a8) {
				intOrPtr _t15;
				intOrPtr _t16;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t30;
				intOrPtr* _t31;
				intOrPtr _t32;
				intOrPtr* _t33;
				intOrPtr _t36;
				intOrPtr* _t38;

				_t38 = __ecx;
				_t15 =  *((intOrPtr*)(__ecx + 0x10));
				_t30 = _a4;
				if(_t15 < _t30) {
					_t15 = E01363221("invalid string position");
				}
				_t36 = _a8;
				_t16 = _t15 - _t30;
				if(_t16 < _t36) {
					_t36 = _t16;
				}
				if(_t36 != 0) {
					_t32 =  *((intOrPtr*)(_t38 + 0x14));
					if(_t32 < 8) {
						_t27 = _t38;
					} else {
						_t27 =  *_t38;
					}
					if(_t32 < 8) {
						_t33 = _t38;
					} else {
						_t33 =  *_t38;
					}
					E01374DB0(_t33 + _t30 * 2, _t27 + (_t30 + _t36) * 2, _t16 - _t36 + _t16 - _t36);
					_t25 =  *(_t38 + 0x10) - _t36;
					 *(_t38 + 0x10) = _t25;
					if( *((intOrPtr*)(_t38 + 0x14)) < 8) {
						_t31 = _t38;
					} else {
						_t31 =  *_t38;
					}
					 *((short*)(_t31 + _t25 * 2)) = 0;
				}
				return _t38;
			}













                                                                                                                                                                                                                                0x0131b865
                                                                                                                                                                                                                                0x0131b867
                                                                                                                                                                                                                                0x0131b86a
                                                                                                                                                                                                                                0x0131b870
                                                                                                                                                                                                                                0x0131b877
                                                                                                                                                                                                                                0x0131b877
                                                                                                                                                                                                                                0x0131b87c
                                                                                                                                                                                                                                0x0131b87f
                                                                                                                                                                                                                                0x0131b883
                                                                                                                                                                                                                                0x0131b885
                                                                                                                                                                                                                                0x0131b885
                                                                                                                                                                                                                                0x0131b889
                                                                                                                                                                                                                                0x0131b88b
                                                                                                                                                                                                                                0x0131b892
                                                                                                                                                                                                                                0x0131b898
                                                                                                                                                                                                                                0x0131b894
                                                                                                                                                                                                                                0x0131b894
                                                                                                                                                                                                                                0x0131b894
                                                                                                                                                                                                                                0x0131b89d
                                                                                                                                                                                                                                0x0131b8a3
                                                                                                                                                                                                                                0x0131b89f
                                                                                                                                                                                                                                0x0131b89f
                                                                                                                                                                                                                                0x0131b89f
                                                                                                                                                                                                                                0x0131b8b5
                                                                                                                                                                                                                                0x0131b8c0
                                                                                                                                                                                                                                0x0131b8c6
                                                                                                                                                                                                                                0x0131b8ca
                                                                                                                                                                                                                                0x0131b8d0
                                                                                                                                                                                                                                0x0131b8cc
                                                                                                                                                                                                                                0x0131b8cc
                                                                                                                                                                                                                                0x0131b8cc
                                                                                                                                                                                                                                0x0131b8d4
                                                                                                                                                                                                                                0x0131b8d4
                                                                                                                                                                                                                                0x0131b8dd

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0131B877
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 01363236
                                                                                                                                                                                                                                  • Part of subcall function 01363221: __CxxThrowException@8.LIBCMT ref: 0136324B
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 0136325C
                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0131B8B5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • invalid string position, xrefs: 0131B872
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                • String ID: invalid string position
                                                                                                                                                                                                                                • API String ID: 1785806476-1799206989
                                                                                                                                                                                                                                • Opcode ID: 6ebea19fe8d51032cb6abd82ea9a7aa24e56170b4428b5a1b7e216b791abef79
                                                                                                                                                                                                                                • Instruction ID: f981ba1ed840dbb608737f3fc57c5a50c0ad1dc0485264a9b6e109f556a67f1b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ebea19fe8d51032cb6abd82ea9a7aa24e56170b4428b5a1b7e216b791abef79
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D201A5327142599FC729CE6CDC8085AFBBAEBC4B583244929D941C760DDA70E8458794
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 0131184E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E0131184E(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr _t15;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr* _t19;
				intOrPtr _t20;
				intOrPtr* _t21;
				intOrPtr* _t24;
				intOrPtr* _t28;

				_t28 = __ecx;
				_t9 =  *((intOrPtr*)(__ecx + 0x10));
				_t18 = _a4;
				if(_t9 < _t18) {
					_t9 = E01363221("invalid string position");
				}
				_t16 = _a8;
				_t10 = _t9 - _t18;
				if(_t10 < _t16) {
					_t16 = _t10;
				}
				if(_t16 != 0) {
					_t20 =  *((intOrPtr*)(_t28 + 0x14));
					if(_t20 < 0x10) {
						_t24 = _t28;
					} else {
						_t24 =  *_t28;
					}
					if(_t20 < 0x10) {
						_t21 = _t28;
					} else {
						_t21 =  *_t28;
					}
					E01374DB0(_t21 + _t18, _t24 + _t18 + _t16, _t10 - _t16);
					_t15 =  *((intOrPtr*)(_t28 + 0x10)) - _t16;
					 *((intOrPtr*)(_t28 + 0x10)) = _t15;
					if( *((intOrPtr*)(_t28 + 0x14)) < 0x10) {
						_t19 = _t28;
					} else {
						_t19 =  *_t28;
					}
					 *((char*)(_t19 + _t15)) = 0;
				}
				return _t28;
			}













                                                                                                                                                                                                                                0x01311853
                                                                                                                                                                                                                                0x01311855
                                                                                                                                                                                                                                0x01311858
                                                                                                                                                                                                                                0x0131185d
                                                                                                                                                                                                                                0x01311864
                                                                                                                                                                                                                                0x01311864
                                                                                                                                                                                                                                0x01311869
                                                                                                                                                                                                                                0x0131186c
                                                                                                                                                                                                                                0x01311870
                                                                                                                                                                                                                                0x01311872
                                                                                                                                                                                                                                0x01311872
                                                                                                                                                                                                                                0x01311876
                                                                                                                                                                                                                                0x01311878
                                                                                                                                                                                                                                0x0131187f
                                                                                                                                                                                                                                0x01311885
                                                                                                                                                                                                                                0x01311881
                                                                                                                                                                                                                                0x01311881
                                                                                                                                                                                                                                0x01311881
                                                                                                                                                                                                                                0x0131188a
                                                                                                                                                                                                                                0x01311890
                                                                                                                                                                                                                                0x0131188c
                                                                                                                                                                                                                                0x0131188c
                                                                                                                                                                                                                                0x0131188c
                                                                                                                                                                                                                                0x0131189d
                                                                                                                                                                                                                                0x013118a8
                                                                                                                                                                                                                                0x013118ae
                                                                                                                                                                                                                                0x013118b2
                                                                                                                                                                                                                                0x013118b8
                                                                                                                                                                                                                                0x013118b4
                                                                                                                                                                                                                                0x013118b4
                                                                                                                                                                                                                                0x013118b4
                                                                                                                                                                                                                                0x013118ba
                                                                                                                                                                                                                                0x013118ba
                                                                                                                                                                                                                                0x013118c3

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 01311864
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 01363236
                                                                                                                                                                                                                                  • Part of subcall function 01363221: __CxxThrowException@8.LIBCMT ref: 0136324B
                                                                                                                                                                                                                                  • Part of subcall function 01363221: std::exception::exception.LIBCMT ref: 0136325C
                                                                                                                                                                                                                                • _memmove.LIBCMT ref: 0131189D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • invalid string position, xrefs: 0131185F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.268284352.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268280145.0000000001310000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268338451.000000000139C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268355691.00000000013BC000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.268362555.00000000013C5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_5_2_1310000_AskInstaller.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                • String ID: invalid string position
                                                                                                                                                                                                                                • API String ID: 1785806476-1799206989
                                                                                                                                                                                                                                • Opcode ID: 423c42d59d49e5459f1df0b6574dfb24635b53c2f73c815535ab712a1023d80a
                                                                                                                                                                                                                                • Instruction ID: 036de499cee9630fbd2cf989c6ec8338d8cadfa2db5fea83824613554421a8c9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 423c42d59d49e5459f1df0b6574dfb24635b53c2f73c815535ab712a1023d80a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1601B5317102158BD32C8D7CDC808ABBBAAEB81618724CA3CDA9187749DB70EC4587E4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%